BUILDING A SECURE NETWORK TEST ENVIRONMENT USING VIRTUAL MACHINES

The objective of this project is to provide an overview of how to create a secure network test environment using virtual machines with Red Hat CentOS 7. Using virtual machines to create a secure network test environment simplify the workflow of testing several servers including network segmentation, network path redundancy, and traffic control using a firewall. This study suggests a set of guidelines for building a secure network test environment that includes a Domain Name Server (DNS), Web Server, File Transfer Protocol (FTP) Server, and a firewall. The documentation provided in this project is primarily useful for IT students looking to recreate a similar environment of their own and to practice special skills needed within their field of study

Infrastructure as a Service (IaaS): application case for TrustedX

Cada año el precio del hardware disminuye haciendo posible a las empresas comprar servidores cada vez más potentes. Sin embargo, los gastos operacionales como el mantenimiento de estos servidores crece cada año, por lo que se hace necesario administrar mejor nuestros recursos hardware o incluso se puede pensar en externalizar este servicio. Las redes de Infraestructura como un Servicio (IaaS) nos ofrecen la posibilidad de administrar de una manera más optima los recursos hardware. Gracias a la virtualización de los recursos hardware, estas redes ofrecen únicamente el hardware que el usuario necesita, creando y destruyendo máquinas virtuales en tiempo real para adaptarse a la potencia que el usuario necesita en cada momento. De esta forma, una red IaaS necesitará menos recursos hardware que una red de servidores convencionales para realizar la misma carga de trabajo. La reducción en el número de servidores aporta una reducción de costes para las empresas, tanto a nivel de adquisición de nuevos servidores, como el mantenimiento de los mismos al reducirse las tareas de administración. Además la reducción del número de servidores nos aporta una disminución del consumo eléctrico (tanto del consumo de los servidores como del consumo en refrigeración). Por tanto, las soluciones de IaaS ofrecen a las empresas la posibilidad de un crecimiento más sostenible, tanto económicamente como desde una vista medioambiental. En este proyecto se describirán las características de una red de IaaS y se ofrecerá un caso práctico de uso. En la solución que ofreceremos, usaremos Eucalyptus como software de IaaS y crearemos un portal web para administrar los recursos de la red. Los recursos software ofrecidos por nuestra red se basarán en servidores de TrustedX. TrustedX es una plataforma de servicios web que aporta mecanismos de seguridad y confianza en Arquitecturas Orientadas a Servicios (SOA). TrustedX ha sido desarrollado por Safelayer Secure Communications

Virtual Machine for SpartanGold

The field of blockchain and cryptocurrencies can be both difficult to grasp and improve upon, which makes aids that can assist in these tasks very useful. SpartanGold is a simplified blockchain-based cryptocurrency created at San Jose State University as a learning aid for blockchain and cryptocurrencies. In its current state, it closely resembles Bitcoin, and it is also easily expandable to implement other features. This project extends SpartanGold with a virtual machine resembling the Ethereum Virtual Machine. Implementing this feature results in SpartanGold having Ethereum- related features, which would allow the cryptocurrency to both be a helpful learning aid for Ethereum and be able to solve interesting blockchain problems associated with virtual machines and smart contracts. Using my virtual machine implementation, I was able to produce a simplified token that resembles Ethereum tokens and works with SpartanGold. This token demonstrates the SpartanGold Virtual Machine’s usefulness in simulating smart contracts of real world interest. Going forward, developers can experiment with the SpartanGold Virtual Machine to test out new ideas without dealing with the full complexity of the Ethereum Virtual Machine

Intrusion detection system in software-defined networks

Mestrado de dupla diplomação com a UTFPR - Universidade Tecnológica Federal do ParanáSoftware-Defined Networking technologies represent a recent cutting-edge paradigm in network management, offering unprecedented flexibility and scalability. As the adoption of SDN continues to grow, so does the urgency of studying methods to enhance its security. It is the critical importance of understanding and fortifying SDN security, given its pivotal role in the modern digital ecosystem. With the ever-evolving threat landscape, research into innovative security measures is essential to ensure the integrity, confidentiality, and availability of network resources in this dynamic and transformative technology, ultimately safeguarding the reliability and functionality of our interconnected world. This research presents a novel approach to enhancing security in Software-Defined Networking through the development of an initial Intrusion Detection System. The IDS offers a scalable solution, facilitating the transmission and storage of network traffic with robust support for failure recovery across multiple nodes. Additionally, an innovative analysis module incorporates artificial intelligence (AI) to predict the nature of network traffic, effectively distinguishing between malicious and benign data. The system integrates a diverse range of technologies and tools, enabling the processing and analysis of network traffic data from PCAP files, thus contributing to the reinforcement of SDN security.As tecnologias de Redes Definidas por Software representam um paradigma recente na gestão de redes, oferecendo flexibilidade e escalabilidade sem precedentes. À medida que a adoção de soluções SDN continuam a crescer, também aumenta a urgência de estudar métodos para melhorar a sua segurança. É de extrema importância compreender e fortalecer a segurança das SDN, dado o seu papel fundamental no ecossistema digital moderno. Com o cenário de ameaças em constante evolução, a investigação de medidas de segurança inovadoras é essencial para garantir a integridade, a confidencialidade e a disponibilidade dos recursos da rede nesta tecnologia dinâmica e transformadora. Esta investigação apresenta uma nova abordagem para melhorar a segurança nas redes definidas por software através do desenvolvimento de um sistema inicial de deteção de intrusões. O IDS oferece uma solução escalável, facilitando a transmissão e o armazenamento do tráfego de rede com suporte robusto para recuperação de falhas em vários nós. Além disso, um módulo de análise inovador incorpora inteligência artificial (IA) para prever a natureza do tráfego de rede, distinguindo efetivamente entre dados maliciosos e benignos. O sistema integra uma gama diversificada de tecnologias e ferramentas, permitindo o processamento e a análise de dados de tráfego de rede a partir de ficheiros PCAP, contribuindo assim para o reforço da segurança SDN

TrustShadow: Secure Execution of Unmodified Applications with ARM TrustZone

The rapid evolution of Internet-of-Things (IoT) technologies has led to an emerging need to make it smarter. A variety of applications now run simultaneously on an ARM-based processor. For example, devices on the edge of the Internet are provided with higher horsepower to be entrusted with storing, processing and analyzing data collected from IoT devices. This significantly improves efficiency and reduces the amount of data that needs to be transported to the cloud for data processing, analysis and storage. However, commodity OSes are prone to compromise. Once they are exploited, attackers can access the data on these devices. Since the data stored and processed on the devices can be sensitive, left untackled, this is particularly disconcerting. In this paper, we propose a new system, TrustShadow that shields legacy applications from untrusted OSes. TrustShadow takes advantage of ARM TrustZone technology and partitions resources into the secure and normal worlds. In the secure world, TrustShadow constructs a trusted execution environment for security-critical applications. This trusted environment is maintained by a lightweight runtime system that coordinates the communication between applications and the ordinary OS running in the normal world. The runtime system does not provide system services itself. Rather, it forwards requests for system services to the ordinary OS, and verifies the correctness of the responses. To demonstrate the efficiency of this design, we prototyped TrustShadow on a real chip board with ARM TrustZone support, and evaluated its performance using both microbenchmarks and real-world applications. We showed TrustShadow introduces only negligible overhead to real-world applications.Comment: MobiSys 201