The list of possible topics for the current academic year are the following:

#1. Security monitoring the CrownLabs service with eBPF (ASSIGNED)

The CrownLab service is currently running with a minimal security. This project aims at exploring the possibility to add an eBPF-based firewall to the current setup, which is in charge of enforcing some additional security policies set by the system administrator. Furthermore, a log of the user-level sessions (e.g., TCP session ID) should be kept in order to be able to retrieve the actual responsible in case of malicious actions. Finally, a minimal DDoS protection should be enforced in order to protect the service from the most known attacks (e.g., SYN flooding).

This project must take into account that the Kubernetes network provider may change over time (currently CrownLabs uses Calico, but this can be changed in the future) and that the distributed nature of Kubernetes prevents to assume that a service will stay on a given physical server.

Students: Lorenzo Mauriello 267062, Martina Varricchio 266564; tutors: Federico Parola, Marco Iorio.

#2. High speed packet processing in user-space (ASSIGNED)

Recently, new technologies such as AF_XDP has been proposed that allow to efficiently deliver network packets in user space, for custom processing. This facilitates the creation of efficient network applications without having to deal with the complexity of kernel development, as packets are zero-copied in user space with a minimal overhead. This project aims at exploring the above technologies, such as AF_PACKET and in particular AF_XDP, in terms of performance and features, with respect to some in-kernel alternatives such as eBPF (with XDP). As a proof-of-concept, this project will deliver a minimal processing software in user-space (or kernel, for what concerns eBPF) that must be able to act as "middlebox", hence sending the packet back to the network after having processed the packet.

Some pointers: slides1, slides2, Linux kernel, Packet man page.

Students: Giacomo Brusamolin 278929, Federico Cicchiello 278174; tutors: Federico Parola, Fulvio Risso

#3. Exploring Open Network Edge Services Software (OpenNESS)

OpenNESS ( is a recent initiative to facilitate the development of applications and network functions for the edge with cloud-like agility. From the project presentation, OpenNESS is a MEC software toolkit that enables highly optimized and performance edge platforms across a heterogeneous network. This project aims at exploring what is OpenNESS, what it does actually do, and hand-on examples of this software toolkit running in a real (lab) environment.

Students: XXX; tutor: Raffaele Trani, Fulvio Risso

#4. Fast service prototyping in Polycube

#5. Detecting TCP hijacking attacks with Polycube

Past projects (2019/2020)

  • Securing the Polycube network software framework with automatic code analysis (e.g., Coverity) (NOT ASSIGNED; Tutor: Fulvio Risso)

  • Integrating monitoring primitives in the Polycube network provider for Kubernetes (Student: Giuseppe Ognibene, s257957; Tutor: Alex Palesandro)

  • Benchmarking network plugins for Kubernetes under different topologies and network workloads (Stefano Galantino, s255314;Tutor: Alex Palesandro)

  • Configuration and initial setup of a white-label OpenFlow switch with the open-source operating system Microsoft SONiC (Simone Magnani, s265171; Tutors: Fulvio Risso, Marco Iorio)

  • Enhanced packet capture with eBPF: integrating the service chain capabilities of Polycube with the packet capture capabilities of tcpdump (Riccardo Rusca, s262737; Tutor: Fulvio Risso)

  • Automatic translation of P4 services for Polycube services (Riccardo Marchi, s265140; Tutor: Sebastiano Miano)

  • eBPF-based front-end load balancer for Kubernetes services (Hamza Rhaouati, s267610; Tutor: Fulvio Risso, Alex Palesandro)