New Techniques to Improve Network Security

With current technologies it is practically impossible to claim that a distributed application is safe from potential malicious attacks. Vulnerabilities may lay at several levels (criptographic weaknesses, protocol design flaws, coding bugs both in the application and in the host operating system itself, to name a few) and can be extremely hard to find. Moreover, sometimes an attacker does not even need to find a software vulnerability, as authentication credentials might simply “leak” ouside from the network for several reasons. Luckily, literature proposes several approaches that can contain these problems and enforce security, but the applicability of these techniques is often greatly limited due to the high level of expertise required, or simply because of the cost of the required specialized hardware. Aim of this thesis is to focus on two security enforcment techniques, namely formal methods and data analysis, and to present some improvements to the state of the art enabling to reduce both the required expertise and the necessity of specialized hardware

Efficient Multistriding of Large Non-deterministic Finite State Automata for Deep Packet Inspection

Multistride automata speed up input matching because each multistriding transformation halves the size of the input string, leading to a potential 2x speedup. However, up to now little effort has been spent in optimizing the building process of multistride automata, with the result that current algorithms cannot be applied to real-life, large automata such as the ones used in commercial IDSs, because the time and the memory space needed to create the new automaton quickly becomes unfeasible. In this paper, new algorithms for efficient building of multistride NFAs for packet inspection are presented, explaining how these new techniques can outperform the previous algorithms in terms of required time and memory usag

Scalable Algorithms for NFA Multi-Striding and NFA-Based Deep Packet Inspection on GPUs

Finite state automata (FSA) are used by many network processing applications to match complex sets of regular expressions in network packets. In order to make FSA-based matching possible even at the ever-increasing speed of modern networks, multi-striding has been introduced. This technique increases input parallelism by transforming the classical FSA that consumes input byte by byte into an equivalent one that consumes input in larger units. However, the algorithms used today for this transformation are so complex that they often result unfeasible for large and complex rule sets. This paper presents a set of new algorithms that extend the applicability of multi-striding to complex rule sets. These algorithms can transform non-deterministic finite automata (NFA) into their multi-stride form with reduced memory and time requirements. Moreover, they exploit the massive parallelism of graphical processing units for NFA-based matching. The final result is a boost of the overall processing speed on typical regex-based packet processing applications, with a speedup of almost one order of magnitude compared to the current state-of-the-art algorithms

Formally sound implementations of security protocols with JavaSPI

Designing and coding security protocols is an error prone task. Several flaws are found in protocol implementations and specifications every year. Formal methods can alleviate this problem by backing implementations with rigorous proofs about their behavior. However, formally-based development typically requires domain specific knowledge available only to few experts and the development of abstract formal models that are far from real implementations. This paper presents a Java-based protocol design and implementation framework, where the user can write a security protocol symbolic model in Java, using a well defined subset of the language that corresponds to applied π-calculus. This Java model can be symbolically executed in the Java debugger, formally verified with ProVerif, and further refined to an interoperable Java implementation of the protocol. Soundness theorems are provided to prove that, under some reasonable assumptions, a simulation relation relates the Java refined implementation to the symbolic model verified by ProVerif, so that, for the usual security properties, a property verified by ProVerif on the symbolic model is preserved in the Java refined implementation. The applicability of the framework is evaluated by developing an extensive case study on the popular SSL protocol

The use of low pressure plasma surface modification for bonded joints to assembly a robotic gripper designed to be additive manufactured

The paper explores how different surface preparations modify the mechanical performance of bonded joints on components made in acrylonitrile butadiene styrene (ABS) processed by fused filament fabrication (FFF) additive manufacturing. Two alternative treatments are considered: surface abrasion compliant to the standard ASTM D2093-03 (17) and using low pressure plasma, an innovative solution. The assessment is performed on standard lap shear test specimens and structural epoxy adhesive. The bonding layer with abraded surfaces shows adhesive failure while after the low-pressure plasma treatment shows adherends failure. As case of study the bonding solution to perform the assembly is considered a jaw finger of a robotic gripper for the picking of garments from a table. The redesign of the finger availing of the performance of bonding with the new plasma treatment is proposed and discussed. Experimental testing assessed the feasibility of this innovative technical solution

Characterizing Engagement Dynamics across Topics on Facebook

Social media platforms heavily changed how users consume and digest information and, thus, how the popularity of topics evolves. In this paper, we explore the interplay between the virality of controversial topics and how they may trigger heated discussions and eventually increase users' polarization. We perform a quantitative analysis on Facebook by collecting $\sim57M$ posts from $\sim2M$ pages and groups between 2018 and 2022, focusing on engaging topics involving scandals, tragedies, and social and political issues. Using logistic functions, we quantitatively assess the evolution of these topics finding similar patterns in their engagement dynamics. Finally, we show that initial burstiness may predict the rise of users' future adverse reactions regardless of the discussed topic

Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac

A Formal Library for Elliptic Curves in the Coq Proof Assistant

International audienceA preliminary step towards the verification of elliptic curve cryptographic algorithms is the development of formal libraries with the corresponding mathematical theory. In this paper we present a formaliza-tion of elliptic curves theory, in the SSReflect extension of the Coq proof assistant. Our central contribution is a library containing many of the objects and core properties related to elliptic curve theory. We demonstrate the applicability of our library by formally proving a non-trivial property of elliptic curves: the existence of an isomorphism between a curve and its Picard group of divisors

Development of a gripper for garment handling designed for additive manufacturing

The paper presents how a robotic gripper specific for grasping and handling of textiles and soft flexible layers can be miniaturized and improved by polymeric additive manufacturing-oriented re-design. Advantages of polymeric additive manufacturing are to allow a re-design of components with integrated functions, to be cost-effective equipment for small batches production and the availability of suitable materials for many applications. The drawback is that for design validation extended testing is still necessary because of lacks in standardization and that the mechanical properties are building parameters dependent. The outcomes are a lower complexity of the design overall and lower number of components. These are pursued taking advantage of the anisotropy of the additive manufacturing processed polymer and assigning appropriate shapes and linkages in the mechanisms. Set of common materials (polylactide, polyethylene terephthalate, acrylonitrile butadiene styrene) and technical (acrylonitrile styrene acrylate, polycarbonate/polybutylene terephthalate blend) are tested to obtain data for the modelling