2023, Articolo in rivista, ENG
David Lo Bascio and Flavio Lombardi
SRv6 can provide hybrid cooperation between a centralized network controller and network nodes. IPv6 routers maintain multi-hop ECMP-aware segments, whereas the controller establishes a source-routed path through the network. Since the state of the flow is defined at the ingress to the network and then is contained in a specific packet header, called Segment Routing Header (SRH), the importance of such a header itself is vital. Motivated by the need to study and investigate this technology, this paper discusses some security-related issues of Segment Routing. A SRv6 capable experimental testbed is built and detailed. Finally, an experimental test campaign is performed and results are evaluated and discussed.
2023, Articolo in rivista, ENG
Olivero M.A.; Bertolino A.; Dominguez-Mayo F.J.; Escalona M.J.; Matteucci I.
In the late twentieth century, the term "System of Systems" (SoS) became popular to describe a complex system made up of a combination of independent constituent systems. Since then, several studies have been conducted to support and assess SoS management, functionality, and performance. Due to the evolutionary nature of SoS and the non-composability of the security properties of its constituent systems, it is difficult to assess or evaluate SoS security. This paper provides an up-to-date survey on SoS security, aimed at stimulating and guiding further research efforts. This systematic mapping study (SMS) focuses on SoS security, privacy, and trust. Our SMS identified 1828 studies from 6 digital libraries, 87 of which were selected that presented approaches analyzing, evaluating, or improving security. We classified these studies using nine research questions that focused on the nature of the studies, the studied SoS, or the study validation. After examining the selected studies, we identified six gaps and as many future work directions. More precisely, we observed that few studies examine SoS problems and instead propose specific solutions, making it challenging to develop generalizable approaches. Furthermore, the lack of standardization has hindered the reuse of existing approaches, making it difficult for solutions to be generalized to other SoS. In addition, the lack of descriptions of industrial environments in the literature makes it difficult to design realistic validation environments. As a result, the validation of new SoS research remains a challenge in the field.
2023, Contributo in atti di convegno, ENG
Carboni A.; Leone G.R.; Nardi S.; Corrado A.; Moroni D.
In this paper, we present the environment perception layer of the Smart Passenger Center (SPaCe), a novel integrated framework for public transport management. This layer is a pervasive vision architecture for improved safety and security in the context of public transportation. Privacy and technological constraints are still significant limitations for the real-time analysis of video streams from video capture devices installed on public transport vehicles. In fact, in almost all cases, this analysis is carried out offline and lacks any predictive processing, which is now potentially applicable to all transport sectors, thanks to machine learning and artificial vision techniques. The architecture described is designed to combine the output of a set of parallel processing, all running onboard in real-time, thus allowing the separation of the information collected from actual passengers' identities. The analysis highlights aspects that affect travel and travellers safety, such as people's behaviour and the state of maintenance of vehicles.
2023, Articolo in rivista, ENG
Ali, Aitizaz and Pasha, Muhammad Fermi and Guerrieri, Antonio and Guzzo, Antonella and Sun, Xiaobing and Saeed, Aamir and Hussain, Amir and Fortino, Giancarlo
Securing Electronic Medical Records (EMRs) is one of the most critical applications of cryptography over the Internet due to the value and importance of data contained in such EMRs. Although blockchain-based healthcare systems can provide security, privacy, and immutability to EMRs, several outstanding security and latency issues are associated with existing schemes. For example, some researchers have used the blockchain as a storage tool which increases delay and adversely affects the blockchain performance since it stores a copy of each transaction. A distributed ledger also requires appropriate space and computational power with increased data size. In addition, existing healthcare-based approaches usually rely on centralized servers connected to clouds, which are vulnerable to denial of service (DoS), distributed DoS (DDoS), and collusion attacks. This paper proposes a novel hybrid-deep learning-based homomorphic encryption (HE) model for the Industrial Internet of Medical Things (IIoMT) to cope with such challenges using a consortium blockchain. Integrating HE with the proposed IIoMT system is a vital contribution of this work. The use of HE while outsourcing to the cloud the storage provides a unique facility to perform any statistical and machine learning operation on the encrypted EMR data, hence providing resistance to collusion and phishing attacks. Our proposed model uses a pre-trained hybrid deep learning model in the cloud and deploys the trained model into blockchain-based edge devices in order to classify and train local models using EMRs. This is further conditioned on the private data of each edge and IoT device connected with the consortium blockchain. All local models obtained are aggregated to the cloud to update a global model, which is finally disseminated to the edge nodes. Our proposed approach provides more privacy and security than conventional models and can deliver high efficiency and low end-to-end latency for users. Comparative simulation analysis with state-of-the-art approaches is carried out using benchmark performance metrics, which show that our proposed model provides enhanced security, efficiency, and transparency.
2023, Articolo in rivista, ENG
Mohammed Al-Sadi, Roberto Di Pietro, Flavio Lombardi, Matteo Signorini
Started as a hyped technology a few years ago, IoT is now a reality providing sensing and computing capabilities from SCADA systems to households. At their core, IoT devices connect to the outside world to share sensed or computed data. However, the sensitivity and privacy of shared data has made access management a stringent need also for the IoT. In particular, continuous authentication could solve a few security issues, like session hijacking, via checking device legitimacy for each exchanged message and preventing attackers from pretending their actions came from authenticated devices. To date, device-to-device (D2D) continuous authentication still relies on tokens/certificates or devices' fingerprints such as battery levels or location. The cited solutions, while being not always implementable on resource constrained devices, provide low-entropy and thus sporting a non negligible probability of being guessable during impersonation attacks. In this paper, we overcome the above limitations with LENTO: unpredictable Latency-based continuous authEntication for Network inTensive IoT envirOnments. In addition to a thorough analysis, we also offer experimental validation of our proposal. We have deployed LENTO as an additional authentication module of the well-known NextCloud platform, and we have performed an extensive experimental campaign. Collected results confirm our working hypothesis. Network delays can be exploited as random seeds in continuous authentication protocols as they provide as much entropy as standard approaches. To the best of our knowledge, our approach is the first continuous authentication protocol relying purely on the network characteristics, regardless of the underneath computing base trustworthiness. Given the minimal overhead introduced by our solution, it provides continuous authentication even for those devices that cannot afford to run (defacto) standard protocols. As such, LENTO could be retrofitted, offering enhanced security to a plethora of nowadays unsecured devices.
2022, Rapporto tecnico, ITA
Amenta V.; Deluca R.; Fullone A.; Glielmi A.; Ippoliti M.; Micolitti O.; Niccoli D.
Predisposizione di un modello esemplificativo per la designazione della figura di amministratore di sistema, modulabile sulle base delle effettive specificità delle strutture CNR.
2022, Contributo in atti di convegno, ENG
Lo Bascio, David and Lombardi, Flavio
SRv6 is a routing architecture that can provide hybrid cooperation a centralized network network policy, nodes: IPv6 routers maintain the multi-hop ECMP-aware segments, whereasbetween the controller, responsible for controller the Traffic and Engineering IPv6 routers maintain multi-hop ECMP-aware segments, whereas thethe controller, responsible for theatTraffic Engineering policy, combines them to formthe a source-routed path through the network. Since state of the flow is defined the ingress to the network combines to forminaasource-routed path through the Segment network. Routing Since theHeader state of(SRH), the flow defined at the to the network and then isthem contained specific packet header, called theis importance of ingress such a header itself is and then is contained in a specific packet header, called Segment Routing Header (SRH), the importance of such a header itself is vital. Motivated by the increasing success and widespread deployment of such approaches and technologies, this paper introduces vital. Motivated by the increasing andtied widespread deployment suchthe approaches technologies, this paper introduces the context and discusses some ofsuccess the issues to possible tamperingofwith Segment and Routing Header content. Finally, some the context discusses some ofaimed the issues tied to possible tampering with the Segment Routing Header content. Finally, some details of anand experimental testbed at evaluating the above issues are provided. details of an experimental testbed aimed at evaluating the above issues are provided.
2022, Articolo in rivista, ENG
Olivero M. A.; Bertolino A.; Dominguez-Mayo F. J.; Matteucci I.; María José Escalona M. J.
Context System of Systems (SoS) is an emerging paradigm by which independent systems collaborate by sharing resources and processes to achieve objectives that they could not achieve on their own. In this context, a number of emergent behaviors may arise that can undermine the security of the constituent systems. Objective We apply the Delphi method with the aims to improve our understanding of SoS security and related problems, and to investigate their possible causes and remedies. Method Experts on SoS expressed their opinions and reached consensus in a series of rounds by following a structured questionnaire. Results The results show that the experts found more consensus in disagreement than in agreement about some SoS characteristics, and on how SoS vulnerabilities could be identified and prevented. Conclusions From this study we learn that more work is needed to reach a shared understanding of SoS vulnerabilities, and we leverage expert feedback to outline some future research directions.
2022, Rapporto tecnico, ITA
Amenta V.; Deluca R.
Il documento contiene una descrizione interpretativa delle principali disposizioni contenute nel Regolamento (eu) 2016/679 al fine di supportare il personale in merito alle attività di trattamento dati personali. Il documento è corredato da moduli e formulari.
2021, Presentazione, ENG
Elena RAGAZZI, Lisa SELLA, Alessia DE SANTO, Thu Nga LE
Safety and security policies address a long list of risks including (but not limited to): oOccupational safety and health oTransport safety oNatural risks (including seismic risk) oCybersecurity oPhysical security (including defence against terroristic attacks) The listed topics appear to be very far from each other, nevertheless they share some common features and issues: oThe issue of security and safety as a public good oThis market failure imposes to act with regulation, public investment and/or incentives (sticks and carrots); oThe role of individual awareness underlying the role of training and communication (sermons); oThe necessity to work on both sides of protection and resilience; oThe issue of multilevel (institutional level and regional level) governance, since risks may only be addressed properly in a systemic way but the implementation of policies/regulation needs to be adapted to specific conditions. Safety and security policies are very specialised topics in which the number of scholars is limited. In fact, the different nature of the risks and of the technologies aiming at their reduction impose a deep and differentiated knowledge of the specific context. Nevertheless methodological cross-sectoral insights are frequent, not only for the above economic aspects, but because they share some challenges, such as: oThe problem of performance metrics 1. Security is a multifaced phenomenom. It is difficult to identify a single variable to represent it, while composite indicators are difficult to measure and have the problem of weighting; oThe problem of performance metrics 2. The difficulty to identify indicators that address outcomes of the policy and that are sensitive; oThe fact that the outcome of any policy is connected to risk, which il probabilistic variable (a reduction in the probability to suffer consequences of an aleatory event, such as an accident or a cyberattack); oThe difficulty to detangle the causal link between the policy/regulation and the desired outcome oSince most policies are in the form of overall regulation, the lack of a proper counterfactual hampers the possibility of impact evaluation In our presentation we will discuss in deep the issues above as a presentation and a guide for the speakers of the session.
2021, Articolo in rivista, ENG
Casolare, Rosangela; Di Giacomo, Umberto; Martinelli, Fabio; Mercaldo, Francesco; Santone, Antonella
Smartphones, tablets and other mobile devices have become objects that we can no longer do without, as a matter of fact for us they are like an extension of our body and many people are addicted to them; this behavior is a consequence of the use we make of it, since these devices allow us to manage sensitive data (i.e., financial ones) and access information of different types (i.e., photos, messages or health data). For this reason it is essential to detect the harmful behaviors present within our smartphones, taking into account the weaknesses of the current anti-malware mechanisms. In this article we propose an approach capable of discriminating trusted applications from those that instead have malicious behavior, since they are involved in a colluding attack. We resort to the processing of the audio signal extracted from the conversion of an application into an audio file. The processing allows to generate a vector of characteristics to be analyzed with different classifiers. The experimental analysis is performed on a set of Android applications consisting of 359 trusted and (colluding) untrusted applications, showing the effectiveness of our method in detecting colluding applications.
2021, Rapporto tecnico, ITA
Deluca R.; Amenta V.; Ippoliti M.; Fullone A.; Glielmi A.; Niccoli, D.
Predisposizione di un modello esemplificativo contenente alcune ipotesi di misure tecniche e organizzative, avente la funzione di intercettare le plurime richieste delle strutture dell'Ente circa la necessità di poter disporre di una strumentazione di base, ma al tempo stesso modulabile sulla base delle effettive specificità delle stesse, cosi da metterle a disposizione delle strutture del C.N.R. (Amministrazione centrale e Rete scientifica).
2021, Contributo in atti di convegno, ENG
V. Amenta (1); M. C. Buzzi (1); M. Buzzi (1); A. Montemurro (2)
Today the Internet of Things (IoT) empowers our lives, simplifying interaction and services in many fields including smart homes and cities, telemedicine and healthcare, transportation, security and social life. In many IoT applications, personal data are automatically collected and stored in cloud systems, processed and used for purposes such as creating user profiles, monitoring health, personalized advertising and more. The main cost of this process involves data that are collected by providers and organizations. This paper discusses important privacy and security issues raised by the main IoT devices, specifically considering the obligations imposed by the General Data Protection Regulation (GDPR) on the organizations collecting data relating to people in the European Union.
2021, Rapporto di progetto (Project report), ENG
Taleb T.; Violos J.; Tsanakas S.; Pagoulatou T.; Theodoropoulos T.; Coppola M.; Dazzi P.; Ferrucci L.; Diego F.; Marin E.; Kourtelis N.
This deliverable provides the first report summarizing the scientific advancements, during the first year of the project, achieved by WP4 Tasks. Work Package (WP) 4, dubbed Edge/Cloud continuum management framework, is organized around 6 Tasks is to develop a framework that efficiently manages the deployment and runtime of ACCORDION applications on the continuum.
2021, Articolo in rivista, ENG
Iadarola G. (1); Martinelli F. (1); Mercaldo F. (1); Santone A. (2)
Mobile devices are pervading everyday activities of our life. Each day we store a plethora of sensitive and private information in smart devices such as smartphones or tablets, which are typically equipped with an always-on internet connection. These information are of interest for malicious writers that are developing more and more aggressive harmful code for stealing sensitive and private information from mobile devices. Considering the weaknesses exhibited from current antimalware signature-based detection, in this paper we propose a method relying on application representation in terms on images used to input an explainable deep learning model designed by authors for Android malware detection and family identification. Moreover, we show how the explainability can be considered from the analyst to assess different models. Experimental results demonstrated the effectiveness of the proposed method, obtaining an average accuracy ranging from 0.96 to 0.97; we evaluated 8446 Android samples belonging to six different malware families and one more family for trusted samples, by providing also interpretability about the predictions performed by the model.
2021, Articolo in rivista, ENG
Giorgi G. (1); La Marra A. (2); Martinelli F. (1); Mori P. (1); Rizos A. (3); Saracino A. (1)
In this article we present an application of the Usage Control paradigm to a Smart Home infrastructure, based on a model extension and structured use of obligations. In the proposed extended model obligations are exploited to enforce two different access revocation time, namely revoke and suspend. This increases the policy expressiveness and enable to optimize the resource usage. Furthermore, obligations are exploited to send commands via IFTTT to different interconnected Smart Home devices, to impose safety-relevant behaviors, or to act on policy attributes to implement a self-healing paradigm for revoked sessions. The article is motivated by a parental control use case where deep learning is used in combination with Usage Control to regulate dynamically viewing rights of a smart-TV and interactions with interconnected devices. Accuracy and performance experiments show the effectiveness and feasibility of the proposed work.
2021, Articolo in rivista, ENG
J. González-Ortega, D. Ríos Insua, F. Ruggeri, and R. Soyer
We present an extension to the classical problem of hypothesis testing by incorporating actions of an adversary who intends to mislead the decision-maker and attain a certain benefit. After presenting the general problem within an adversarial statistical decision theory framework, we consider the cases of adversaries who can either perturb the data received or modify the underlying data-generating process parametrically. Supplemental materials for this article are available online.
2020, Rapporto tecnico, ITA
Amendola T.; Deluca R.; Diciotti R.; Fantini E.; Piccioli T., Volpini F.
Regolamento interno mirato ad evitare che comportamenti inconsapevoli possano innescare problemi o minacce alla sicurezza nel trattamento dei dati personali.
2020, Altro prodotto, ENG
Giulia Giordano, Desiree A.L. Quagliarotti
The interlinkages between water, energy and food are especially evident in the Middle East, perhaps more than in other regions in the world. Generally, the region is notable for being energy intensive, water scarce, food deficient, and one of the most vulnerable to the impact of climate change (Lange, 2019). Despite those common characteristics, each country shows specific climatic, ecological and socioeconomic features, which influence the complex interactions of the WEF nexus and affect states' ability to meet their water, food and energy needs. As several nexus studies conducted in the Middle East point out, the need to meet the rapidly growing demand for water, energy and food in an increasingly resource-constrained scenario (FAO, 2018; Borgomeo et al., 2018), associated with WEF conventional policy and decision making in "silos", has fuelled a vicious circle that has ended up favouring trade-offs rather than amplifying synergies between sectors (Shannak, Mabrey & Vittorio, 2018). Furthermore, environment and security are strictly interlinked in the region implying the need to add the security dimension to the nexus. This chapter has three main objectives. First, to analyse the water-energy (WE) nexus challenges and associated risks in the Middle East. Second, to describe what it actually means to render water and energy in terms of security exploring the water-energy-security (WES) nexus and the linkages between nexus and securitisation. Third, to highlight the opportunities in terms of water and energy security arising from turning the nexus into a virtuous circle. Results from case studies are also discussed.
2020, Rapporto tecnico, ITA
Miori V.; Russo D.; Pillitteri L.
Nel presente documento viene analizzato lo stato dell'arte dei criteri esistenti in letteratura per la misura delle performance di un sistema per la gestione della sicurezza e delle emergenze. In dettaglio, il documento è strutturato in tre sezioni principali che trattano l'ambito di diagnosi, prognosi e tolleranza ai guasti. In ogni sezione vengono dapprima richiamati i concetti di base principali, e successivamente descritti i principali criteri di misura delle performance che sono potenzialmente applicabili nel caso del manager della sicurezza.