A Structured Approach to Insider Threat Monitoring for Offensive Security Teams

In many countries, government agencies resort to third parties to acquire security services of many kinds, including Red Team operations to test the effectiveness of own defenses mechanisms. Absolute trust is a key requirement, lest a potentially devastating finding be exploited by a treacherous Red Team against the same entity which commissioned the operation, or sold to its adversaries. In our endeavour as a joint private-academic initiative to address this peculiar market, we observed that a structured approach to this issue is much less common than we would have expected. In this work, we outline the process we are devising to offer customers a verified environment, but integrating it with an evidence-based proof of their correct behavior during the operation, striving to solve the “Quis custodiet ipsos custodes” struggle in an offensive setting

P-SCOR: Integration of Constraint Programming Orchestration and Programmable Data Plane

In this manuscript we present an original implementation of network management functions in the context of Software Defined Networking. We demonstrate a full integration of an artificial intelligence driven management, an SDN control plane, and a programmable data plane. Constraint Programming is used to implement a management operating system that accepts high level specifications, via a northbound interface, in terms of operational objective and directives. These are translated in technology-specific constraints and directives for the SDN control plane, leveraging the programmable data plane, which is enriched with functionalities suited to feed data that enable the most effective operation of the “intelligent” control plane, by exploiting the language

Cybersecurity issues in software architectures for innovative services

The recent advances in data center development have been at the basis of the widespread success of the cloud computing paradigm, which is at the basis of models for software based applications and services, which is the "Everything as a Service" (XaaS) model. According to the XaaS model, service of any kind are deployed on demand as cloud based applications, with a great degree of flexibility and a limited need for investments in dedicated hardware and or software components. This approach opens up a lot of opportunities, for instance providing access to complex and widely distributed applications, whose cost and complexity represented in the past a significant entry barrier, also to small or emerging businesses. Unfortunately, networking is now embedded in every service and application, raising several cybersecurity issues related to corruption and leakage of data, unauthorized access, etc. However, new service-oriented architectures are emerging in this context, the so-called services enabler architecture. The aim of these architectures is not only to expose and give the resources to these types of services, but it is also to validate them. The validation includes numerous aspects, from the legal to the infrastructural ones e.g., but above all the cybersecurity threats. A solid threat analysis of the aforementioned architecture is therefore necessary, and this is the main goal of this thesis. This work investigate the security threats of the emerging service enabler architectures, providing proof of concepts for these issues and the solutions too, based on several use-cases implemented in real world scenarios

A Policy Checker Approach for Secure Industrial SDN

none6siIndustry 4.0 is a new strategic industrial development that is changing the way business develop communication and management protocols on their networks. Software-Defined Networking (SDN) can help this revolutionary process but to make the most of its potential, more abstract and customizable development paradigms are needed. In this work we present a toolkit whose scope is to allow a system network administrator to implement and verify in a formal way security policies, in the context of an industrial network. The prototype of our tool suite is based on four application plug-ins of the ONOS controller. Our SDN-based toolkit is able to detect compromised network boxes as a result of bogus injected flow-rules, inner loops and black-holes (notoriously difficult to detect via normal network scans), flow-rule replacements or removal and other SDN controller exploitations that may compromise the forwarding activities. We argue that our set of tools is already effective despite being at its development infancy, and its design easily extensible to other use cases.openMelis, Andrea; Berardi, Davide; Contoli, Chiara; Callegati, Franco; Esposito, Flavio; Prandini, MarcoMelis, Andrea; Berardi, Davide; Contoli, Chiara; Callegati, Franco; Esposito, Flavio; Prandini, Marc