2016-2017
Available Thesis
SECURE MANAGEMENT OF NETWORK TOPOLOGY
-
This thesis is focused on the development of a tool that, starting from route tables, physical topology, and filtering rules, automatically discovers and describes the logical interconnection topology of an ICT infrastructure.
The definition and the implementation of this tool requires a deep knowledge of routing protocols and on message filtering.
The description returned by the tool is the first step to define and deploy dynamic countermeasures to isolate from the network a node that has been successfully attacked.
OPTIMIZE PATCHING OF DISTRIBUTED AND PARALLEL SYSTEM
-
This thesis is focused on the design and the implementation of a tool that receives a set of patches and a list of vulnerabilities to be patched on the various nodes of an ICT system. Starting from this information, the tool discovers the optimal ordering to apply these patches. The tool, by interacting with proper agents on the various nodes, applies the patch.
The development of this tools poses several interasting challenges to evaluate alternative strategies to apply the patches. Also the development of the agents running on each node poses interesting security issues.
PASSIVE ANALYSES OF NETWORK PROPERTIES
-
This thesis is similar to the one that discovers the topology of an interconnection network but here each interaction with the system to be analyzed is forbidden. Hence, the tool has to apply an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the services behind any TCP/IP communications. The same stealth approach is adopted to measure the system uptime and the network connections, the distance, the topology behind NAT or packet filters, and so on.
As a counterpart of the largest complexity, a deep knowledge of procotols and networks will be acquired at the end of the work.
DISCOVERING THE OPTIMAL ATTACK STRATEGY TO ATTACK A SYSTEM
-
This thesis should define an optimal strategy to discover information to attack a system and how to use it to minimize the amount of work of the attacker.
It integrates secuirty technology with AI methodologies related to planning.
COMPUTING A COST-EFFECTIVE SET OF COUNTERMEASURES
-
This thesis applies strategies and solution from genetic algorithms to compute a cost-effective set of countermeasures to be deployed in a system.
f.baiardi@unipi.it