2023
Conference article
Open Access
Breakthroughs in testing and certification in cybersecurity: research gaps and open problems
Daoudagh S., Marchetti E.
Software and hardware systems are becoming increasingly complex and interconnected, making their testing and certification more challenging, considering cybersecurity aspects. The trustworthiness, security, and quality of these systems call for innovative approaches to testing and certifications. This paper provides an overview of some of the most promising research directions in software and hardware testing and certification in the cybersecurity area. It outlines some of the critical challenges and opportunities for future research. We discuss each approach's potential benefits and challenges, highlight some key research questions to be addressed in each area, and investigate how they can be used to promote "Full Quality - positive-sum, not zero-sum" in developing software and hardware systems.Source: ITASEC2023 - Italian Conference on CyberSecurity, Bari, Italy, 03-05/05/2023
Project(s): BIECO
, CyberSec4Europe
Daoudagh S., Marchetti E.
Software and hardware systems are becoming increasingly complex and interconnected, making their testing and certification more challenging, considering cybersecurity aspects. The trustworthiness, security, and quality of these systems call for innovative approaches to testing and certifications. This paper provides an overview of some of the most promising research directions in software and hardware testing and certification in the cybersecurity area. It outlines some of the critical challenges and opportunities for future research. We discuss each approach's potential benefits and challenges, highlight some key research questions to be addressed in each area, and investigate how they can be used to promote "Full Quality - positive-sum, not zero-sum" in developing software and hardware systems.Source: ITASEC2023 - Italian Conference on CyberSecurity, Bari, Italy, 03-05/05/2023
Project(s): BIECO
, CyberSec4Europe
See at:
ISTI Repository 
| ceur-ws.org 
| CNR ExploRA
2023
Journal article
Open Access
DAEMON: a domain-based monitoring ontology for IoT systems
Daoudagh S., Marchetti E., Calabrò A., Ferrada F., Oliveira A. I., Barata J., Peres R., Marques F.
Context: Internet of Things (IoT) is an emerging technology used in several contexts and domains. Objective: The work aims to define a technological reference solution specifically conceived for monitoring and assessing the behavior of IoT systems from the cybersecurity perspective when a new device or component joins the system. Method: We leverage semantic web technologies, such as ontologies, for defining DAEMON, a domain-based ontology that formally models monitoring, IoT, and System of Systems (SoS) domains' knowledge. We also propose a supporting architecture and describe the proof-of-concept implementing different components. Results and Conclusion: We have validated and showcased our proposal by instantiating DAEMON into a multi-robot autonomous navigation scenario applied to the intralogistics domain.Source: SN computer science (Online) 4 (2023). doi:10.1007/S42979-023-01975-Y
DOI: 10.1007/s42979-023-01975-y
Project(s): BIECO
Metrics:
Daoudagh S., Marchetti E., Calabrò A., Ferrada F., Oliveira A. I., Barata J., Peres R., Marques F.
Context: Internet of Things (IoT) is an emerging technology used in several contexts and domains. Objective: The work aims to define a technological reference solution specifically conceived for monitoring and assessing the behavior of IoT systems from the cybersecurity perspective when a new device or component joins the system. Method: We leverage semantic web technologies, such as ontologies, for defining DAEMON, a domain-based ontology that formally models monitoring, IoT, and System of Systems (SoS) domains' knowledge. We also propose a supporting architecture and describe the proof-of-concept implementing different components. Results and Conclusion: We have validated and showcased our proposal by instantiating DAEMON into a multi-robot autonomous navigation scenario applied to the intralogistics domain.Source: SN computer science (Online) 4 (2023). doi:10.1007/S42979-023-01975-Y
DOI: 10.1007/s42979-023-01975-y
Project(s): BIECO
Metrics:
See at:
SN Computer Science | ISTI Repository | CNR ExploRA
2023
Journal article
Open Access
Cobot protocol customisation manager - PLuME
Calabrò A., Marchetti E.
Making cobot safety protocols closer to a cookbook than to methodologies: Let users implement protocols without overhead in knowledge and understanding of the procedures.Source: ERCIM news online edition 132 (2023): 14–15.
Calabrò A., Marchetti E.
Making cobot safety protocols closer to a cookbook than to methodologies: Let users implement protocols without overhead in knowledge and understanding of the procedures.Source: ERCIM news online edition 132 (2023): 14–15.
See at:
ercim-news.ercim.eu | ISTI Repository | CNR ExploRA
2023
Conference article
Embargo
Collaborative network 5.0: by design human values and human-centred based extended collaborative networks
Marchetti E., Nikghadam-Hojjati S., Barata J.
Collaborative Networks (CNs) as a new discipline play an important part in the continuing digital transformation of business and services, taking advantage of Information and Communication Technology's growing sociability and usability qualities to enable and improve partnership that results in competitive solutions. While CNs could get benefit from technological development, it could inherit its disadvantages, through violation of human-centeredness and human values. Recently proposed Collaborative Networks 4.0 addressed some of these issues in three-dimensional CNs. However, while the 4th generation of CNs putting ethics and intelligent autonomous systems into account, it does not assume "by design" approach in implementation of these characteristics as an obligation. It also overlooks the generation of communication technologies such as Extended Reality. The current article by introducing the four-dimensional, human-centred, human-value based, 5th generation of CNs aimed to cover the previous generations of CNs' constraints in dealing with society 5.0's challenges.Source: PRO-VE 2023 - 24th IFIP WG 5.5 Working Conference on Virtual Enterprises, pp. 415–430, Valencia, Spain, 27-29/09/2023
DOI: 10.1007/978-3-031-42622-3_29
Project(s): BIECO
Metrics:
Marchetti E., Nikghadam-Hojjati S., Barata J.
Collaborative Networks (CNs) as a new discipline play an important part in the continuing digital transformation of business and services, taking advantage of Information and Communication Technology's growing sociability and usability qualities to enable and improve partnership that results in competitive solutions. While CNs could get benefit from technological development, it could inherit its disadvantages, through violation of human-centeredness and human values. Recently proposed Collaborative Networks 4.0 addressed some of these issues in three-dimensional CNs. However, while the 4th generation of CNs putting ethics and intelligent autonomous systems into account, it does not assume "by design" approach in implementation of these characteristics as an obligation. It also overlooks the generation of communication technologies such as Extended Reality. The current article by introducing the four-dimensional, human-centred, human-value based, 5th generation of CNs aimed to cover the previous generations of CNs' constraints in dealing with society 5.0's challenges.Source: PRO-VE 2023 - 24th IFIP WG 5.5 Working Conference on Virtual Enterprises, pp. 415–430, Valencia, Spain, 27-29/09/2023
DOI: 10.1007/978-3-031-42622-3_29
Project(s): BIECO
Metrics:
See at:
doi.org | link.springer.com | CNR ExploRA
2023
Conference article
Open Access
The impact of IOT cybersecurity testing in the perspective of Industry 5.0
Whaeed T., Marchetti E.
The continuous advancements in IoT (Internet of Things) have various benefits. It has opened new horizons for the industrial revolution in the 21st century. Industry 4.0 and Industry 5.0 also promote using IoT devices to build better and more productive autonomous systems. The behaviour of these complex software systems evolves as they are augmented with the physical and security of IoT devices. IoT-security security and privacy benchmark systems have recently caused a financial loss in various industrial sectors. More importantly, it has damaged the trust of people in technology and IoT systems and people's distrust towards IoT, motivating rediscovering IoT cybersecurity from a brother perspective. The paper aims to enhance security and privacy by design methodology and provides an overview of the issues and challenges in cybersecurity testing. We also proposed a Cybersecurity Testing Framework (CTF) to enhance IoT cybersecurity that will help to resolve significant security and privacy challenges related to Industry 5.0.Source: WEBIST 2023 - 19th International Conference on Web Information Systems and Technologies, pp. 480–487, Rome, Italy, 15-17/11/2023
DOI: 10.5220/0012235800003584
Metrics:
Whaeed T., Marchetti E.
The continuous advancements in IoT (Internet of Things) have various benefits. It has opened new horizons for the industrial revolution in the 21st century. Industry 4.0 and Industry 5.0 also promote using IoT devices to build better and more productive autonomous systems. The behaviour of these complex software systems evolves as they are augmented with the physical and security of IoT devices. IoT-security security and privacy benchmark systems have recently caused a financial loss in various industrial sectors. More importantly, it has damaged the trust of people in technology and IoT systems and people's distrust towards IoT, motivating rediscovering IoT cybersecurity from a brother perspective. The paper aims to enhance security and privacy by design methodology and provides an overview of the issues and challenges in cybersecurity testing. We also proposed a Cybersecurity Testing Framework (CTF) to enhance IoT cybersecurity that will help to resolve significant security and privacy challenges related to Industry 5.0.Source: WEBIST 2023 - 19th International Conference on Web Information Systems and Technologies, pp. 480–487, Rome, Italy, 15-17/11/2023
DOI: 10.5220/0012235800003584
Metrics:
See at:
ISTI Repository | www.scitepress.org | doi.org | CNR ExploRA
2022
Journal article
Open Access
A formal validation approach for XACML 3.0 access control policy
Caserio C., Lonetti F., Marchetti E.
Access control systems represent a security mechanism to regulate the access to system resources, and XACML is the standard language for specifying, storing and deploying access control policies. The verbosity and complexity of XACML syntax as well as the natural language semantics provided by the standard make the verification and testing of these policies difficult and error-prone. In the literature, analysis techniques and access control languages formalizations are provided for verifiability and testability purposes. This paper provides three contributions: it provides a comprehensive formal specification of XACML 3.0 policy elements; it leverages the existing policy coverage criteria to be suitable for XACML 3.0; and it introduces a new set of coverage criteria to better focus the testing activities on the peculiarities of XACML 3.0. The application of the proposed coverage criteria to a policy example is described, and hints for future research directions are discussed.Source: Sensors (Basel) 22 (2022). doi:10.3390/s22082984
DOI: 10.3390/s22082984
Project(s): BIECO, CyberSec4Europe
Metrics:
Caserio C., Lonetti F., Marchetti E.
Access control systems represent a security mechanism to regulate the access to system resources, and XACML is the standard language for specifying, storing and deploying access control policies. The verbosity and complexity of XACML syntax as well as the natural language semantics provided by the standard make the verification and testing of these policies difficult and error-prone. In the literature, analysis techniques and access control languages formalizations are provided for verifiability and testability purposes. This paper provides three contributions: it provides a comprehensive formal specification of XACML 3.0 policy elements; it leverages the existing policy coverage criteria to be suitable for XACML 3.0; and it introduces a new set of coverage criteria to better focus the testing activities on the peculiarities of XACML 3.0. The application of the proposed coverage criteria to a policy example is described, and hints for future research directions are discussed.Source: Sensors (Basel) 22 (2022). doi:10.3390/s22082984
DOI: 10.3390/s22082984
Project(s): BIECO
, CyberSec4Europe Metrics:
See at:
Sensors | ISTI Repository | www.mdpi.com | CNR ExploRA
2022
Conference article
Open Access
GROOT: a GDPR-based combinatorial testing approach
Daoudagh S., Marchetti E.
For replying to the strict exigencies and rules imposed by the GDPR, ICT systems are currently adopting different means for managing personal data. However, due to their critical and crucial role, effective and efficient validation methods should be applied, taking into account the peculiarity of the reference legal framework (i.e., the GDPR). In this paper, we present GROOT, a generic combinatorial testing methodology specifically conceived for assessing the GDPR compliance and its contextualization in the context of access control domain.Source: ICTSS 2021 - 33rd IFIP WG 6.1 International Conference on Testing Software Systems, pp. 210–217, London, UK, 10-11/11/2021
DOI: 10.1007/978-3-031-04673-5_17
Project(s): BIECO, CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E.
For replying to the strict exigencies and rules imposed by the GDPR, ICT systems are currently adopting different means for managing personal data. However, due to their critical and crucial role, effective and efficient validation methods should be applied, taking into account the peculiarity of the reference legal framework (i.e., the GDPR). In this paper, we present GROOT, a generic combinatorial testing methodology specifically conceived for assessing the GDPR compliance and its contextualization in the context of access control domain.Source: ICTSS 2021 - 33rd IFIP WG 6.1 International Conference on Testing Software Systems, pp. 210–217, London, UK, 10-11/11/2021
DOI: 10.1007/978-3-031-04673-5_17
Project(s): BIECO
, CyberSec4Europe Metrics:
See at:
ISTI Repository | doi.org | link.springer.com | CNR ExploRA
2022
Conference article
Open Access
Predictive simulation for building trust within service-based ecosystems
Cioroaica E., Daoudagh S., Marchetti E.
Modern vehicles extend their system components outside the typical physical body, relying on functionalities provided by off-board resources within complex digital ecosystems. Focusing on the service-based connection within automotive smart ecosystems, in this paper we present the method of predictive simulation, based on the synergistic combination of Digital Twin execution and interface-based testing approaches, used for building trust in the interactions between a safety critical system and third parties.Source: PerCom Workshops 2022 - IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events, pp. 34–37, Pisa, Italy, 21-25/03/2022
DOI: 10.1109/percomworkshops53856.2022.9767457
Project(s): BIECO
Metrics:
Cioroaica E., Daoudagh S., Marchetti E.
Modern vehicles extend their system components outside the typical physical body, relying on functionalities provided by off-board resources within complex digital ecosystems. Focusing on the service-based connection within automotive smart ecosystems, in this paper we present the method of predictive simulation, based on the synergistic combination of Digital Twin execution and interface-based testing approaches, used for building trust in the interactions between a safety critical system and third parties.Source: PerCom Workshops 2022 - IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events, pp. 34–37, Pisa, Italy, 21-25/03/2022
DOI: 10.1109/percomworkshops53856.2022.9767457
Project(s): BIECO
Metrics:
See at:
ISTI Repository | doi.org | ieeexplore.ieee.org | CNR ExploRA
2022
Conference article
Open Access
An ontology-based solution for monitoring IoT cybersecurity
Daoudagh S., Marchetti E., Calabrò A., Ferrada F., Oliveira A. I., Barata J., Peres R., Marques F.
Context: Systems of Systems (SoSs) are becoming an emerging architecture, and they are used in several daily life contexts. Objective: The aim is to define a reference environment conceived for monitoring and assessing the behavior from the cybersecurity point of view of SoS when a new IoT device is added. Method: In this paper, we propose the Domain bAsEd Monitoring ONtology (DAEMON), an ontology that formally models knowledge about monitoring and System of Systems (SoS) domains. We also conceived a reference supporting architecture, and we provided the first proof-of-concept by implementing different components. Results and Conclusion: For the feasibility purpose, we have validated our proof-of-concept in the context of the EU BIECO project by considering a Robot Navigation use-case scenario.Source: IFIPIoT 2022 - 5th IFIP International Cross-Domain Conference on Internet of Things, pp. 158–176, Amsterdam, Netherlands, 27-28/10/2022
DOI: 10.1007/978-3-031-18872-5_10
Project(s): BIECO, CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E., Calabrò A., Ferrada F., Oliveira A. I., Barata J., Peres R., Marques F.
Context: Systems of Systems (SoSs) are becoming an emerging architecture, and they are used in several daily life contexts. Objective: The aim is to define a reference environment conceived for monitoring and assessing the behavior from the cybersecurity point of view of SoS when a new IoT device is added. Method: In this paper, we propose the Domain bAsEd Monitoring ONtology (DAEMON), an ontology that formally models knowledge about monitoring and System of Systems (SoS) domains. We also conceived a reference supporting architecture, and we provided the first proof-of-concept by implementing different components. Results and Conclusion: For the feasibility purpose, we have validated our proof-of-concept in the context of the EU BIECO project by considering a Robot Navigation use-case scenario.Source: IFIPIoT 2022 - 5th IFIP International Cross-Domain Conference on Internet of Things, pp. 158–176, Amsterdam, Netherlands, 27-28/10/2022
DOI: 10.1007/978-3-031-18872-5_10
Project(s): BIECO
, CyberSec4Europe Metrics:
See at:
ISTI Repository | doi.org | link.springer.com | CNR ExploRA
2022
Conference article
Open Access
The GDPR compliance and access control systems: challenges and research opportunities
Daoudagh S., Marchetti E.
The General Data Protection Regulation (GDPR) is changing how Personal Data should be processed. Using Access Control Systems (ACSs) and their specific policies as practical means for assuring a by-design lawfully compliance with the privacy-preserving rules and provision is currently an increasingly researched topic. As a result, this newly born research field raises several research questions and paves the way for different solutions. This position paper would like to provide an overview of research challenges and questions concerning activities for analyzing, designing, implementing, and testing Access Control mechanisms (systems and policies) to guarantee compliance with the GDPR. Some possible answers to the open issues and future research directions and topics are also provided.Source: ICISSP 2022 - 8th International Conference on Information Systems Security and Privacy, pp. 571–578, Online conference, 09-11/02/2022
DOI: 10.5220/0010912300003120
Project(s): COVR, BIECO , CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E.
The General Data Protection Regulation (GDPR) is changing how Personal Data should be processed. Using Access Control Systems (ACSs) and their specific policies as practical means for assuring a by-design lawfully compliance with the privacy-preserving rules and provision is currently an increasingly researched topic. As a result, this newly born research field raises several research questions and paves the way for different solutions. This position paper would like to provide an overview of research challenges and questions concerning activities for analyzing, designing, implementing, and testing Access Control mechanisms (systems and policies) to guarantee compliance with the GDPR. Some possible answers to the open issues and future research directions and topics are also provided.Source: ICISSP 2022 - 8th International Conference on Information Systems Security and Privacy, pp. 571–578, Online conference, 09-11/02/2022
DOI: 10.5220/0010912300003120
Project(s): COVR
, BIECO , CyberSec4Europe Metrics:
See at:
doi.org | ISTI Repository | ISTI Repository | www.scitepress.org | CNR ExploRA
2022
Conference article
Open Access
Improving SAR ops using Wi-Fi and LoRa on UAV
Calabrò A., Marchetti E.
Solutions for improving Search and Rescue operations (SAR) operations are receiving increasing attention. Transponder is one of the an open-source, lightweight and low-cost solution. It installed on top of a drone, conceived for the analysis of Wi-Fi beacons or probe requests in areas without network infrastructure. It relies on LoRa communications and uses a Complex Event Processor for the enhancing and enriching data analysis and for providing first-aid information. The use of Transponder in a realistic scenario is also presented.Source: PerCom Workshops - 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events, pp. 82–84, Pisa, Italy, 21-25/03/2022
DOI: 10.1109/percomworkshops53856.2022.9767503
Metrics:
Calabrò A., Marchetti E.
Solutions for improving Search and Rescue operations (SAR) operations are receiving increasing attention. Transponder is one of the an open-source, lightweight and low-cost solution. It installed on top of a drone, conceived for the analysis of Wi-Fi beacons or probe requests in areas without network infrastructure. It relies on LoRa communications and uses a Complex Event Processor for the enhancing and enriching data analysis and for providing first-aid information. The use of Transponder in a realistic scenario is also presented.Source: PerCom Workshops - 2022 IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events, pp. 82–84, Pisa, Italy, 21-25/03/2022
DOI: 10.1109/percomworkshops53856.2022.9767503
Metrics:
See at:
ISTI Repository | doi.org | ieeexplore.ieee.org | CNR ExploRA
2021
Journal article
Open Access
COVID-19 & privacy: Enhancing of indoor localization architectures towards effective social distancing
Barsocchi P., Calabrò A., Crivello A., Daoudagh S., Furfari F., Girolami M., Marchetti E.
The way people access services in indoor environments has dramatically changed in the last year. The countermeasures to the COVID-19 pandemic imposed a disruptive requirement, namely preserving social distance among people in indoor environments. We explore in this work the possibility of adopting the indoor localization technologies to measure the distance among users in indoor environments. We discuss how information about people's contacts collected can be exploited during three stages: before, during, and after people access a service. We present a reference architecture for an Indoor Localization System (ILS), and we illustrate three representative use-cases. We derive some architectural requirements, and we discuss some issues that concretely cope with the real installation of an ILS in real-world settings. In particular, we explore the privacy and trust reputation of an ILS, the discovery phase, and the deployment of the ILS in real-world settings. We finally present an evaluation framework for assessing the performance of the architecture proposed.Source: Array 9 (2021). doi:10.1016/j.array.2020.100051
DOI: 10.1016/j.array.2020.100051
Project(s): CyberSec4Europe
Metrics:
Barsocchi P., Calabrò A., Crivello A., Daoudagh S., Furfari F., Girolami M., Marchetti E.
The way people access services in indoor environments has dramatically changed in the last year. The countermeasures to the COVID-19 pandemic imposed a disruptive requirement, namely preserving social distance among people in indoor environments. We explore in this work the possibility of adopting the indoor localization technologies to measure the distance among users in indoor environments. We discuss how information about people's contacts collected can be exploited during three stages: before, during, and after people access a service. We present a reference architecture for an Indoor Localization System (ILS), and we illustrate three representative use-cases. We derive some architectural requirements, and we discuss some issues that concretely cope with the real installation of an ILS in real-world settings. In particular, we explore the privacy and trust reputation of an ILS, the discovery phase, and the deployment of the ILS in real-world settings. We finally present an evaluation framework for assessing the performance of the architecture proposed.Source: Array 9 (2021). doi:10.1016/j.array.2020.100051
DOI: 10.1016/j.array.2020.100051
Project(s): CyberSec4Europe
Metrics:
See at:
Array | ISTI Repository | Array | www.sciencedirect.com | CNR ExploRA
2021
Conference article
Restricted
GRADUATION: a GDPR-based mutation methodology
Daoudagh S., Marchetti E.
The adoption of the General Data Protection Regulation (GDPR) is enhancing different business and research opportunities that evidence the necessity of appropriate solutions supporting specification, processing, testing, and assessing the overall (personal) data management. This paper proposes GRADUATION (GdpR-bAseD mUtATION) methodology, for mutation analysis of data protection policies test cases. The new methodology provides generic mutation operators in reference to the currently applicable EU Data Protection Regulation. The preliminary implementation of the steps involved in the GDPR-based mutants derivation is also described.Source: QUATIC 2021 - 14th International Conference on the Quality of Information and Communications Technology, pp. 311–324, Online conference, 08-10/09/2021
DOI: 10.1007/978-3-030-85347-1_23
Project(s): CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E.
The adoption of the General Data Protection Regulation (GDPR) is enhancing different business and research opportunities that evidence the necessity of appropriate solutions supporting specification, processing, testing, and assessing the overall (personal) data management. This paper proposes GRADUATION (GdpR-bAseD mUtATION) methodology, for mutation analysis of data protection policies test cases. The new methodology provides generic mutation operators in reference to the currently applicable EU Data Protection Regulation. The preliminary implementation of the steps involved in the GDPR-based mutants derivation is also described.Source: QUATIC 2021 - 14th International Conference on the Quality of Information and Communications Technology, pp. 311–324, Online conference, 08-10/09/2021
DOI: 10.1007/978-3-030-85347-1_23
Project(s): CyberSec4Europe
Metrics:
See at:
link.springer.com | link.springer.com | CNR ExploRA
2021
Conference article
Open Access
How to improve the GDPR compliance through consent management and access control
Daoudagh S., Marchetti E., Savarino V., Di Bernardo R., Alessi M.
This paper presents a privacy-by-design solution based on Consent Manager (CM) and Access Control (AC) to aid organizations to comply with the GDPR. The idea is to start from the GDPR's text, transform it into a machine-readable format through a given CM, and then convert the obtained outcome to a set of enforceable Access Control Policies (ACPs). As a result, we have defined a layered architecture that makes any given system privacy-aware, i.e., systems that are compliant by-design with the GDPR. Furthermore, we have provided a proof-of-concept by integrating a Consent Manager coming from an industrial context and an AC Manager coming from academia.Source: ICISSP 2021 - 7th International Conference on Information Systems Security and Privacy, pp. 534–541, Online conference, 11-13/02/2021
DOI: 10.5220/0010260205340541
Project(s): CyberSec4Europe
Metrics:
Daoudagh S., Marchetti E., Savarino V., Di Bernardo R., Alessi M.
This paper presents a privacy-by-design solution based on Consent Manager (CM) and Access Control (AC) to aid organizations to comply with the GDPR. The idea is to start from the GDPR's text, transform it into a machine-readable format through a given CM, and then convert the obtained outcome to a set of enforceable Access Control Policies (ACPs). As a result, we have defined a layered architecture that makes any given system privacy-aware, i.e., systems that are compliant by-design with the GDPR. Furthermore, we have provided a proof-of-concept by integrating a Consent Manager coming from an industrial context and an AC Manager coming from academia.Source: ICISSP 2021 - 7th International Conference on Information Systems Security and Privacy, pp. 534–541, Online conference, 11-13/02/2021
DOI: 10.5220/0010260205340541
Project(s): CyberSec4Europe
Metrics:
See at:
doi.org | ISTI Repository | www.scitepress.org | www.scopus.com | CNR ExploRA
2021
Journal article
Open Access
Data protection by design in the context of smart cities: a consent and access control proposal
Daoudagh S, Marchetti E., Savarino V., Bernal Bernabe J., Garcia Rodriguez J., Torres Moreno R., Martinez J. A., Skarmeta A. F.
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.Source: Sensors (Basel) 21 (2021). doi:10.3390/s21217154
DOI: 10.3390/s21217154
Project(s): CyberSec4Europe
Metrics:
Daoudagh S, Marchetti E., Savarino V., Bernal Bernabe J., Garcia Rodriguez J., Torres Moreno R., Martinez J. A., Skarmeta A. F.
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.Source: Sensors (Basel) 21 (2021). doi:10.3390/s21217154
DOI: 10.3390/s21217154
Project(s): CyberSec4Europe
Metrics:
See at:
Sensors | ISTI Repository | Sensors | Sensors | CNR ExploRA
2021
Conference article
Embargo
BIECO runtime auditing framework
Calabrò A., Cioroaica E., Daoudagh S., Marchetti E.
Context: Within digital ecosystems avoiding the propagation of security and trust violations among interconnected parties is a mandatory requirement, especially when a new device, a software component, or a system component is integrated within the ecosystem. Objective: The aim is to define an auditing framework able to assess and evaluate the specific functional and non-functional properties of the ecosystems and their components. Method: In this paper, we present the concept of predictive simulation and runtime monitoring for detecting malicious behavior of ecosystem components. Results and Conclusion: We defined a reference architecture allowing the automation of the auditing process for the runtime behavior verification of ecosystems and their components. Validation of the proposal with real use-cases is part of the future BIECO's activities.Source: CISIS 2021 and ICEUTE 2021 - 14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational, pp. 181–191, Bilbao, Spain, 22-24/09/2021
DOI: 10.1007/978-3-030-87872-6_18
Project(s): BIECO
Metrics:
Calabrò A., Cioroaica E., Daoudagh S., Marchetti E.
Context: Within digital ecosystems avoiding the propagation of security and trust violations among interconnected parties is a mandatory requirement, especially when a new device, a software component, or a system component is integrated within the ecosystem. Objective: The aim is to define an auditing framework able to assess and evaluate the specific functional and non-functional properties of the ecosystems and their components. Method: In this paper, we present the concept of predictive simulation and runtime monitoring for detecting malicious behavior of ecosystem components. Results and Conclusion: We defined a reference architecture allowing the automation of the auditing process for the runtime behavior verification of ecosystems and their components. Validation of the proposal with real use-cases is part of the future BIECO's activities.Source: CISIS 2021 and ICEUTE 2021 - 14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational, pp. 181–191, Bilbao, Spain, 22-24/09/2021
DOI: 10.1007/978-3-030-87872-6_18
Project(s): BIECO
Metrics:
See at:
link.springer.com | link.springer.com | CNR ExploRA
2021
Conference article
Open Access
MENTORS: Monitoring Environment for System of Systems
Calabrò A., Daoudagh S., Marchetti E.
Context: Systems Of Systems (SoSs) are becoming a widespread emerging architecture, and they are used in several daily life contexts. Therefore, when a new device is integrated into an existing SoS, facilities able to efficaciously assess and prevent anomalous and dangerous situations are necessary. Objective: The aim is to define a reference environment conceived for monitoring and assessing the behavior of SoS when a new device is added. Method: In this paper, we present MENTORS, a monitoring environment for SoS. MENTORS is based on semantic web technologies to formally represent SoS and Monitoring knowledge through a core ontology, called MONTOLOGY. Results and Conclusion: We defined the conceptual model of MENTORS, which is composed of two phases: Off-line and On-line, supported by a reference architecture that allows its (semi-)automation. Validation of the proposal with real use-cases is part of future activities.Source: WEBIST 2021 - 17th International Conference on Web Information Systems and Technologies, pp. 291–298, Online conference, 26-28/10/2021
DOI: 10.5220/0010658900003058
Project(s): BIECO, CyberSec4Europe
Metrics:
Calabrò A., Daoudagh S., Marchetti E.
Context: Systems Of Systems (SoSs) are becoming a widespread emerging architecture, and they are used in several daily life contexts. Therefore, when a new device is integrated into an existing SoS, facilities able to efficaciously assess and prevent anomalous and dangerous situations are necessary. Objective: The aim is to define a reference environment conceived for monitoring and assessing the behavior of SoS when a new device is added. Method: In this paper, we present MENTORS, a monitoring environment for SoS. MENTORS is based on semantic web technologies to formally represent SoS and Monitoring knowledge through a core ontology, called MONTOLOGY. Results and Conclusion: We defined the conceptual model of MENTORS, which is composed of two phases: Off-line and On-line, supported by a reference architecture that allows its (semi-)automation. Validation of the proposal with real use-cases is part of future activities.Source: WEBIST 2021 - 17th International Conference on Web Information Systems and Technologies, pp. 291–298, Online conference, 26-28/10/2021
DOI: 10.5220/0010658900003058
Project(s): BIECO
, CyberSec4Europe Metrics:
See at:
ISTI Repository | www.scitepress.org | CNR ExploRA
2021
Conference article
Restricted
Bridging trust in runtime open evaluation scenarios
Cioroaica E., Buhnova B., Marchetti E., Schneider D., Kuhn T.
Solutions to specific challenges within software engineering activities can greatly benefit from human creativity. For example, evidence of trust derived from creative virtual evaluation scenarios can support the trust assurance of fast-paced runtime adaptation of intelligent behavior. Following this vision, in this paper, we introduce a methodological and architectural concept that interplays creative and social aspects of gaming into software engineering activities, more precisely into a virtual evaluation of system behavior. A particular trait of the introduced concept is that it reinforces cooperation between technological and social intelligence.Source: MEDI 2021 International Workshops: DETECT, SIAS, CSMML, BIOC, HEDA, pp. 112–120, Tallinn, Estonia, June 21-23, 2021
DOI: 10.1007/978-3-030-87657-9_9
Project(s): BIECO
Metrics:
Cioroaica E., Buhnova B., Marchetti E., Schneider D., Kuhn T.
Solutions to specific challenges within software engineering activities can greatly benefit from human creativity. For example, evidence of trust derived from creative virtual evaluation scenarios can support the trust assurance of fast-paced runtime adaptation of intelligent behavior. Following this vision, in this paper, we introduce a methodological and architectural concept that interplays creative and social aspects of gaming into software engineering activities, more precisely into a virtual evaluation of system behavior. A particular trait of the introduced concept is that it reinforces cooperation between technological and social intelligence.Source: MEDI 2021 International Workshops: DETECT, SIAS, CSMML, BIOC, HEDA, pp. 112–120, Tallinn, Estonia, June 21-23, 2021
DOI: 10.1007/978-3-030-87657-9_9
Project(s): BIECO
Metrics:
See at:
Communications in Computer and Information Science | link.springer.com | CNR ExploRA
2020
Conference article
Restricted
A Framework for the Validation of Access Control Systems
Daoudagh S., Lonetti F., Marchetti E.
In modern pervasive applications, it is important to validate Access Control (AC) mechanisms that are usually defined by means of the XACML standard. Mutation analysis has been applied on Access Control Policies (ACPs) for measuring the adequacy of a test suite. This paper provides an automatic framework for realizing mutations of the code of the Policy Decision Point (PDP) that is a critical component in AC systems. The proposed framework allows the test strategies assessment and the analysis of test data by leveraging mutation-based approaches. We show how to instantiate the proposed framework and provide also some examples of its application.Source: Emerging Technologies for Authorization and Authentication. ETAA 2019, pp. 35–51, Luxembourg City, Luxembourg, 27/09/2019
DOI: 10.1007/978-3-030-39749-4_3
Project(s): CyberSec4Europe
Metrics:
Daoudagh S., Lonetti F., Marchetti E.
In modern pervasive applications, it is important to validate Access Control (AC) mechanisms that are usually defined by means of the XACML standard. Mutation analysis has been applied on Access Control Policies (ACPs) for measuring the adequacy of a test suite. This paper provides an automatic framework for realizing mutations of the code of the Policy Decision Point (PDP) that is a critical component in AC systems. The proposed framework allows the test strategies assessment and the analysis of test data by leveraging mutation-based approaches. We show how to instantiate the proposed framework and provide also some examples of its application.Source: Emerging Technologies for Authorization and Authentication. ETAA 2019, pp. 35–51, Luxembourg City, Luxembourg, 27/09/2019
DOI: 10.1007/978-3-030-39749-4_3
Project(s): CyberSec4Europe
Metrics:
See at:
Lecture Notes in Computer Science | link.springer.com | CNR ExploRA
2020
Conference article
Open Access
A life cycle for authorization systems development in the GDPR perspective
Said D., Marchetti E.
The General Data Protection Regulation (GDPR) defines the principle of Integrity and Confidentiality, and implicitly calls for the adoption of authorization systems for regulating the access to personal data. We present here a process development life cycle for the specification, deployment and testing of authorization systems. The life cycle targets legal aspects, such as the data usage purpose, the user consent and the data retention period. We also present its preliminary architecture where available solutions for extracting, implementing and testing the data protection regulation are integrated. The objective is to propose for the first time a unique improved solution for addressing different aspects of the GDPR development and enforcement along all the life cycle phases.Source: 4th Italian Conference on Cyber Security, ITASEC 2020, Ancona, Italy, 05-07/02/2020
Project(s): CyberSec4Europe
Said D., Marchetti E.
The General Data Protection Regulation (GDPR) defines the principle of Integrity and Confidentiality, and implicitly calls for the adoption of authorization systems for regulating the access to personal data. We present here a process development life cycle for the specification, deployment and testing of authorization systems. The life cycle targets legal aspects, such as the data usage purpose, the user consent and the data retention period. We also present its preliminary architecture where available solutions for extracting, implementing and testing the data protection regulation are integrated. The objective is to propose for the first time a unique improved solution for addressing different aspects of the GDPR development and enforcement along all the life cycle phases.Source: 4th Italian Conference on Cyber Security, ITASEC 2020, Ancona, Italy, 05-07/02/2020
Project(s): CyberSec4Europe
See at:
ceur-ws.org | ISTI Repository | CNR ExploRA