Letterio Galletta scite author profile

Ferrari

et al. 2016

The Internet of Things (IoT) is here: smart objects are\ud pervading our everyday life. Smart devices automatically collect and\ud exchange data of various kinds, directly gathered from sensors or generated\ud by aggregations. Suitable coordination primitives and analysis\ud mechanisms are in order to design and reason about IoT systems, and\ud to intercept the implied technology shifts. We address these issues by\ud defining IoT-LySa, a process calculus endowed with a static analysis\ud that tracks the provenance and the route of IoT data, and detects how\ud they affect the behaviour of smart objects

show abstract

Language-Independent Synthesis of Firewall Policies

Bodei

et al. 2018

Configuring and maintaining a firewall configuration is notoriously hard. Policies are written in low-level, platform-specific languages where firewall rules are inspected and enforced along non trivial control flow paths. Further difficulties arise from Network Address Translation (NAT), since filters must be implemented with addresses translations in mind. In this work, we study the problem of decompiling a real firewall configuration into an abstract specification. This abstract version throws the low-level details away by exposing the meaning of the configuration, i.e., the allowed connections with possible address translations. The generated specification makes it easier for system administrators to check if: (i) the intended security policy is actually implemented;(ii) two configurations are equivalent; (iii) updates have the desired effect on the firewall behavior. The peculiarity of our approach is that is independent of the specific target firewall system and language. This independence is obtained through a generic intermediate language that provides the typical features of real configuration languages and that separates the specification of the rulesets, determining the destiny of packets, from the specification of the platform-dependent steps needed to elaborate packets. We present a tool that decompiles real firewall configurations from different systems into this intermediate language and uses the Z3 solver to synthesize the abstract specification that succinctly represents the firewall behavior and the NAT. Tests on real configurations show that the tool is effective: it synthesizes complex policies in a matter of minutes and, and it answers to specific queries in just a few seconds. The tool can also point out policy differences before and after configuration updates in a simple, tabular form.

show abstract

A Two-Component Language for Adaptation: Design, Semantics and Program Analysis

Ferrari

IIEEE Trans. Software Eng.

2016

A Two-Phase Static Analysis for Reliable Adaptation

Ferrari

2014

Measuring security in IoT communications

Bodei

Chessa

Theoretical Computer Science

2019