Archivio Istituzionale della RicercaIn recent years, VPNs have become one of the most essential security mechanisms, allowing the users to safely communicate over untrusted networks. As research in security automation advances, the literature has introduced various approaches for automating the configuration of security functions and addressing the growing challenges faced by security administrators, though only a limited number specifically address VPNs. An effective constraint programming-based approach in this field is VEREFOO, which leverages formal methods to automatically and optimally configure VPNs while ensuring formal correctness by construction. However, VEREFOO was not designed to minimize memory consumption and performance overhead, despite their relevance in both enterprise and commercial modern virtual networks. In this paper, the optimization aspect of the VEREFOO approach is enhanced and expanded on both of these new fronts. Specifically, new optimization strategies are designed to provide minimization of the configured rules and maximization of constraints generation efficiency. This optimized approach has been implemented as a framework and validated on a realistic use case to assess optimization improvements across multiple aspects.
Toward the Optimization of Automated VPN Configuration / Bachiorrini, Gianmarco; Bringhenti, Daniele; Valenza, Fulvio. - ELETTRONICO. - (2025), pp. 561-566. (Intervento presentato al convegno 2025 IEEE 11th International Conference on Network Softwarization (NetSoft) tenutosi a Budapest (HU) nel 23-27 June 2025) [10.1109/NetSoft64993.2025.11080541].
Toward the Optimization of Automated VPN Configuration
Gianmarco Bachiorrini;Daniele Bringhenti;Fulvio Valenza
2025
Abstract
In recent years, VPNs have become one of the most essential security mechanisms, allowing the users to safely communicate over untrusted networks. As research in security automation advances, the literature has introduced various approaches for automating the configuration of security functions and addressing the growing challenges faced by security administrators, though only a limited number specifically address VPNs. An effective constraint programming-based approach in this field is VEREFOO, which leverages formal methods to automatically and optimally configure VPNs while ensuring formal correctness by construction. However, VEREFOO was not designed to minimize memory consumption and performance overhead, despite their relevance in both enterprise and commercial modern virtual networks. In this paper, the optimization aspect of the VEREFOO approach is enhanced and expanded on both of these new fronts. Specifically, new optimization strategies are designed to provide minimization of the configured rules and maximization of constraints generation efficiency. This optimized approach has been implemented as a framework and validated on a realistic use case to assess optimization improvements across multiple aspects.
| File | Dimensione | Formato | |
|---|---|---|---|
|
main.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
1.97 MB
Formato
Adobe PDF
|
1.97 MB | Adobe PDF | Visualizza/Apri |
|
secsoft_2025_vor.pdf
accesso riservato
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
2.06 MB
Formato
Adobe PDF
|
2.06 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/3001375