Archivio Istituzionale della RicercaThe rapid expansion of the Internet of Things (IoT) ecosystems introduces significant security challenges due to the device heterogeneity, resource constraints, and dynamic network topologies. Traditional host-based protections are often insufficient, necessitating network-level enforcement mechanisms such as firewalls. However, managing multiple, heterogeneous firewalls across distributed environments can be complex and fragmented. This paper presents an approach based on the Open Command and Control (OpenC2) standard for the unified orchestration of StateLess Packet Filtering (SLPF) systems in heterogeneous IoT infrastructures. The proposed solution centers on an OpenC2-compliant Actuator Manager that coordinates specialized components able to translate platform-independent OpenC2 commands into native firewall configurations. Our implementation supports Linux iptables, OpenStack Security Groups, Kubernetes Network Policies, and Microsoft Azure Network Security Groups, and provides rule persistence, scheduled execution, and centralized command management through a single unified control interface. We validated our solution through syntax and semantic checks, functional tests, and performance evaluations across diverse networks, demonstrating its effectiveness and efficiency in cross-platform enforcement.
Cross-Platform Firewall Orchestration for IoT Networks via OpenC2 / Catenaro, Stefano; Canavese, Daniele; Bringhenti, Daniele; Bachiorrini, Gianmarco; Repetto, Matteo. - ELETTRONICO. - (In corso di stampa). ( 2026 11th International Conference on Smart and Sustainable Technologies (SpliTech) Split - Bol (HR) June 23-26, 2026).
Cross-Platform Firewall Orchestration for IoT Networks via OpenC2
Daniele Bringhenti;Gianmarco Bachiorrini;
In corso di stampa
Abstract
The rapid expansion of the Internet of Things (IoT) ecosystems introduces significant security challenges due to the device heterogeneity, resource constraints, and dynamic network topologies. Traditional host-based protections are often insufficient, necessitating network-level enforcement mechanisms such as firewalls. However, managing multiple, heterogeneous firewalls across distributed environments can be complex and fragmented. This paper presents an approach based on the Open Command and Control (OpenC2) standard for the unified orchestration of StateLess Packet Filtering (SLPF) systems in heterogeneous IoT infrastructures. The proposed solution centers on an OpenC2-compliant Actuator Manager that coordinates specialized components able to translate platform-independent OpenC2 commands into native firewall configurations. Our implementation supports Linux iptables, OpenStack Security Groups, Kubernetes Network Policies, and Microsoft Azure Network Security Groups, and provides rule persistence, scheduled execution, and centralized command management through a single unified control interface. We validated our solution through syntax and semantic checks, functional tests, and performance evaluations across diverse networks, demonstrating its effectiveness and efficiency in cross-platform enforcement.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Splitech2026_AcceptedManuscript.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
278.43 kB
Formato
Adobe PDF
|
278.43 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/3010478