StreaMon: a data-plane programming abstraction for Software-defined Stream Monitoring

The fast evolving nature of modern cyber threats and network monitoring needs calls for new, "software-defined", approaches to simplify and quicken programming and deployment of online (stream-based) traffic analysis functions. StreaMon is a carefully designed data-plane abstraction devised to scalably decouple the "programming logic" of a traffic analysis application (tracked states, features, anomaly conditions, etc.) from elementary primitives (counting and metering, matching, events generation, etc), efficiently pre-implemented in the probes, and used as common instruction set for supporting the desired logic. Multi-stage multi-step real-time tracking and detection algorithms are supported via the ability to deploy custom states, relevant state transitions, and associated monitoring actions and triggering conditions. Such a separation entails platform-independent, portable, online traffic analysis tasks written in a high level language, without requiring developers to access the monitoring device internals and program their custom monitoring logic via low level compiled languages (e.g., C, assembly, VHDL). We validate our design by developing a prototype and a set of simple (but functionally demanding) use-case applications and by testing them over real traffic traces

Supporting code mobility and dynamic reconfigurations over Wireless MAC Processor Prototype

Mobile networks for Internet Access are a fundamental segment of Internet access net- works, where resource optimization are really critical because of the limited bandwidth availability. While traditionally resource optimizations have been focused on high effi- cient modulation and coding schemes, to be dynamically tuned according to the wireless channel and interference conditions, it has also been shown how medium access schemes can have a significant impact on the network performance according to the application and networking scenarios. This thesis work proposes an architectural solution for supporting Medium Access Con- trol (MAC) reconfigurations in terms of dynamic programming and code mobility. Since the MAC protocol is usually implemented in firmware/hardware (being constrained to very strict reaction times and to the rules of a specific standard), our solution is based on a different wireless card architecture, called Wireless MAC Processor (WMP), where standard protocols are replaced by standard programming interfaces. The control architecture developed in this thesis exploits this novel behavioral model of wireless cards for extending the network intelligence and enabling each node to be remotely reprogrammed by means a so called “MAC Program”, i.e. a software element that defines the description of a MAC protocol. This programmable protocol can be remotely injected and executed on running network devices allowing on-the-fly MAC reconfigurations. This work aim to obtain a formal description of the a software defined wireless network requirements and define a mechanism for a reliable MAC program code mobility throw the network elements, transparently to the upper-level and supervised by a global con- trol logic that optimizes the radio resource usage; it extends a single protocol paradigm implementation to a programmable protocol abstraction and redefines the overall wire- less network view with support for cognitive adaptation mechanisms. The envisioned solutions have been supported by real experiments running on different WMP proto- types , showing the benefits given by a medium control infrastructure which is dynamic, message-oriented and reconfigurable.Mobile networks for Internet Access are a fundamental segment of Internet access net- works, where resource optimization are really critical because of the limited bandwidth availability. While traditionally resource optimizations have been focused on high effi- cient modulation and coding schemes, to be dynamically tuned according to the wireless channel and interference conditions, it has also been shown how medium access schemes can have a significant impact on the network performance according to the application and networking scenarios. This thesis work proposes an architectural solution for supporting Medium Access Con- trol (MAC) reconfigurations in terms of dynamic programming and code mobility. Since the MAC protocol is usually implemented in firmware/hardware (being constrained to very strict reaction times and to the rules of a specific standard), our solution is based on a different wireless card architecture, called Wireless MAC Processor (WMP), where standard protocols are replaced by standard programming interfaces. The control architecture developed in this thesis exploits this novel behavioral model of wireless cards for extending the network intelligence and enabling each node to be remotely reprogrammed by means a so called “MAC Program”, i.e. a software element that defines the description of a MAC protocol. This programmable protocol can be remotely injected and executed on running network devices allowing on-the-fly MAC reconfigurations. This work aim to obtain a formal description of the a software defined wireless network requirements and define a mechanism for a reliable MAC program code mobility throw the network elements, transparently to the upper-level and supervised by a global con- trol logic that optimizes the radio resource usage; it extends a single protocol paradigm implementation to a programmable protocol abstraction and redefines the overall wire- less network view with support for cognitive adaptation mechanisms. The envisioned solutions have been supported by real experiments running on different WMP proto- types , showing the benefits given by a medium control infrastructure which is dynamic, message-oriented and reconfigurable