Funded by the Italian Ministry for Education, University and Reaseach (MIUR) in the context of the Relevant National Interest Projects (PRIN) Programme.
IMPRESA aims at a new vision of network monitoring, by radically transforming traditional monolithic monitoring architectures into modular mechanisms, split into three main components. The core of the "front-end" revolves around the new concept of monitoring widgets, which are lightweight monitoring programs dynamically injected and ran directly where data is captured in real-time (a traffic probe) or stored offline (a trace repository). Each widget provides a controlled, minimized, and privacy-safe output specifically tailored to the needs of the "back-end" monitoring applications, which represent the second main component of the architecture. Finally, a new monitoring control interface will be designed, not only for managing the security aspects of each widget (e.g., by supporting widget code certification mechanisms), but also for enforcing a comprehensive authorization framework devised to control the widget's operation over the traffic data, to guarantee that the back-end monitoring application will receive only the absolutely necessary data, thus technically enforcing the proportionality principle behind privacy preservation.
BESOS: Bandwidth efficiency and Energy Saving by sub-lambda Optical Switching
Funded by the Italian Ministry for Education, University and Reaseach (MIUR) in the context of the Relevant National Interest Projects (PRIN) Programme up to 89 K€ of which 24 K€ assigned to Politecnico di Torino.
The BESOS project is aimed at studying and evaluating a novel switching technique for the future packet switching networks achieving high energy savings and high bandwidth efficiency. The proposal addresses the problem of how synchronous packet switching (SPS) can be exploited to support Internet traffic in a scalable and efficient manner, considering both network and switching-system related aspects, exploiting, in particular, all-optical solutions.
The contribution of the NetGroup focuses on the control plane for a pipeline forwarding network from two different points of view. On the one hand the NetGroup studies, defines, and assesses the features and mechanisms required by a pipeline forwarding control plane including mechanisms specifically designed to reduce power consumption. On the other hand the NetGroup participates into experiments on a wide area testbed that will be setup among the three partners.
High Speed Pattern Matching
Funded by Cisco Systems and nVidia Corporation.
Pattern matching is one of the key component in many networking applications (Intrusion Detection Systems, Firewalls, Spam Detection, etc.). Currently, several issues are present that force to trade off processing speed with scalability (particularly with respect to memory occupancy). This project aims at investigating those issues through multicore processors, which can guarantee high processing speed and lower the necessities in terms of memory occupation.
Flexible Network Monitoring at Multi-Gigabit Speed
Funded by Telecom Italia.
This project aims at developing a new set of tools, based on the NetPDL and NetVM technologies, for high-speed network monitoring, while maintaining the flexibility to setup custom network statistics in real-time, without having to modify the application source code.
Funded by Cisco Systems in the context of the Cisco Research Award Programme with a grant of 55 K$ to Politecnico di Torino and Tongji University, Shanghai (P.R. China).
The project focuses on the required architecture and protocols for routing traffic to and from the Internet through a Vehicular Ad-hoc NETwork (VANET). The proposed solution is tailored to a highway environment and possibly makes use of mobility prediction to support routing. The routing solution within the VANET will be general enough to be applied to access to any service made available by some of the vehicles or by devices statically positioned along the road, of which the gateway functionality is a significant example.
RE-TRUST: Remote EnTrusting by RUn-time Software auThentication
Funded by the European Commission as a STREP Project under IST (Information Society Technologies) Programme contract FP6-021168 up to 1.55 M€ of which 319 K€ assigned to Politecnico di Torino
Dynamic software authentication in real-time during execution is a known problem without a satisfactory solution. Specifically, how to ensure that a trusted code (i.e., the software as was specified and implemented) is running on an untrusted machine at all times and that the original code functionality has not been modified prior to or during run-time, is an open research challenge.
RE-TRUST investigated both novel SW-based and SW-based with hardware assistance, methodologies for solving the problem of dynamic software authentication in real-time by employing a trusted logic component on an untrusted machine that in turn authenticates its operation continuously during run-time. The method assures a remote entrusting component so that if the authentication is successful, then the original software functionality is then executed on the untrusted machine.
Funded by the Italian Ministry for Education, University and Reseach (MIUR) in the context of the Research Fostering Fund (FAR) Programme up to 2.41 M€ of which 117 K€ assigned to the NetGroup
The project aims at studying, developing and demontrating a fully self-organizing wireless home networking for the reliable, user-transparent and secure interconnection of digital devices for entertainment (TV set, STB, PC, MP3, PDA, camera, playstation …) and household control.The main contribution of the project will be the design and realization of a WLAN multimedia testbed for domestic use capable of providing differentiated services. The testbed will also feature wireless multi-hop forwarding capabilities, dynamic topology reconfiguration and real-time cross-layer optimization through the interaction of the radio, MAC, network and application layers. The NetGroup contribution to the project will focus on
- Quality of service provision in wireless multi-hop environments
- Reconfigurability and programmability of network devices.
QuaSAR: Quality and Controllability of Communication Services over Heterogeneous Networks
Funded by the Italian Ministry for Education, University and Reaseach (MIUR) in the context of the Relevant National Interest Projects (PRIN) Programme up to 144 K€ of which 28 K€ assigned to Politecnico di Torino.
The main focus of this project is the study and the development of technologies and methodologies for the provision of communication services with controllable quality in highly heterogeneous distributed systems, in terms of available networking infrastructures, user terminal characteristics and typology of services and applications. In particular, the project activity will aim at pursuing the following macro objectives:
- definition and evaluation of mechanisms and policies to support Quality of Service in heterogeneous networks, both wireline and wireless;
- integration of those mechanisms in a global architecture that provides advanced communication services to applications, and definition of network-application interactions for the actual provisioning of communication services defined by Service Level Agreements;
- definition and implementation of mechanisms for traffic monitoring, to be used for the validation and the enforcement of the negotiated policies;
- definition of advanced communication services with guaranteed and controllable quality that can be provided in heterogeneous networking scenarios to multimedia applications running on multi-homed terminals.
While devising proper solutions for the above objectives, particular attention will be devoted to the scalability of solutions and to manageability of infrastructures, in order to allow dynamic control capabilities in scenarios that are extremely dynamic, due to both users mobility and system status variations.
In the context of this project the Network Virtual Machine (NetVM) developed by the NetGroup is used for network traffic monitoring and measurement. In particular, our work concentrates on advanced monitoring and management functionalities required to support the quality of service techniques proposed and studied by the other partners.
OSATE: Optics in Switching Architectures: Theory and Experimentation
Funded by the Italian Ministry of Education, University and Research (MIUR) as part of the PRIN 2005 Funding Program.
The OSATE (Optics in Switching Architecture: Theory and Experimentation) project aims at studying and defining the role of optical technology in switching architectures. The design of these architectures for today's telecommunication networks needs to consider the limits imposed by electronic technology; in particular, it must take into account power consumption and its dissipation as well as power supply and footprint requirements. The OSATE project intends to identify a cost-effective tradeoff between optical and electronic technologies for the design of high-speed switches. Both experimental and theoretical activities are planned in the project.
In the context of this project the NetGroup will work on the realization of a testbed network deploying time-driven switching (TDS) and the comparison of switch architectures based on this technology with other switch architectures addressed in the project.
POSITIF: Policy-based Security Tools and Framework
POSITIF web site funded by the European Commission under contract IST-2002-002314
The main goal of the project is to offer automatic tools to support security managers in protecting networked infrastructures and applications. The ideas and solutions developed by POSITIF will then be available as open-source and commercial products.
POSITIF uses a formal approach to describe the system to be protected, the security policy to be enforced and the security capabilities available. A set of tools will then verify the policy's coherence, create the proper configuration of the security elements and apply it. You can read more about the motivation for using this approach.
In the context of this project the Network Virtual Machine (NetVM) developed by the NetGroup is used for the implementation of a probe for an intrusion detection system (IDS) integrated in the POSITIF framework.
E-NEXT: Network of Excellence in Emerging Networking Experiments and Technologies
E-NEXT @ Politecnico Funded by the European Union under the contract FP6-506869
The E-NEXT Network of Excellence targets a key area of Information Society Technologies, namely computer networking. Framework Programme 6 aims to develop the technological basis and the people-skills necessary to deliver the promise of the information revolution - new audio-visual services and products, electronic delivery of business, health, education, entertainment, government, science and so on - and this will fundamentally impact every aspect of life and work. The delivery of all of these e-endeavours depends entirely on computer networks.
E-NEXT aims to integrate a critical mass of expertise and to re-structure research practice such that Europe can take a lead in computer networking and act as a world force in this area. The main objectives of this NoE will be: the development of a virtual research centre to integrate the world-class research of the members and to stimulate the exchange of personnel, the education and training of personnel inside and outside the network, the dissemination of research results and in general the spreading of excellence, and the stimulation of innovation by appropriate technology transfer into existing and new companies, both large and small.
The NetGroup participated to various E-NEXT activities.
- The Network Virtual Machine (NetVM) and the experience maturated with its development are leveraged in activities on traffic monitoring, programmable network devices, network systems architecture.
- The principles studied and results obtained in research activities on pipeline forwarding of packets are applied in the work on quality of service support and scalability in network systems architectures;
- Research work on TrustedFlow for authentication of remote software execution is relevant to various E-NEXT activities and initiatives.
Experimentation of VoIP services in IPv6 networks
Funded by CSI-Piemonte
Real-Time Monitor for SQL client/server communications
Funded by Synomos, Inc.
Development and field testing of a tool for network sniffing and filtering of TCP traffic between SQL clients and servers.
NetPDL: Describing Protocol Headers with XML
Founded by Microsoft Research
Several applications need to understand know the format of network packets to for performing their job tasks. Right now, each application defines its own database of packet descriptions protocols. This project focuses on NetPDL, an XML-based language for packet header description. The idea behind NetPDL is to provide a tool enabling the realization of is language aims at creating a common, application independent database of protocol descriptions that can be shared by several applications. Once such database is in place, packet processing engines operating according to NetPDL descriptions can be made available for applications to embed them as libraries or use them as external servers. This will simplify and expedite the realization of network applications and tools.
The choice of XML as a basis for NetPDL plays a key role in promoting the new database because it is has been motivated, besides its flexibility and extensibility, by XML becoming the preferred way to exchange structured data between different organizations and applications, which resulted and in the availability of a large number ofseveral tools exist for managing manipulating these XML files.
Funded by Microsoft Research
Software, especially in the context of data networks, suffers from some inherent problems. These include modifications, either by a malicious or inadvertent attacker, malware distribution (e.g., viruses and Trojan horses), and the use of malicious software remotely for penetration, intrusion, denial-of-service (DoS), and distributed DoS (DDoS). For example, a rogue user may change parameters of a given protocol (such as TCP) by manipulating the code and gain an unfair advantage in using network bandwidth. Assuring that a software module execution is correct in the sense that the user faithfully executes a given code with defined parameters and constraints is an open problem, which is especially important in the context of computing over communications networks.
TrustedFlow™ is a software solution to the problem of remotely authenticating code of software procedures and protocols during execution, which aims at assuring that the software is not changed prior to and during execution. The solution is achieved by continuously emanating a flow of idiosyncratic signatures that authenticate the software, from which they have emanated. The idiosyncratic signatures are generated by a secret function that is hidden (e.g., obfuscated) in the software and whose execution is subordinated to the proper execution of the software being authenticated. The flow of signatures is validated at a remote component. This generation and validation method of idiosyncratic signature is called TrustedFlow™ protocol. The TrustedFlow™ protocol is a general add-on protection tool that complements other security tools such as trusted computing platforms, authentication and encryption protocols.
IRISI Inter Regional Information Society Initiative (1999-2001)
Project IRISI (Inter Regional Information Society Initiative) is carried out with the Directorate Industry of Region Piedmont and co-financed by the EU Structural Funds. IRISI PIEMONTE promotes the Information Society on the regional territory and supports public and private regional bodies in the adoption of ICT (Information and Communication Technologies). It creates a synergy among the several initiatives on the territory and nurtures crucial tendencies for the dissemination and the aware use of ICT.
ACTS AC003 VITAL Validation of Integrated Telecommunication Architectures for the Long term (1995-1998)
The VITAL (Validation of Integrated Telecommunication Architectures for the Long term) project aims at validating TINA (Telecommunication Information Network Architecture) by specifying, designing and implementing a prototype of the software architecture based on the object-oriented paradigm and object distribution principles. The prototype will represent a platform on which the project develops, integrates and experiments advanced telecommunication services, like video-conferencing and video on demand, still maintaining the compliance with traditional communication services.
ACTS 30055 SCARAB Smart Card and Agent enabled ReliABle access (1998-1999)
The SCARAB (Smart Card and Agent enabled ReliABle access) project aims at evaluating, positioning and demonstrating the use of smart cards as a universal token for seamless access to a multitude of (broadband) telecommunication services in an open service architecture. It will identify the implications of agent technology for supporting mobility, security and reliability in and across heterogeneous network environments.