Homogeneous control of stateless firewalls with OpenC2

Stefano Catenaro

Homogeneous control of stateless firewalls with OpenC2.

Rel. Daniele Bringhenti, Fulvio Valenza. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2025

Preview

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.
Download (2MB) | Preview

Abstract

The growing complexity of modern network infrastructures and the heterogeneity of firewall and security technologies have made standardization and automation essential for effective cyber defense management. The Open Command and Control (OpenC2) standard, developed by OASIS, defines a unified language for commanding and controlling security components, enabling interoperability between heterogeneous systems through well-defined producer-consumer interactions. The Stateful Packet Filtering (SLPF) profile specifies how OpenC2 commands can be applied to network filtering systems, defining standardized actions, targets, arguments and results for managing firewalls and similar packet filtering technologies. This thesis defines a complete implementation of the OpenC2 Stateful Packet Filtering (SLPF) profile across four representative platforms: iptables, OpenStack Security Groups, Kubernetes Network Policies and Microsoft Azure Network Security Groups.

Each actuator translates OpenC2 actions, such as query, allow, deny, delete and update, into the corresponding native operations, ensuring functional consistency while preserving the semantics defined by the SLPF specification

Relatori

Daniele Bringhenti, Fulvio Valenza

Anno Accademico

2025/26

Tipo di pubblicazione

Elettronica

Numero di pagine

Corso di laurea

Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)

Classe di laurea

Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA

URI

https://webthesis.biblio.polito.it/id/eprint/38598

Modifica (riservato agli operatori)