2023
Journal article
Open Access
DAEMON: a domain-based monitoring ontology for IoT systems
Daoudagh S., Marchetti E., Calabrò A., Ferrada F., Oliveira A. I., Barata J., Peres R., Marques F.
Context: Internet of Things (IoT) is an emerging technology used in several contexts and domains. Objective: The work aims to define a technological reference solution specifically conceived for monitoring and assessing the behavior of IoT systems from the cybersecurity perspective when a new device or component joins the system. Method: We leverage semantic web technologies, such as ontologies, for defining DAEMON, a domain-based ontology that formally models monitoring, IoT, and System of Systems (SoS) domains' knowledge. We also propose a supporting architecture and describe the proof-of-concept implementing different components. Results and Conclusion: We have validated and showcased our proposal by instantiating DAEMON into a multi-robot autonomous navigation scenario applied to the intralogistics domain.Source: SN computer science (Online) 4 (2023). doi:10.1007/S42979-023-01975-Y
DOI: 10.1007/s42979-023-01975-y
Project(s): BIECO
Metrics:
Daoudagh S., Marchetti E., Calabrò A., Ferrada F., Oliveira A. I., Barata J., Peres R., Marques F.
Context: Internet of Things (IoT) is an emerging technology used in several contexts and domains. Objective: The work aims to define a technological reference solution specifically conceived for monitoring and assessing the behavior of IoT systems from the cybersecurity perspective when a new device or component joins the system. Method: We leverage semantic web technologies, such as ontologies, for defining DAEMON, a domain-based ontology that formally models monitoring, IoT, and System of Systems (SoS) domains' knowledge. We also propose a supporting architecture and describe the proof-of-concept implementing different components. Results and Conclusion: We have validated and showcased our proposal by instantiating DAEMON into a multi-robot autonomous navigation scenario applied to the intralogistics domain.Source: SN computer science (Online) 4 (2023). doi:10.1007/S42979-023-01975-Y
DOI: 10.1007/s42979-023-01975-y
Project(s): BIECO
Metrics:
See at:
SN Computer Science 
| ISTI Repository | CNR ExploRA
2023
Journal article
Open Access
Cobot protocol customisation manager - PLuME
Calabrò A., Marchetti E.
Making cobot safety protocols closer to a cookbook than to methodologies: Let users implement protocols without overhead in knowledge and understanding of the procedures.Source: ERCIM news online edition 132 (2023): 14–15.
Calabrò A., Marchetti E.
Making cobot safety protocols closer to a cookbook than to methodologies: Let users implement protocols without overhead in knowledge and understanding of the procedures.Source: ERCIM news online edition 132 (2023): 14–15.
See at:
ercim-news.ercim.eu | ISTI Repository | CNR ExploRA
2022
Software
Unknown
Concern - COmplex eveNt proCEssing monitoR iNfrastructure
Calabrò A.
Concern is a predictive simulation monitoring infrastructure that aims to cooperate within Digital Twin in execution on a simulated environment to avoid possible accidents or failures happen in real systems using forecasting and self-generation rules techniques.Project(s): BIECO
Calabrò A.
Concern is a predictive simulation monitoring infrastructure that aims to cooperate within Digital Twin in execution on a simulated environment to avoid possible accidents or failures happen in real systems using forecasting and self-generation rules techniques.Project(s): BIECO
See at: github.com | CNR ExploRA
2022
Conference article
Open Access
An ontology-based solution for monitoring IoT cybersecurity
Daoudagh S., Marchetti E., Calabrò A., Ferrada F., Oliveira A. I., Barata J., Peres R., Marques F.
Context: Systems of Systems (SoSs) are becoming an emerging architecture, and they are used in several daily life contexts. Objective: The aim is to define a reference environment conceived for monitoring and assessing the behavior from the cybersecurity point of view of SoS when a new IoT device is added. Method: In this paper, we propose the Domain bAsEd Monitoring ONtology (DAEMON), an ontology that formally models knowledge about monitoring and System of Systems (SoS) domains. We also conceived a reference supporting architecture, and we provided the first proof-of-concept by implementing different components. Results and Conclusion: For the feasibility purpose, we have validated our proof-of-concept in the context of the EU BIECO project by considering a Robot Navigation use-case scenario.Source: IFIPIoT 2022 - 5th IFIP International Cross-Domain Conference on Internet of Things, pp. 158–176, Amsterdam, Netherlands, 27-28/10/2022
DOI: 10.1007/978-3-031-18872-5_10
Project(s): BIECO, CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E., Calabrò A., Ferrada F., Oliveira A. I., Barata J., Peres R., Marques F.
Context: Systems of Systems (SoSs) are becoming an emerging architecture, and they are used in several daily life contexts. Objective: The aim is to define a reference environment conceived for monitoring and assessing the behavior from the cybersecurity point of view of SoS when a new IoT device is added. Method: In this paper, we propose the Domain bAsEd Monitoring ONtology (DAEMON), an ontology that formally models knowledge about monitoring and System of Systems (SoS) domains. We also conceived a reference supporting architecture, and we provided the first proof-of-concept by implementing different components. Results and Conclusion: For the feasibility purpose, we have validated our proof-of-concept in the context of the EU BIECO project by considering a Robot Navigation use-case scenario.Source: IFIPIoT 2022 - 5th IFIP International Cross-Domain Conference on Internet of Things, pp. 158–176, Amsterdam, Netherlands, 27-28/10/2022
DOI: 10.1007/978-3-031-18872-5_10
Project(s): BIECO
, CyberSec4Europe Metrics:
See at:
ISTI Repository | doi.org 
| link.springer.com | CNR ExploRA
2022
Conference article
Open Access
Improving SAR ops using Wi-Fi and LoRa on UAV
Calabrò A., Marchetti E.
Solutions for improving Search and Rescue operations (SAR) operations are receiving increasing attention. Transponder is one of the an open-source, lightweight and low-cost solution. It installed on top of a drone, conceived for the analysis of Wi-Fi beacons or probe requests in areas without network infrastructure. It relies on LoRa communications and uses a Complex Event Processor for the enhancing and enriching data analysis and for providing first-aid information. The use of Transponder in a realistic scenario is also presented.Source: PerCom Workshops - 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events, pp. 82–84, Pisa, Italy, 21-25/03/2022
DOI: 10.1109/percomworkshops53856.2022.9767503
Metrics:
Calabrò A., Marchetti E.
Solutions for improving Search and Rescue operations (SAR) operations are receiving increasing attention. Transponder is one of the an open-source, lightweight and low-cost solution. It installed on top of a drone, conceived for the analysis of Wi-Fi beacons or probe requests in areas without network infrastructure. It relies on LoRa communications and uses a Complex Event Processor for the enhancing and enriching data analysis and for providing first-aid information. The use of Transponder in a realistic scenario is also presented.Source: PerCom Workshops - 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events, pp. 82–84, Pisa, Italy, 21-25/03/2022
DOI: 10.1109/percomworkshops53856.2022.9767503
Metrics:
See at:
ISTI Repository | doi.org | ieeexplore.ieee.org | CNR ExploRA
2021
Journal article
Open Access
COVID-19 & privacy: Enhancing of indoor localization architectures towards effective social distancing
Barsocchi P., Calabrò A., Crivello A., Daoudagh S., Furfari F., Girolami M., Marchetti E.
The way people access services in indoor environments has dramatically changed in the last year. The countermeasures to the COVID-19 pandemic imposed a disruptive requirement, namely preserving social distance among people in indoor environments. We explore in this work the possibility of adopting the indoor localization technologies to measure the distance among users in indoor environments. We discuss how information about people's contacts collected can be exploited during three stages: before, during, and after people access a service. We present a reference architecture for an Indoor Localization System (ILS), and we illustrate three representative use-cases. We derive some architectural requirements, and we discuss some issues that concretely cope with the real installation of an ILS in real-world settings. In particular, we explore the privacy and trust reputation of an ILS, the discovery phase, and the deployment of the ILS in real-world settings. We finally present an evaluation framework for assessing the performance of the architecture proposed.Source: Array 9 (2021). doi:10.1016/j.array.2020.100051
DOI: 10.1016/j.array.2020.100051
Project(s): CyberSec4Europe
Metrics:
Barsocchi P., Calabrò A., Crivello A., Daoudagh S., Furfari F., Girolami M., Marchetti E.
The way people access services in indoor environments has dramatically changed in the last year. The countermeasures to the COVID-19 pandemic imposed a disruptive requirement, namely preserving social distance among people in indoor environments. We explore in this work the possibility of adopting the indoor localization technologies to measure the distance among users in indoor environments. We discuss how information about people's contacts collected can be exploited during three stages: before, during, and after people access a service. We present a reference architecture for an Indoor Localization System (ILS), and we illustrate three representative use-cases. We derive some architectural requirements, and we discuss some issues that concretely cope with the real installation of an ILS in real-world settings. In particular, we explore the privacy and trust reputation of an ILS, the discovery phase, and the deployment of the ILS in real-world settings. We finally present an evaluation framework for assessing the performance of the architecture proposed.Source: Array 9 (2021). doi:10.1016/j.array.2020.100051
DOI: 10.1016/j.array.2020.100051
Project(s): CyberSec4Europe
Metrics:
See at:
Array | ISTI Repository | Array | www.sciencedirect.com | CNR ExploRA
2021
Conference article
Embargo
BIECO runtime auditing framework
Calabrò A., Cioroaica E., Daoudagh S., Marchetti E.
Context: Within digital ecosystems avoiding the propagation of security and trust violations among interconnected parties is a mandatory requirement, especially when a new device, a software component, or a system component is integrated within the ecosystem. Objective: The aim is to define an auditing framework able to assess and evaluate the specific functional and non-functional properties of the ecosystems and their components. Method: In this paper, we present the concept of predictive simulation and runtime monitoring for detecting malicious behavior of ecosystem components. Results and Conclusion: We defined a reference architecture allowing the automation of the auditing process for the runtime behavior verification of ecosystems and their components. Validation of the proposal with real use-cases is part of the future BIECO's activities.Source: CISIS 2021 and ICEUTE 2021 - 14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational, pp. 181–191, Bilbao, Spain, 22-24/09/2021
DOI: 10.1007/978-3-030-87872-6_18
Project(s): BIECO
Metrics:
Calabrò A., Cioroaica E., Daoudagh S., Marchetti E.
Context: Within digital ecosystems avoiding the propagation of security and trust violations among interconnected parties is a mandatory requirement, especially when a new device, a software component, or a system component is integrated within the ecosystem. Objective: The aim is to define an auditing framework able to assess and evaluate the specific functional and non-functional properties of the ecosystems and their components. Method: In this paper, we present the concept of predictive simulation and runtime monitoring for detecting malicious behavior of ecosystem components. Results and Conclusion: We defined a reference architecture allowing the automation of the auditing process for the runtime behavior verification of ecosystems and their components. Validation of the proposal with real use-cases is part of the future BIECO's activities.Source: CISIS 2021 and ICEUTE 2021 - 14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational, pp. 181–191, Bilbao, Spain, 22-24/09/2021
DOI: 10.1007/978-3-030-87872-6_18
Project(s): BIECO
Metrics:
See at:
link.springer.com | link.springer.com | CNR ExploRA
2021
Conference article
Open Access
MENTORS: Monitoring Environment for System of Systems
Calabrò A., Daoudagh S., Marchetti E.
Context: Systems Of Systems (SoSs) are becoming a widespread emerging architecture, and they are used in several daily life contexts. Therefore, when a new device is integrated into an existing SoS, facilities able to efficaciously assess and prevent anomalous and dangerous situations are necessary. Objective: The aim is to define a reference environment conceived for monitoring and assessing the behavior of SoS when a new device is added. Method: In this paper, we present MENTORS, a monitoring environment for SoS. MENTORS is based on semantic web technologies to formally represent SoS and Monitoring knowledge through a core ontology, called MONTOLOGY. Results and Conclusion: We defined the conceptual model of MENTORS, which is composed of two phases: Off-line and On-line, supported by a reference architecture that allows its (semi-)automation. Validation of the proposal with real use-cases is part of future activities.Source: WEBIST 2021 - 17th International Conference on Web Information Systems and Technologies, pp. 291–298, Online conference, 26-28/10/2021
DOI: 10.5220/0010658900003058
Project(s): BIECO, CyberSec4Europe
Metrics:
Calabrò A., Daoudagh S., Marchetti E.
Context: Systems Of Systems (SoSs) are becoming a widespread emerging architecture, and they are used in several daily life contexts. Therefore, when a new device is integrated into an existing SoS, facilities able to efficaciously assess and prevent anomalous and dangerous situations are necessary. Objective: The aim is to define a reference environment conceived for monitoring and assessing the behavior of SoS when a new device is added. Method: In this paper, we present MENTORS, a monitoring environment for SoS. MENTORS is based on semantic web technologies to formally represent SoS and Monitoring knowledge through a core ontology, called MONTOLOGY. Results and Conclusion: We defined the conceptual model of MENTORS, which is composed of two phases: Off-line and On-line, supported by a reference architecture that allows its (semi-)automation. Validation of the proposal with real use-cases is part of future activities.Source: WEBIST 2021 - 17th International Conference on Web Information Systems and Technologies, pp. 291–298, Online conference, 26-28/10/2021
DOI: 10.5220/0010658900003058
Project(s): BIECO
, CyberSec4Europe Metrics:
See at:
ISTI Repository | www.scitepress.org | CNR ExploRA
2021
Software
Unknown
Transponder - supporT foR locAliziNg diStressed People thrOugh a flyiNg Drone nEtwoRk
Calabrò A.
Solutions for improving Search and Rescue operations (SAR) operations are receiving increasing attention. Transponder is one of the an open-source, lightweight and low-cost solution. It installed on top of a drone, conceived for the analysis of Wi-Fi beacons or probe requests in areas without network infrastructure. It relies on LoRa communications and uses a Complex Event Processor for the enhancing and enriching data analysis and for providing first-aid information.
Calabrò A.
Solutions for improving Search and Rescue operations (SAR) operations are receiving increasing attention. Transponder is one of the an open-source, lightweight and low-cost solution. It installed on top of a drone, conceived for the analysis of Wi-Fi beacons or probe requests in areas without network infrastructure. It relies on LoRa communications and uses a Complex Event Processor for the enhancing and enriching data analysis and for providing first-aid information.
See at: github.com | CNR ExploRA
2021
Conference article
Open Access
Integrated Wi-Fi and LoRa network on UAVs for localizing people during SAR operations
Calabro A., Giuliano R.
In distress and crisis situations, the way how the rescuers answer is extremely important and critical. Rapidity on which Search and Rescue (SAR) operations are deployed and executed may have a high impact on the physical and psychological health of the user in distress. The proposed tool aim in localizing users in areas where any wired or wireless access communication has been interrupted or not working properly like earthquakes areas or mountains where no cellular signal are available. The proposed system is deployed on top of a drone capable to detect Wi-Fi beacons generated by distressed user's device Wi-Fi interface. Beacons acquired are analyzed through the Complex Event Processor and after being aggregated with the acquired GPS position sent to the ground station using LoRa radio transmission protocol. The system has been tested in a woods scenario for simulating the absence of the mobile cellular signal and validating the proposed tracking approach.Source: AEIT AUTOMOTIVE - 2021 AEIT International Conference on Electrical and Electronic Technologies for Automotive, Turin, Italy, 17-19/11/2021
DOI: 10.23919/aeitautomotive52815.2021.9662760
Metrics:
Calabro A., Giuliano R.
In distress and crisis situations, the way how the rescuers answer is extremely important and critical. Rapidity on which Search and Rescue (SAR) operations are deployed and executed may have a high impact on the physical and psychological health of the user in distress. The proposed tool aim in localizing users in areas where any wired or wireless access communication has been interrupted or not working properly like earthquakes areas or mountains where no cellular signal are available. The proposed system is deployed on top of a drone capable to detect Wi-Fi beacons generated by distressed user's device Wi-Fi interface. Beacons acquired are analyzed through the Complex Event Processor and after being aggregated with the acquired GPS position sent to the ground station using LoRa radio transmission protocol. The system has been tested in a woods scenario for simulating the absence of the mobile cellular signal and validating the proposed tracking approach.Source: AEIT AUTOMOTIVE - 2021 AEIT International Conference on Electrical and Electronic Technologies for Automotive, Turin, Italy, 17-19/11/2021
DOI: 10.23919/aeitautomotive52815.2021.9662760
Metrics:
See at:
ISTI Repository | ieeexplore.ieee.org | CNR ExploRA
2020
Conference article
Restricted
A privacy-by-design architecture for indoor localization systems
Barsocchi P., Calabro A., Crivello A., Daoudagh S., Furfari F., Girolami M., Marchetti E.
The availability of mobile devices has led to an arising development of indoor location services collecting a large amount of sensitive information. However, without accurate and verified management, such information could become severe back-doors for security and privacy issues. We propose in this paper a novel Location-Based Service (LBS) architecture in line with the GDPR's provisions. For feasibility purposes and considering a representative use-case, a reference implementation, based on the popular Telegram app, is also presented.Source: 13th International Conference on the Quality of Information and Communications Technology (QUATIC 2020), pp. 358–366, Faro, Portugal, September 9-11, 2020
DOI: 10.1007/978-3-030-58793-2_29
Project(s): CyberSec4Europe
Metrics:
Barsocchi P., Calabro A., Crivello A., Daoudagh S., Furfari F., Girolami M., Marchetti E.
The availability of mobile devices has led to an arising development of indoor location services collecting a large amount of sensitive information. However, without accurate and verified management, such information could become severe back-doors for security and privacy issues. We propose in this paper a novel Location-Based Service (LBS) architecture in line with the GDPR's provisions. For feasibility purposes and considering a representative use-case, a reference implementation, based on the popular Telegram app, is also presented.Source: 13th International Conference on the Quality of Information and Communications Technology (QUATIC 2020), pp. 358–366, Faro, Portugal, September 9-11, 2020
DOI: 10.1007/978-3-030-58793-2_29
Project(s): CyberSec4Europe
Metrics:
See at:
Communications in Computer and Information Science | link-springer-com-443.webvpn.fjmu.edu.cn | CNR ExploRA
2020
Journal article
Open Access
Cloud testing automation: industrial needs and ElasTest response
Bertolino A., Calabrò A., Marchetti E., Cervantes Sala A., Tunon De Hita G., Gheorghe Pop I. D., Gowtham V.
While great emphasis is given in the current literature about the potential of leveraging the cloud for testing purposes, the authors have scarce factual evidence from real-world industrial contexts about the motivations, drawbacks and benefits related to the adoption of automated cloud testing technology. In this study, the authors present an empirical study undertaken within the ongoing European Project ElasTest, which has developed an open source platform for end-to-end testing of large distributed systems. This study aims at validating the ElasTest solution, and consists of the assessment of four demonstrators belonging to different application domains, namely e-commerce, 5G networking, WebRTC and Internet of Things. For each demonstrator, they collected differing requirements, and achieved varying results, both positive and negative, showing that cloud testing needs careful assessment before adoption.Source: IET software (Print) 14 (2020): 553–562. doi:10.1049/iet-sen.2019.0140
DOI: 10.1049/iet-sen.2019.0140
Project(s): ELASTEST
Metrics:
Bertolino A., Calabrò A., Marchetti E., Cervantes Sala A., Tunon De Hita G., Gheorghe Pop I. D., Gowtham V.
While great emphasis is given in the current literature about the potential of leveraging the cloud for testing purposes, the authors have scarce factual evidence from real-world industrial contexts about the motivations, drawbacks and benefits related to the adoption of automated cloud testing technology. In this study, the authors present an empirical study undertaken within the ongoing European Project ElasTest, which has developed an open source platform for end-to-end testing of large distributed systems. This study aims at validating the ElasTest solution, and consists of the assessment of four demonstrators belonging to different application domains, namely e-commerce, 5G networking, WebRTC and Internet of Things. For each demonstrator, they collected differing requirements, and achieved varying results, both positive and negative, showing that cloud testing needs careful assessment before adoption.Source: IET software (Print) 14 (2020): 553–562. doi:10.1049/iet-sen.2019.0140
DOI: 10.1049/iet-sen.2019.0140
Project(s): ELASTEST
Metrics:
See at:
IET Software | IET Software | ieeexplore.ieee.org | Fraunhofer-ePrints | CNR ExploRA
2020
Conference article
Open Access
Quality-of-Experience driven configuration of WebRTC services through automated testing
Bertolino A., Calabró A., De Angelis G., Gortázar F., Lonetti F., Maes M., Tuñón G.
Quality of Experience (QoE) refers to the end users level of satisfaction with a real-time service, in particular in relation to its audio and video quality. Advances in WebRTC technology have favored the spread of multimedia services through use of any browser. Provision of adequate QoE in such services is of paramount importance. The assessment of QoE is costly and can be done only late in the service lifecycle. In this work we propose a simple approach for QoE-driven non-functional testing of WebRTC services that relies on the ElasTest open-source platform for end-to-end testing of large complex systems. We describe the ElasTest platform, the proposed approach and an experimental study. In this study, we compared qualitatively and quantitatively the effort required in the ElasTest supported scenario with respect to a "traditional" solution, showing great savings in terms of effort and time.Source: IEEE 20th International Conference on Software Quality, Reliability, and Security (QRS), pp. 152–159, Macau, China, 11-14/12/2020
DOI: 10.1109/qrs51102.2020.00031
Project(s): ELASTEST
Metrics:
Bertolino A., Calabró A., De Angelis G., Gortázar F., Lonetti F., Maes M., Tuñón G.
Quality of Experience (QoE) refers to the end users level of satisfaction with a real-time service, in particular in relation to its audio and video quality. Advances in WebRTC technology have favored the spread of multimedia services through use of any browser. Provision of adequate QoE in such services is of paramount importance. The assessment of QoE is costly and can be done only late in the service lifecycle. In this work we propose a simple approach for QoE-driven non-functional testing of WebRTC services that relies on the ElasTest open-source platform for end-to-end testing of large complex systems. We describe the ElasTest platform, the proposed approach and an experimental study. In this study, we compared qualitatively and quantitatively the effort required in the ElasTest supported scenario with respect to a "traditional" solution, showing great savings in terms of effort and time.Source: IEEE 20th International Conference on Software Quality, Reliability, and Security (QRS), pp. 152–159, Macau, China, 11-14/12/2020
DOI: 10.1109/qrs51102.2020.00031
Project(s): ELASTEST
Metrics:
See at:
ISTI Repository | doi.org | qrs20.techconf.org | CNR ExploRA
2019
Conference article
Open Access
A dynamic and scalable solution for improving daily life safety
Calabrò A., Marchetti E., Moroni D., Pieri G.
The integration of computation, networking, and physical processes requires regular exchange of critical information in timely and reliable fashion and a secure modeling and control engine able to rule and to coordinate all different sources of information. In this paper we provide the description of a dynamic and flexible infrastructure to be installed and applied into daily realities, able to maximize safety and security with an extremely low impact on the maintenance and the updating effort. The proposal has been conceived in collaboration with an Italian kindergarten. Preliminary results collected during simulation and testing activity are encouraging.Source: 2nd International Conference on Applications of Intelligent Systems, Las Palmas de Gran Canaria, Spain, 07-09 January 2019
DOI: 10.1145/3309772.3309796
Metrics:
Calabrò A., Marchetti E., Moroni D., Pieri G.
The integration of computation, networking, and physical processes requires regular exchange of critical information in timely and reliable fashion and a secure modeling and control engine able to rule and to coordinate all different sources of information. In this paper we provide the description of a dynamic and flexible infrastructure to be installed and applied into daily realities, able to maximize safety and security with an extremely low impact on the maintenance and the updating effort. The proposal has been conceived in collaboration with an Italian kindergarten. Preliminary results collected during simulation and testing activity are encouraging.Source: 2nd International Conference on Applications of Intelligent Systems, Las Palmas de Gran Canaria, Spain, 07-09 January 2019
DOI: 10.1145/3309772.3309796
Metrics:
See at:
ISTI Repository | dl.acm.org | doi.org | CNR ExploRA
2019
Conference article
Restricted
GDPR and business processes: an effective solution
Bartolini C., Calabró A., Marchetti E.
In the European Union, the recent update to data protection laws by virtue of the General Data Protection Regulation (GDPR) significantly changed the landscape of the processing of personal data. Consequently, adequate solutions to ensure that the controller and processor properly understand and meet the data protection requirements are needed. In enterprise reality it is quite common to use Business Process (BP) models to manage the different business activities. Hence the idea of integrating privacy concepts into BP models so as to leverage them to the role of GDPR recommenders. To this end, suggestions and recommendations about data management pursuant to GDPR provisions have been added to specific tasks of the BP, to improve both the process management and personnel learning and training. Feasibility of the proposed idea, implemented into an Eclipse plugin, has been provided through a realistic example.Source: APPIS 2019 - 2nd International Conference on Applications of Intelligent Systems, Las Palmas de Gran Canaria, Spain, 7-12 January 2019
DOI: 10.1145/3309772.3309779
Metrics:
Bartolini C., Calabró A., Marchetti E.
In the European Union, the recent update to data protection laws by virtue of the General Data Protection Regulation (GDPR) significantly changed the landscape of the processing of personal data. Consequently, adequate solutions to ensure that the controller and processor properly understand and meet the data protection requirements are needed. In enterprise reality it is quite common to use Business Process (BP) models to manage the different business activities. Hence the idea of integrating privacy concepts into BP models so as to leverage them to the role of GDPR recommenders. To this end, suggestions and recommendations about data management pursuant to GDPR provisions have been added to specific tasks of the BP, to improve both the process management and personnel learning and training. Feasibility of the proposed idea, implemented into an Eclipse plugin, has been provided through a realistic example.Source: APPIS 2019 - 2nd International Conference on Applications of Intelligent Systems, Las Palmas de Gran Canaria, Spain, 7-12 January 2019
DOI: 10.1145/3309772.3309779
Metrics:
See at:
dl.acm.org | doi.org | CNR ExploRA
2019
Conference article
Open Access
Enhancing business process modelling with data protection compliance: an ontology-based proposal
Bartolin C., Calabró A., Marchetti E.
The research and industrial environments are struggling to identify practical approaches to highlight the (new) duties of controllers of personal data and foster the transition of IT-based systems, services, and tools to comply with the GDPR. In this paper, we present a solution for enhancing the modelling of business processes with facilities to help evaluate the compliance with the GDPR. The proposal is based on a model describing the constituents of the data protection domain: A structured form of the legal text, an ontology of data protection concepts, and a machine-readable translation of the GDPR provisions. An example of application is also provided.Source: ICISSP 2019 - 5th International Conference on Information Systems Security and Privacy, pp. 421–428, Prague, Czech Republic, 23-25 February 2019
DOI: 10.5220/0007392304210428
Metrics:
Bartolin C., Calabró A., Marchetti E.
The research and industrial environments are struggling to identify practical approaches to highlight the (new) duties of controllers of personal data and foster the transition of IT-based systems, services, and tools to comply with the GDPR. In this paper, we present a solution for enhancing the modelling of business processes with facilities to help evaluate the compliance with the GDPR. The proposal is based on a model describing the constituents of the data protection domain: A structured form of the legal text, an ontology of data protection concepts, and a machine-readable translation of the GDPR provisions. An example of application is also provided.Source: ICISSP 2019 - 5th International Conference on Information Systems Security and Privacy, pp. 421–428, Prague, Czech Republic, 23-25 February 2019
DOI: 10.5220/0007392304210428
Metrics:
See at:
doi.org | ISTI Repository | www.scitepress.org | www.scopus.com | CNR ExploRA
2019
Conference article
Open Access
Integrating access control and business process for GDPR compliance: A preliminary study
Calabrò A., Daoudagh S., Marchetti E.
Currently, the scientific communities and private companies are actively working to provide theoretical and practical solutions for enforcing the adoption of the General Data Protection Regulation (GDPR) and its compliance problem. In line with the principle of data protection by design, the paper proposes an approach for the automation and enforcement of GDPR requirements. The idea is to extend the currently adopted access control mechanisms so to leverage them to the enforcement of GDPR compliance during business activities of data management and analysis. From a practical point of view, this means to integrate into the existing business processes specific facilities for assisting in the design, development, maintenance, and verification of the GDPR requirements as well as to modify the language and architecture of the access control systems so as to let the management of GDPR principles and obligations. For this, the basic steps of the proposed approach are provided as well as an example used to clarify the integrated use of access control systems and business process models.Source: ITASEC19 - Italian Conference on Cybersecurity, pisa, 12-15/02/2019
Calabrò A., Daoudagh S., Marchetti E.
Currently, the scientific communities and private companies are actively working to provide theoretical and practical solutions for enforcing the adoption of the General Data Protection Regulation (GDPR) and its compliance problem. In line with the principle of data protection by design, the paper proposes an approach for the automation and enforcement of GDPR requirements. The idea is to extend the currently adopted access control mechanisms so to leverage them to the enforcement of GDPR compliance during business activities of data management and analysis. From a practical point of view, this means to integrate into the existing business processes specific facilities for assisting in the design, development, maintenance, and verification of the GDPR requirements as well as to modify the language and architecture of the access control systems so as to let the management of GDPR principles and obligations. For this, the basic steps of the proposed approach are provided as well as an example used to clarify the integrated use of access control systems and business process models.Source: ITASEC19 - Italian Conference on Cybersecurity, pisa, 12-15/02/2019
See at:
dblp.org | ISTI Repository | CNR ExploRA
2018
Conference article
Open Access
Leveraging Smart Environments for Runtime Resources Management
Barsocchi P., Calabrò A., Lonetti F., Marchetti E., Palumbo F.
Smart environments (SE) have gained widespread attention due to their flexible integration into everyday life. Applications leveraging the smart environments rely on regular exchange of critical information and need accurate models for monitoring and controlling the SE behavior. Different rules are usually specified and centralized for correlating sensor data, as well as managing the resources and regulating the access to them, thus avoiding security flaws. In this paper, we propose a dynamic and flexible infrastructure able to perform runtime resources' management by decoupling the different levels of SE control rules. This allows to simplify their continuous updating and improvement, thus reducing the maintenance effort. The proposed solution integrates low cost wireless technologies and can be easily extended to include other possible existing equipments. A first validation of the proposed infrastructure on a case study is also presented.Source: 10th International Conference on Software Quality: Methods and Tools for Better Software and Systems (SWQD 2018), pp. 171–190, Vienna, Austria, 16-19/01/2018
DOI: 10.1007/978-3-319-71440-0_10
Metrics:
Barsocchi P., Calabrò A., Lonetti F., Marchetti E., Palumbo F.
Smart environments (SE) have gained widespread attention due to their flexible integration into everyday life. Applications leveraging the smart environments rely on regular exchange of critical information and need accurate models for monitoring and controlling the SE behavior. Different rules are usually specified and centralized for correlating sensor data, as well as managing the resources and regulating the access to them, thus avoiding security flaws. In this paper, we propose a dynamic and flexible infrastructure able to perform runtime resources' management by decoupling the different levels of SE control rules. This allows to simplify their continuous updating and improvement, thus reducing the maintenance effort. The proposed solution integrates low cost wireless technologies and can be easily extended to include other possible existing equipments. A first validation of the proposed infrastructure on a case study is also presented.Source: 10th International Conference on Software Quality: Methods and Tools for Better Software and Systems (SWQD 2018), pp. 171–190, Vienna, Austria, 16-19/01/2018
DOI: 10.1007/978-3-319-71440-0_10
Metrics:
See at:
ISTI Repository | doi.org | link.springer.com | CNR ExploRA
2018
Journal article
Open Access
A categorization scheme for software engineering conference papers and its application
Bertolino A., Calabrò A., Lonetti F., Marchetti E., Miranda B.
Background In Software Engineering (SE), conference publications have high importance both in effective communication and in academic careers. Researchers actively discuss how a paper should be organized to be accepted in mainstream conferences. Aiming This work tackles the problem of generalizing and characterizing the type of papers accepted at SE conferences. Method The paper offers a new perspective in the analysis of SE literature: a categorization scheme for SE papers is obtained by merging, extending and revising related proposals from a few existing studies. The categorization scheme is used to classify the papers accepted at three top-tier SE conferences during five years (2012-2016). Results While a broader experience is certainly needed for validation and fine-tuning, preliminary outcomes can be observed relative to what problems and topics are addressed, what types of contributions are presented and how they are validated. Conclusions The results provide insights to paper writers, paper reviewers and conference organizers in focusing their future efforts, without any intent to provide judgments or authoritative guidelines.Source: The Journal of systems and software 137 (2018): 114–129. doi:10.1016/j.jss.2017.11.048
DOI: 10.1016/j.jss.2017.11.048
Metrics:
Bertolino A., Calabrò A., Lonetti F., Marchetti E., Miranda B.
Background In Software Engineering (SE), conference publications have high importance both in effective communication and in academic careers. Researchers actively discuss how a paper should be organized to be accepted in mainstream conferences. Aiming This work tackles the problem of generalizing and characterizing the type of papers accepted at SE conferences. Method The paper offers a new perspective in the analysis of SE literature: a categorization scheme for SE papers is obtained by merging, extending and revising related proposals from a few existing studies. The categorization scheme is used to classify the papers accepted at three top-tier SE conferences during five years (2012-2016). Results While a broader experience is certainly needed for validation and fine-tuning, preliminary outcomes can be observed relative to what problems and topics are addressed, what types of contributions are presented and how they are validated. Conclusions The results provide insights to paper writers, paper reviewers and conference organizers in focusing their future efforts, without any intent to provide judgments or authoritative guidelines.Source: The Journal of systems and software 137 (2018): 114–129. doi:10.1016/j.jss.2017.11.048
DOI: 10.1016/j.jss.2017.11.048
Metrics:
See at:
ISTI Repository | Journal of Systems and Software | www.sciencedirect.com | CNR ExploRA
2018
Conference article
Closed Access
Monitoring of access control policy for refinement and improvements
Calabró A., Lonetti F., Marchetti E.
Access Control is among the most important security mechanisms to put in place in order to secure applications, and XACML is the de facto standard for defining access control policies. As systems and resource utilization evolve, access control policies become increasingly difficult to manage and update according to contextual behaviour. This paper proposes a policy monitoring infrastructure able to identify policy abnormal behaviour and prevent misuse in granting/denying further accesses. This proposal relies on coverage adequacy criteria as well as KPIs definition for assessing the most common usage behaviors and provide feedback for refinement and maintenance of the current access control policy. It integrates a flexible and adaptable event based monitoring facility for run time validation of policy execution. A first validation on an example shows the effectiveness of the proposed approach.Source: SWQD 2018: Software Quality: Methods and Tools for Better Software and Systems, pp. 17–36, Vienna, Austria, 16-19/1/2018
DOI: 10.1007/978-3-319-71440-0_2
Metrics:
Calabró A., Lonetti F., Marchetti E.
Access Control is among the most important security mechanisms to put in place in order to secure applications, and XACML is the de facto standard for defining access control policies. As systems and resource utilization evolve, access control policies become increasingly difficult to manage and update according to contextual behaviour. This paper proposes a policy monitoring infrastructure able to identify policy abnormal behaviour and prevent misuse in granting/denying further accesses. This proposal relies on coverage adequacy criteria as well as KPIs definition for assessing the most common usage behaviors and provide feedback for refinement and maintenance of the current access control policy. It integrates a flexible and adaptable event based monitoring facility for run time validation of policy execution. A first validation on an example shows the effectiveness of the proposed approach.Source: SWQD 2018: Software Quality: Methods and Tools for Better Software and Systems, pp. 17–36, Vienna, Austria, 16-19/1/2018
DOI: 10.1007/978-3-319-71440-0_2
Metrics:
See at:
doi.org | link.springer.com | CNR ExploRA