IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT

With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IOT SENTINEL is effective in identifying device types and has minimal performance overhead

Rethinking Software Network Data Planes in the Era of Microservices

L'abstract è presente nell'allegato / the abstract is in the attachmen

Arm Mbed – AWS IoT System Integration [Open access]

This project explores the different Internet of Things (IoT) architectures and the available platforms to define a general IoT Architecture to connect Arm microcontrollers to Amazon Web Services. In order to accommodate the wide range of IoT applications, the architecture was defined with different routes that an Arm microcontroller can take to reach AWS. Once this Architecture was defined, a performance analysis on the different routes was performed in terms of communication speed and bandwidth. Finally, a Smart Home use case scenario is implemented to show the basic functionalities of an IoT system such as sending data to the device and data storage in the Cloud. Furthermore, a Cloud ML algorithm is triggered in real time by the Smart Home to receive a prediction of the current Comfort Level in the room

A Framework for eBPF-Based Network Functions in an Era of Microservices

By moving network functionality from dedicated hardware to software running on end-hosts, Network Functions Virtualization (NFV) pledges the benefits of cloud computing to packet processing. While most of the NFV frameworks today rely on kernel-bypass approaches, no attention has been given to kernel packet processing, which has always proved hard to evolve and to program. In this article, we present Polycube, a software framework whose main goal is to bring the power of NFV to in-kernel packet processing applications, enabling a level of flexibility and customization that was unthinkable before. Polycube enables the creation of arbitrary and complex network function chains, where each function can include an efficient in-kernel data plane and a flexible user-space control plane with strong characteristics of isolation, persistence, and composability. Polycube network functions, called Cubes, can be dynamically generated and injected into the kernel networking stack, without requiring custom kernels or specific kernel modules, simplifying the debugging and introspection, which are two fundamental properties in recent cloud environments. We validate the framework by showing significant improvements over existing applications, and we prove the generality of the Polycube programming model through the implementation of complex use cases such as a network provider for Kubernetes

Spacelab system analysis: A study of the Marshall Avionics System Testbed (MAST)

An analysis of the Marshall Avionics Systems Testbed (MAST) communications requirements is presented. The average offered load for typical nodes is estimated. Suitable local area networks are determined