Automated Discovery of CoAP-enabled IoT Devices and Security Solutions
Francesco Caturano, a first-year PhD student at ITEE, presents research on security solutions for innovation. His work involves automation of attack scenarios through virtualization techniques, web application testing, and modeling attackers' behavior in detecting vulnerabilities. He contributes to the development of a platform for managing virtualized network infrastructures for network security studies. The platform includes interactive laboratories used for educational and research purposes. Francesco's research also focuses on the role of microservices in security playgrounds, utilizing Docker containers for integration of virtualization techniques. Conclusions and upcoming publications highlight his work on CoAP-enabled IoT devices, microservices in security playgrounds, and reinforcement learning techniques for modeling XSS vulnerabilities in web applications.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Francesco Caturano Tutor: Simon Pietro Romano XXXIV Cycle - I year presentation SECSI: SECurity Solutions for Innovation
Background Computer Science Engineering degree in 2018 Automated discovery of CoAP-enabled IoT devices NomadicLab , Ericsson Finland First Year ITEE PhD student SECSI group (Simon Pietro Romano, Gaetano Perrone) Research fellow at GARR Docker Security Playground: a microservices based framework for the implementation of attack scenarios on virtualized network infrastructures Francesco Caturano 2
Context 1. Automation of attack scenarios through virtualization techniques Cyber-ranges vs. security playgrounds Security Automation & Virtualization 2. Web Application robustness testing from Dynamic Programming to Reinforcement Learning Artificial Intelligence for Security Testing Francesco Caturano 3
Contribution (1 of 2) A platform that allows for design and management of virtualized network infrastructures tailored to the study of Network Security Organized as a set of public interactive laboratories conceived as separate security learning assets Laboratories used for both educational and research purposes 1. Training material for students of the Network Security course 2. Distributed testbeds for experimentations Francesco Caturano 4
Laboratories: an example Francesco Caturano 5
Contribution (2 of 2) Modeling the attacker s behavior when detecting vulnerabilities Web Application security testing Trial&Error methodology well described by a Markov Decision Process Various Frameworks available to solve MDPs Dynamic Programming Reinforcement Learning Case of study Cross-Site Scripting SQL Injection Francesco Caturano 6
Conclusions & Publications Accepted Automated Discovery of CoAP-enabled IoT devices Presented at IEEE ICUFN 2019 Ready for submission The Role of microservices in security playgrounds Using docker containers to enable integration of different virtualization techniques In Preparation Modeling XSS vulnerabilities through Reinforcement Learning techniques Testing Web Applications for well-known security vulnerabilities Francesco Caturano 7
Thanks for the attention! Francesco Caturano 8
