{"_id":"o8Ssng4iywvrZoyLH","bibbaseid":"bringhenti-yusupov-zarca-valenza-sisto-bernabe-skarmeta-automaticverifiableandoptimizedpolicybasedsecurityenforcementforsdnawareiotnetworks-2022","author_short":["Bringhenti, D.","Yusupov, J.","Zarca, A. M.","Valenza, F.","Sisto, R.","Bernabe, J. B.","Skarmeta, A."],"bibdata":{"bibtype":"article","type":"article","author":[{"firstnames":["Daniele"],"propositions":[],"lastnames":["Bringhenti"],"suffixes":[]},{"firstnames":["Jalolliddin"],"propositions":[],"lastnames":["Yusupov"],"suffixes":[]},{"firstnames":["Alejandro","Molina"],"propositions":[],"lastnames":["Zarca"],"suffixes":[]},{"firstnames":["Fulvio"],"propositions":[],"lastnames":["Valenza"],"suffixes":[]},{"firstnames":["Riccardo"],"propositions":[],"lastnames":["Sisto"],"suffixes":[]},{"firstnames":["Jorge","Bernal"],"propositions":[],"lastnames":["Bernabe"],"suffixes":[]},{"firstnames":["Antonio"],"propositions":[],"lastnames":["Skarmeta"],"suffixes":[]}],"title":"Automatic, verifiable and optimized policy-based security enforcement for SDN-aware IoT networks","journal":"Elsevier Computer Networks","volume":"213","pages":"109–123","year":"2022","url":"https://iris.polito.it/retrieve/handle/11583/2968670/593984/AuthorManuscript.pdf","doi":"10.1016/j.comnet.2022.109123","abstract":"The pervasiveness of Internet of Things (IoT) has made the management of computer networks more troublesome. The softwarized control provided by Software-Defined Networking (SDN) is not sufficient to overcome the problems raising in this context. An increasing number of attacks can, in fact, occur in SDN-aware IoT networks if the security configuration enforced on the SDN switches is manually computed and not formally verified. To mitigate this problem, this paper proposes a novel methodology which leverages Maximum Satisfiability Modulo Theories (MaxSMT) to automatically compute a formally correct and optimized allocation scheme and configuration of SDN switches by refining security policies, user-defined or derived from detected attacks. This mechanism is compliant with the main characteristics of virtualized IoT-based networks, such as the simultaneous presence of numerous interconnected devices and strict latency requirements. The feasibility and the performance of the framework developed to implement this methodology have been validated in a realistic use case.","keywords":"Policy Refinement,Security Automation","bibtex":"@article{2022CN,\r\n author = {Daniele Bringhenti and Jalolliddin Yusupov and Alejandro Molina Zarca and Fulvio Valenza and Riccardo Sisto and Jorge Bernal Bernabe and Antonio Skarmeta},\r\n title = {Automatic, verifiable and optimized policy-based security enforcement for SDN-aware IoT networks},\r\n journal = {Elsevier Computer Networks},\r\n volume = {213},\r\n pages = {109--123},\r\n year = {2022},\r\n url = {https://iris.polito.it/retrieve/handle/11583/2968670/593984/AuthorManuscript.pdf},\r\n doi = {10.1016/j.comnet.2022.109123},\r\n abstract={The pervasiveness of Internet of Things (IoT) has made the management of computer networks more troublesome. The\r\nsoftwarized control provided by Software-Defined Networking (SDN) is not sufficient to overcome the problems raising in\r\nthis context. An increasing number of attacks can, in fact, occur in SDN-aware IoT networks if the security configuration\r\nenforced on the SDN switches is manually computed and not formally verified. To mitigate this problem, this paper\r\nproposes a novel methodology which leverages Maximum Satisfiability Modulo Theories (MaxSMT) to automatically\r\ncompute a formally correct and optimized allocation scheme and configuration of SDN switches by refining security\r\npolicies, user-defined or derived from detected attacks. This mechanism is compliant with the main characteristics of\r\nvirtualized IoT-based networks, such as the simultaneous presence of numerous interconnected devices and strict latency\r\nrequirements. The feasibility and the performance of the framework developed to implement this methodology have\r\nbeen validated in a realistic use case.},\r\n keywords={Policy Refinement,Security Automation}, \t\r\n}\r\n\r\n","author_short":["Bringhenti, D.","Yusupov, J.","Zarca, A. M.","Valenza, F.","Sisto, R.","Bernabe, J. B.","Skarmeta, A."],"key":"2022CN","id":"2022CN","bibbaseid":"bringhenti-yusupov-zarca-valenza-sisto-bernabe-skarmeta-automaticverifiableandoptimizedpolicybasedsecurityenforcementforsdnawareiotnetworks-2022","role":"author","urls":{"Paper":"https://iris.polito.it/retrieve/handle/11583/2968670/593984/AuthorManuscript.pdf"},"keyword":["Policy Refinement","Security Automation"],"metadata":{"authorlinks":{}},"downloads":5},"bibtype":"article","biburl":"https://raw.githubusercontent.com/FulvioValenza/bibliography/main/Valenza_bibliography.bib","dataSources":["oHcDH9GXBbkp4t9gm","JbiX35GNqPCF3nids","hZL94qE5m3pMWuJwA","8EGSmY4udryikjQyX","XZnEt8kdXurbtCWoc"],"keywords":["policy refinement","security automation"],"search_terms":["automatic","verifiable","optimized","policy","based","security","enforcement","sdn","aware","iot","networks","bringhenti","yusupov","zarca","valenza","sisto","bernabe","skarmeta"],"title":"Automatic, verifiable and optimized policy-based security enforcement for SDN-aware IoT networks","year":2022,"downloads":5}