Sebastiano Miano

PhD Student, Politecnico di Torino, Italy

About me! I was born in a small regional town in Sicily, Italy in 1992. At the University of Catania, I gained a Bachelor’s Degree and I completed my Master’s degree in Computer Engineering at Politecnico di Torino. In November 2016 I started a Ph.D. in Computer Science focused on programmable data planes and high-speed Network Function Virtualizations. In particular, I'm mostly working with XDP (eXpress Data Path) and eBPF (extended Berkley Packet Filter) as foundation technologies to build a new model of flexible and efficient VNFs and how to exploit them on new container-based cloud environments (e.g., k8s). Apart from my research interests, I love anything to do with technology, music (I love playing trumpet), as well as volleyball and football.

download cv

Latest publications:

Securing Linux with a Faster and Scalable Iptables

Creating Complex Network Services with eBPF: Experience and Lessons Learned


  • 2016-Present

    Ph.D. Student, Politecnico di Torion, Italy

    Automatic decomposition of virtual network functions for next-generation high-speed networks

  • 2013-2015

    Master Degree in Computer Engineering, Politecnico di Torino, Italy

    Thesis title: Optimized Traffic Control Using SDN in a Business LAN Environment
    Final degree mark: 110/110 cum laude - GPA: 4.0/4.0

  • 2010-2013

    Bachelor degree in Computer Engineering, Università degli studi di Catania, Italy

    Thesis title: Mobile Management System of Academic Report Cards: Mobile Application
    Final degree mark: 110/110 cum laude - GPA: 3.85/4.0

  • 2003-2010

    Conservatory Graduate in Trumpet Performance, Reggio Calabria, Italy



Network Function Virtualization (NFV)

Software Defined Networks (SDN)

Data Plane Design

I am really interested in new technologies, such us eBPF and XDP, as enablers for next-generation high-speed networks.

Linux Kernel Networking


High-Performance Server-based DDoS Mitigation through Programmable Data Planes

Draft, 20 March 2019

In this paper, proposes a new architecture enhancing the mitigation capabilities of edge servers by transparently offloading a portion of DDoS mitigation rules in the SmartNIC, thus achieving a balanced combination of the XDP flexibility in operating traffic sampling and aggregation in the kernel with the performance of hardware-based filtering.

Read the article

Tackling the Lack of Perimeter: a Security Architecture for Multi-Tenant Virtual Services

Draft, 1 March 2019

In this paper, we point out the main shortcomings of legacy security models when applied to VNF, and we advocate the transition to a new architectural pattern that decouples context management from the detection logic.

Read the article

Securing Linux with a Faster and Scalable Iptables

Draft, 1 December 2018

This paper presents an eBPF-based firewall, bpf-iptables, which emulates the iptables filtering semantic while guaranteeing higher throughput outperforming other Linux-based firewalls particularly when a high number of rules is involved.

Read the article

Accelerating Linux Security with eBPF iptables

ACM SIGCOMM 2018 Conference Posters and Demos, Budapest (H), 20-25 August 2018

This paper presents an eBPF-based prototype that emulates the iptables filtering semantic and exploits a more efficient matching algorithm, without requiring custom kernels or invasive software frameworks.

Read the article

Toward an eBPF-based clone of iptables

Netdev 0x12, The Technical Conference on Linux Networking, Montréal (Canada), 11-13 July 2018

This paper reports the first results of a project that aims at creating a eBPF-based (partial) clone of iptables. This project assumes unmodified Linux kernel and guarantees the full compatibility with current iptables.

Read the article

Creating Complex Network Services with eBPF: Experience and Lessons Learned

IEEE International Conference on High Performance Switching and Routing, Bucharest (RO), 17-20 June 2018

In this paper we summarize the most important lessons learned while exploiting eBPF to create complex network functions, presenting the most promising characteristics of this technology and the main encountered limitations.

Read the article

Partial Offloading of OpenFlow Rules on a Traditional Hardware Switch ASIC

In: 3rd IEEE International Conference on Network Softwarization (NetSoft), Bologna (IT), 3-7 July 2017

This paper presents our findings about selectively offloading OpenFlow rules into a non-OpenFlow compatible hardware switch silicon, which enables existing (legacy) hardware ASICs to become compatible with the SDN paradigm.

Read the article

Enabling NFV Services on Resource-Constrained CPEs

In: 5th IEEE International Conference on Cloud Networking (CloudNet), Pisa (IT), 3-5 October 2016

In this paper we propose and validate an architecture that integrates native software components in a Network Function Virtualization (NFV) platform, making their use transparent from the user’s point of view.

Read the article


Contact. skype: sebymiano92 011-090-7098
  • Computer Networks Group (Netgroup),
  • Department of Control and Computer Engineering (DAUIN),
  • Politecnico di Torino, Torino, 10129, Italy.