About me! I was born in a small regional town in Sicily, Italy in 1992. At the University of Catania, I gained a Bachelor’s Degree and I completed my Master’s degree in Computer Engineering at Politecnico di Torino. In November 2016 I started a Ph.D. in Computer Science focused on programmable data planes and high-speed Network Function Virtualizations. In particular, I'm mostly working with XDP (eXpress Data Path) and eBPF (extended Berkley Packet Filter) as foundation technologies to build a new model of flexible and efficient VNFs and how to exploit them on new container-based cloud environments (e.g., k8s). Apart from my research interests, I love anything to do with technology, music (I love playing trumpet), as well as volleyball and football.
download cvSecuring Linux with a Faster and Scalable Iptables
Creating Complex Network Services with eBPF: Experience and Lessons Learned
Automatic decomposition of virtual network functions for next-generation high-speed networks
Thesis title: Optimized Traffic Control Using SDN in a Business LAN EnvironmentFinal degree mark: 110/110 cum laude - GPA: 4.0/4.0
Thesis title: Mobile Management System of Academic Report Cards: Mobile ApplicationFinal degree mark: 110/110 cum laude - GPA: 3.85/4.0
I am really interested in new technologies, such us eBPF and XDP, as enablers for next-generation high-speed networks.
Draft, 20 March 2019
In this paper, proposes a new architecture enhancing the mitigation capabilities of edge servers by transparently offloading a portion of DDoS mitigation rules in the SmartNIC, thus achieving a balanced combination of the XDP flexibility in operating traffic sampling and aggregation in the kernel with the performance of hardware-based filtering.
Draft, 1 March 2019
In this paper, we point out the main shortcomings of legacy security models when applied to VNF, and we advocate the transition to a new architectural pattern that decouples context management from the detection logic.
Draft, 1 December 2018
This paper presents an eBPF-based firewall, bpf-iptables, which emulates the iptables filtering semantic while guaranteeing higher throughput outperforming other Linux-based firewalls particularly when a high number of rules is involved.
ACM SIGCOMM 2018 Conference Posters and Demos, Budapest (H), 20-25 August 2018
This paper presents an eBPF-based prototype that emulates the iptables filtering semantic and exploits a more efficient matching algorithm, without requiring custom kernels or invasive software frameworks.
Netdev 0x12, The Technical Conference on Linux Networking, Montréal (Canada), 11-13 July 2018
This paper reports the first results of a project that aims at creating a eBPF-based (partial) clone of iptables. This project assumes unmodified Linux kernel and guarantees the full compatibility with current iptables.
IEEE International Conference on High Performance Switching and Routing, Bucharest (RO), 17-20 June 2018
In this paper we summarize the most important lessons learned while exploiting eBPF to create complex network functions, presenting the most promising characteristics of this technology and the main encountered limitations.
In: 3rd IEEE International Conference on Network Softwarization (NetSoft), Bologna (IT), 3-7 July 2017
This paper presents our findings about selectively offloading OpenFlow rules into a non-OpenFlow compatible hardware switch silicon, which enables existing (legacy) hardware ASICs to become compatible with the SDN paradigm.
In: 5th IEEE International Conference on Cloud Networking (CloudNet), Pisa (IT), 3-5 October 2016
In this paper we propose and validate an architecture that integrates native software components in a Network Function Virtualization (NFV) platform, making their use transparent from the user’s point of view.