IRIS Pol. TorinoIl sistema di repository digitale IRIS acquisisce, archivia, indicizza, conserva e rende accessibili prodotti digitali della ricerca.https://iris.polito.it2019-05-26T23:17:28Z2019-05-26T23:17:28Z1071The JavaSPI Framework for Security Protocol Implementationhttp://hdl.handle.net/11583/24604192018-09-03T08:54:20Z2011-01-01T00:00:00ZTitolo: The JavaSPI Framework for Security Protocol Implementation
2011-01-01T00:00:00ZJavaSPI: A Framework for Security Protocol Implementationhttp://hdl.handle.net/11583/24606112018-09-03T08:19:54Z2011-01-01T00:00:00ZTitolo: JavaSPI: A Framework for Security Protocol Implementation
2011-01-01T00:00:00ZEfficient Multistriding of Large Non-deterministic Finite State Automata for Deep Packet Inspectionhttp://hdl.handle.net/11583/25033682018-09-03T08:25:27Z2012-01-01T00:00:00ZTitolo: Efficient Multistriding of Large Non-deterministic Finite State Automata for Deep Packet Inspection
Abstract: Multistride automata speed up input matching because each multistriding transformation halves the size of the input string, leading to a potential 2x speedup. However, up to now little effort has been spent in optimizing the building process of multistride automata, with the result that current algorithms cannot be applied to real-life, large automata such as the ones used in commercial IDSs, because the time and the memory space needed to create the new automaton quickly becomes unfeasible.
In this paper, new algorithms for efficient building of multistride NFAs for packet inspection are presented, explaining how these new techniques can outperform the previous algorithms in terms of required time and memory usage.
2012-01-01T00:00:00ZNew Techniques to Improve Network Securityhttp://hdl.handle.net/11583/25741402018-09-03T08:35:20Z2014-01-01T00:00:00ZTitolo: New Techniques to Improve Network Security
Abstract: With current technologies it is practically impossible to claim that a distributed application is safe
from potential malicious attacks. Vulnerabilities may lay at several levels (criptographic weaknesses,
protocol design flaws, coding bugs both in the application and in the host operating system itself,
to name a few) and can be extremely hard to find. Moreover, sometimes an attacker does not even
need to find a software vulnerability, as authentication credentials might simply “leak” ouside from
the network for several reasons. Luckily, literature proposes several approaches that can contain
these problems and enforce security, but the applicability of these techniques is often greatly limited
due to the high level of expertise required, or simply because of the cost of the required specialized
hardware.
Aim of this thesis is to focus on two security enforcment techniques, namely formal methods and
data analysis, and to present some improvements to the state of the art enabling to reduce both the
required expertise and the necessity of specialized hardware.
2014-01-01T00:00:00ZFormally sound implementations of security protocols with JavaSPIhttp://hdl.handle.net/11583/26959752018-08-31T09:19:26Z2018-01-01T00:00:00ZTitolo: Formally sound implementations of security protocols with JavaSPI
Abstract: Designing and coding security protocols is an error prone task. Several flaws are found in protocol implementations and specifications every year. Formal methods can alleviate this problem by backing implementations with rigorous proofs about their behavior. However, formally-based development typically requires domain specific knowledge available only to few experts and the development of abstract formal models that are far from real implementations. This paper presents a Java-based protocol design and implementation framework, where the user can write a security protocol symbolic model in Java, using a well defined subset of the language that corresponds to applied π-calculus. This Java model can be symbolically executed in the Java debugger, formally verified with ProVerif, and further refined to an interoperable Java implementation of the protocol. Soundness theorems are provided to prove that, under some reasonable assumptions, a simulation relation relates the Java refined implementation to the symbolic model verified by ProVerif, so that, for the usual security properties, a property verified by ProVerif on the symbolic model is preserved in the Java refined implementation. The applicability of the framework is evaluated by developing an extensive case study on the popular SSL protocol.
2018-01-01T00:00:00ZFormal Verification of Security Protocol Implementations: A Surveyhttp://hdl.handle.net/11583/25050292018-09-03T08:27:43Z2014-01-01T00:00:00ZTitolo: Formal Verification of Security Protocol Implementations: A Survey
Abstract: Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages.
Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations.
This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography.
According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic.
The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approach.
2014-01-01T00:00:00ZScalable Algorithms for NFA Multi-Striding and NFA-Based Deep Packet Inspection on GPUshttp://hdl.handle.net/11583/26125602018-09-03T08:33:11Z2016-01-01T00:00:00ZTitolo: Scalable Algorithms for NFA Multi-Striding and NFA-Based Deep Packet Inspection on GPUs
Abstract: Finite state automata (FSA) are used by many network processing applications to match complex sets of regular expressions in network packets. In order to make FSA-based matching possible even at the ever-increasing speed of modern networks, multi-striding has been introduced. This technique increases input parallelism by transforming the classical FSA that consumes input byte by byte into an equivalent one that consumes input in larger units. However, the algorithms used today for this transformation are so complex that they often result unfeasible for large and complex rule sets. This paper presents a set of new algorithms that extend the applicability of multi-striding to complex rule sets. These algorithms can transform non-deterministic finite automata (NFA) into their multi-stride form with reduced memory and time requirements. Moreover, they exploit the massive parallelism of graphical processing units for NFA-based matching. The final result is a boost of the overall processing speed on typical regex-based packet processing applications, with a speedup of almost one order of magnitude compared to the current state-of-the-art algorithms.
2016-01-01T00:00:00Z