Publications

Here a list of our latest publications. For a full list please check Google Scholar

Highlights

TechNETium: Atomic Predicates and Model Driven Development to Verify Security Network Policies

Fifth-generation (5G) networks will deliver unprecedented levels of quality of service for online gaming and multimedia-rich social interaction, providing virtual environments optimized for vertical applications by means of innovative approaches to physical resource management. These techniques must consider security aspects in all phases and at every layer. Trusted communications between individuals and reliable platforms running services for social good depend on the resiliency to network-level attacks such as hijacking and denial-of-service. The verification of topological properties represents a well-suited approach to address these issues in a 5G environment. This paper illustrates moves from formal methods existing in literature, namely atomic predicates (AP) and header space analysis (HSA). It describes a method of integrating AP in Software Defined Network architectures, achieving the same expressive power as HSA without its performance hit, to make topology verification viable for real-time security applications.

Davide Berardi, Franco Callegati, Andrea Melis, Marco Prandini

2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC)

Federated Platooning: Insider Threats and Mitigations

Platoon formation is a freight organization system where a group of vehicles follows a predefined trajectory maintaining a desired spatial pattern. Benefits of platooning include fuel savings, reduction of carbon dioxide emissions, and efficient allocation of road capacity. While traditionally platooning has been an exclusive option limited to specific geographical areas managed by a single operator, recent technological developments and EU initiatives are directed at the creation of an international, federated market for platooning, ie, a consortium of platoon operators that collaborate and coordinate their users to constitute freights covering international routes. In this paper, we look at federated platooning from an insiders’ perspective. In our development, first we outline the basic elements of platooning and federation of platooning operators. Then, we provide a comprehensive analysis to identify the possible insiders (employees, users, operators, and federated members) and the threats they pose. Finally, we propose two layered, composable technical solutions to mitigate those threats; a) a decentralized overlay network that regulates the interactions among the stakeholders, useful to mitigate issues linked to data safety and trustworthiness and b) a dynamic federation platform, needed to monitor and interrupt deviant behaviors of federated members.

Franco Callegati, Saverio Giallorenzo, Maurizio Gabbrielli, Andrea Melis, Marco Prandini

Proceedings of the 52nd Hawaii International Conference on System Sciences

Security network policy enforcement through a SDN framework

In this work we present an exploitation of the Software Defined Networking paradigm to implement an architecture allowing a system network administrator to implement and verify in a formal way security policies. The main result is a framework that support the network administrator in the security management process providing services during all this phase, from automated traffic analysis during the prevention phase to tools for the exclusion of malicious traffic from the main flow in the reaction phase. In order to validate the proposed architecture we will showcase an industrial network applied scenario, simulating attacks and countermeasures techniques.

Davide Berardi, Franco Callegati, Andrea Melis, Marco Prandini

2018 28th International Telecommunication Networks and Applications Conference (ITNAC)

A Policy Checker Approach for Secure Industrial SDN

Industry 4.0 is a new strategic industrial development that is changing the way business develop communication and management protocols on their networks. Software-Defined Networking (SDN) can help this revolutionary process but to make the most of its potential, more abstract and customizable development paradigms are needed. In this work we present a toolkit whose scope is to allow a system network administrator to implement and verify in a formal way security policies, in the context of an industrial network. The prototype of our tool suite is based on four application plug-ins of the ONOS controller. Our SDN-based toolkit is able to detect compromised network boxes as a result of bogus injected flow-rules, inner loops and black-holes (notoriously difficult to detect via normal network scans), flow-rule replacements or removal and other SDN controller exploitations that may compromise the forwarding activities. We argue that our set of tools is already effective despite being at its development infancy, and its design easily extensible to other use cases.

Andrea Melis, Davide Berardi, Chiara Contoli, Franco Callegati, Flavio Esposito, Marco Prandini

2018 2nd Cyber Security in Networking Conference (CSNet)

 

Full List

TechNETium: Atomic Predicates and Model Driven Development to Verify Security Network Policies
Davide Berardi, Franco Callegati, Andrea Melis, Marco Prandini

Federated Platooning: Insider Threats and Mitigations
Franco Callegati, Saverio Giallorenzo, Maurizio Gabbrielli, Andrea Melis, Marco Prandini

Security network policy enforcement through a SDN framework
Davide Berardi, Franco Callegati, Andrea Melis, Marco Prandini

A Policy Checker Approach for Secure Industrial SDN
Andrea Melis, Davide Berardi, Chiara Contoli, Franco Callegati, Flavio Esposito, Marco Prandini