161 result(s)
Page Size: 10, 20, 50
Export: bibtex, xml, json, csv
Order by:

CNR Author operator: and / or
more
Typology operator: and / or
Language operator: and / or
Date operator: and / or
more
Rights operator: and / or
2021 Journal article Open Access OPEN

COVID-19 & privacy: Enhancing of indoor localization architectures towards effective social distancing
Barsocchi P., Calabrò A., Crivello A., Daoudagh S., Furfari F., Girolami M., Marchetti E.
The way people access services in indoor environments has dramatically changed in the last year. The countermeasures to the COVID-19 pandemic imposed a disruptive requirement, namely preserving social distance among people in indoor environments. We explore in this work the possibility of adopting the indoor localization technologies to measure the distance among users in indoor environments. We discuss how information about people's contacts collected can be exploited during three stages: before, during, and after people access a service. We present a reference architecture for an Indoor Localization System (ILS), and we illustrate three representative use-cases. We derive some architectural requirements, and we discuss some issues that concretely cope with the real installation of an ILS in real-world settings. In particular, we explore the privacy and trust reputation of an ILS, the discovery phase, and the deployment of the ILS in real-world settings. We finally present an evaluation framework for assessing the performance of the architecture proposed.Source: Array 9 (2021). doi:10.1016/j.array.2020.100051
DOI: 10.1016/j.array.2020.100051
Project(s): CyberSec4Europe via OpenAIRE

See at: Array Open Access | Array Open Access | Array Open Access | Array Open Access | ISTI Repository Open Access | Array Open Access | CNR ExploRA Restricted | www.sciencedirect.com Restricted


2021 Conference article Restricted

GRADUATION: a GDPR-based mutation methodology
Daoudagh S., Marchetti E.
The adoption of the General Data Protection Regulation (GDPR) is enhancing different business and research opportunities that evidence the necessity of appropriate solutions supporting specification, processing, testing, and assessing the overall (personal) data management. This paper proposes GRADUATION (GdpR-bAseD mUtATION) methodology, for mutation analysis of data protection policies test cases. The new methodology provides generic mutation operators in reference to the currently applicable EU Data Protection Regulation. The preliminary implementation of the steps involved in the GDPR-based mutants derivation is also described.Source: QUATIC 2021 - 14th International Conference on the Quality of Information and Communications Technology, pp. 311–324, Online conference, 08-10/09/2021
DOI: 10.1007/978-3-030-85347-1_23
Project(s): CyberSec4Europe via OpenAIRE

See at: link.springer.com Restricted | link.springer.com Restricted | CNR ExploRA Restricted


2021 Conference article Open Access OPEN

How to improve the GDPR compliance through consent management and access control
Daoudagh S., Marchetti E., Savarino V., Di Bernardo R., Alessi M.
This paper presents a privacy-by-design solution based on Consent Manager (CM) and Access Control (AC) to aid organizations to comply with the GDPR. The idea is to start from the GDPR's text, transform it into a machine-readable format through a given CM, and then convert the obtained outcome to a set of enforceable Access Control Policies (ACPs). As a result, we have defined a layered architecture that makes any given system privacy-aware, i.e., systems that are compliant by-design with the GDPR. Furthermore, we have provided a proof-of-concept by integrating a Consent Manager coming from an industrial context and an AC Manager coming from academia.Source: ICISSP 2021 - 7th International Conference on Information Systems Security and Privacy, pp. 534–541, Online conference, 11-13/02/2021
DOI: 10.5220/0010260205340541
Project(s): CyberSec4Europe via OpenAIRE

See at: ISTI Repository Open Access | CNR ExploRA Open Access | www.scitepress.org Open Access | doi.org Restricted


2021 Journal article Open Access OPEN

Data protection by design in the context of smart cities: a consent and access control proposal
Daoudagh S, Marchetti E., Savarino V., Bernal Bernabe J., Garcia Rodriguez J., Torres Moreno R., Martinez J. A., Skarmeta A. F.
The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.Source: Sensors (Basel) 21 (2021). doi:10.3390/s21217154
DOI: 10.3390/s21217154
Project(s): CyberSec4Europe via OpenAIRE

See at: Sensors Open Access | ISTI Repository Open Access | CNR ExploRA Open Access | Sensors Open Access | Sensors Open Access


2021 Conference article Embargo

BIECO runtime auditing framework
Calabrò A., Cioroaica E., Daoudagh S., Marchetti E.
Context: Within digital ecosystems avoiding the propagation of security and trust violations among interconnected parties is a mandatory requirement, especially when a new device, a software component, or a system component is integrated within the ecosystem. Objective: The aim is to define an auditing framework able to assess and evaluate the specific functional and non-functional properties of the ecosystems and their components. Method: In this paper, we present the concept of predictive simulation and runtime monitoring for detecting malicious behavior of ecosystem components. Results and Conclusion: We defined a reference architecture allowing the automation of the auditing process for the runtime behavior verification of ecosystems and their components. Validation of the proposal with real use-cases is part of the future BIECO's activities.Source: CISIS 2021 and ICEUTE 2021 - 14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European Transnational Educational, pp. 181–191, Bilbao, Spain, 22-24/09/2021
DOI: 10.1007/978-3-030-87872-6_18
Project(s): BIECO via OpenAIRE

See at: link.springer.com Restricted | link.springer.com Restricted | CNR ExploRA Restricted


2021 Conference article Open Access OPEN

MENTORS: Monitoring Environment for System of Systems
Calabrò A., Daoudagh S., Marchetti E.
Context: Systems Of Systems (SoSs) are becoming a widespread emerging architecture, and they are used in several daily life contexts. Therefore, when a new device is integrated into an existing SoS, facilities able to efficaciously assess and prevent anomalous and dangerous situations are necessary. Objective: The aim is to define a reference environment conceived for monitoring and assessing the behavior of SoS when a new device is added. Method: In this paper, we present MENTORS, a monitoring environment for SoS. MENTORS is based on semantic web technologies to formally represent SoS and Monitoring knowledge through a core ontology, called MONTOLOGY. Results and Conclusion: We defined the conceptual model of MENTORS, which is composed of two phases: Off-line and On-line, supported by a reference architecture that allows its (semi-)automation. Validation of the proposal with real use-cases is part of future activities.Source: WEBIST 2021 - 17th International Conference on Web Information Systems and Technologies, pp. 291–298, Online conference, 26-28/10/2021
DOI: 10.5220/0010658900003058
Project(s): BIECO via OpenAIRE, CyberSec4Europe via OpenAIRE

See at: ISTI Repository Open Access | CNR ExploRA Open Access | www.scitepress.org Open Access


2020 Conference article Restricted

A Framework for the Validation of Access Control Systems
Daoudagh S., Lonetti F., Marchetti E.
In modern pervasive applications, it is important to validate Access Control (AC) mechanisms that are usually defined by means of the XACML standard. Mutation analysis has been applied on Access Control Policies (ACPs) for measuring the adequacy of a test suite. This paper provides an automatic framework for realizing mutations of the code of the Policy Decision Point (PDP) that is a critical component in AC systems. The proposed framework allows the test strategies assessment and the analysis of test data by leveraging mutation-based approaches. We show how to instantiate the proposed framework and provide also some examples of its application.Source: Emerging Technologies for Authorization and Authentication. ETAA 2019, pp. 35–51, Luxembourg City, Luxembourg, 27/09/2019
DOI: 10.1007/978-3-030-39749-4_3
Project(s): CyberSec4Europe via OpenAIRE

See at: academic.microsoft.com Restricted | dblp.uni-trier.de Restricted | link.springer.com Restricted | link.springer.com Restricted | link.springer.com Restricted | CNR ExploRA Restricted


2020 Conference article Open Access OPEN

A life cycle for authorization systems development in the GDPR perspective
Said D., Marchetti E.
The General Data Protection Regulation (GDPR) defines the principle of Integrity and Confidentiality, and implicitly calls for the adoption of authorization systems for regulating the access to personal data. We present here a process development life cycle for the specification, deployment and testing of authorization systems. The life cycle targets legal aspects, such as the data usage purpose, the user consent and the data retention period. We also present its preliminary architecture where available solutions for extracting, implementing and testing the data protection regulation are integrated. The objective is to propose for the first time a unique improved solution for addressing different aspects of the GDPR development and enforcement along all the life cycle phases.Source: 4th Italian Conference on Cyber Security, ITASEC 2020, Ancona, Italy, 05-07/02/2020
Project(s): CyberSec4Europe via OpenAIRE

See at: ceur-ws.org Open Access | ISTI Repository Open Access | CNR ExploRA Open Access


2020 Conference article Open Access OPEN

Assessing testing strategies for access control systems: a controlled experiment
Daoudagh S., Lonetti F., Marchetti E.
This paper presents a Controlled Experiment (CE) for assessing testing strategies in the context of Access Control (AC); more precisely, the CE is performed by considering the AC Systems (ACSs) based on the XACML Standard. We formalized the goal of the CE, and we assessed two available test cases generation strategies in terms of three metrics: Effectiveness, Size and Average Percentage Faults Detected (APFD). The experiment operation is described and the main results are analyzed.Source: 6th International Conference on Information Systems Security and Privacy, pp. 107–118, Valletta, Malta, 25-27/02/2020
DOI: 10.5220/0008974201070118
Project(s): CyberSec4Europe via OpenAIRE

See at: doi.org Open Access | ISTI Repository Open Access | CNR ExploRA Open Access | www.scitepress.org Open Access | academic.microsoft.com Restricted | dblp.uni-trier.de Restricted


2020 Conference article Open Access OPEN

Defining controlled experiments inside the access control environment
Daoudagh S., Marchetti E.
In ICT systems and modern applications access control systems are important mechanisms for managing resources and data access. Their criticality requires high security levels and consequently, the application of effective and efficient testing approaches. In this paper we propose standardized guidelines for correctly and systematically performing the testing process in order to avoid errors and improve the effectiveness of the validation. We focus in particular on Controlled Experiments, and we provide here a characterization of the first three steps of the experiment process (i.e., Scoping, Planning and Operation) by the adoption of the Goal- Question-Metric template. The specialization of the three phases is provided through a concrete example.Source: 8th International Conference on Model-Driven Engineering and Software Development, MODELSWARD 2020; Valletta, pp. 167–176, Valletta, Malta, 25-27 February, 2020
DOI: 10.5220/0009358201670176
Project(s): CyberSec4Europe via OpenAIRE

See at: ISTI Repository Open Access | CNR ExploRA Open Access | www.scitepress.org Open Access | academic.microsoft.com Restricted | dblp.uni-trier.de Restricted


2020 Journal article Open Access OPEN

XACMET: XACML Testing & Modeling: An automated model-based testing solution for access control systems
Daoudagh S., Lonetti F., Marchetti E.
In the context of access control systems, testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. In XACML-based access control systems, incoming access requests are transmitted to the policy decision point (PDP) that grants or denies the access based on the defined XACML policies. The criticality of a PDP component requires an intensive testing activity consisting in probing such a component with a set of requests and checking whether its responses grant or deny the requested access as specified in the policy. Existing approaches for improving manual derivation of test requests such as combinatorial ones do not consider policy function semantics and do not provide a verdict oracle. In this paper, we introduce XACMET, a novel approach for systematic generation of XACML requests as well as automated model-based oracle derivation. The main features of XACMET are as follows: (i) it defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation; (ii) it derives a set of test requests via full-path coverage of this graph; (iii) it derives automatically the expected verdict of a specific request execution by executing the corresponding path in such graph; (iv) it allows us to measure coverage assessment of a given test suite. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.Source: Software quality journal 28 (2020): 249–282. doi:10.1007/s11219-019-09470-5
DOI: 10.1007/s11219-019-09470-5

See at: ISTI Repository Open Access | Software Quality Journal Restricted | Software Quality Journal Restricted | link.springer.com Restricted | Software Quality Journal Restricted | Software Quality Journal Restricted | CNR ExploRA Restricted | Software Quality Journal Restricted


2020 Conference article Open Access OPEN

A privacy-by-design architecture for indoor localization systems
Barsocchi P., Calabro A., Crivello A., Daoudagh S., Furfari F., Girolami M., Marchetti E.
The availability of mobile devices has led to an arising development of indoor location services collecting a large amount of sensitive information. However, without accurate and verified management, such information could become severe back-doors for security and privacy issues. We propose in this paper a novel Location-Based Service (LBS) architecture in line with the GDPR's provisions. For feasibility purposes and considering a representative use-case, a reference implementation, based on the popular Telegram app, is also presented.Source: 13th International Conference on the Quality of Information and Communications Technology (QUATIC 2020), pp. 358–366, Faro, Portugal, September 9-11, 2020
DOI: 10.1007/978-3-030-58793-2_29
Project(s): CyberSec4Europe via OpenAIRE

See at: link-springer-com-443.webvpn.fjmu.edu.cn Open Access | CNR ExploRA Open Access | academic.microsoft.com Restricted | link.springer.com Restricted | link.springer.com Restricted


2020 Journal article Embargo

Cloud testing automation: industrial needs and ElasTest response
Bertolino A., Calabrò A., Marchetti E., Cervantes Sala A., Tunon De Hita G., Gheorghe Pop I. D., Gowtham V.
While great emphasis is given in the current literature about the potential of leveraging the cloud for testing purposes, the authors have scarce factual evidence from real-world industrial contexts about the motivations, drawbacks and benefits related to the adoption of automated cloud testing technology. In this study, the authors present an empirical study undertaken within the ongoing European Project ElasTest, which has developed an open source platform for end-to-end testing of large distributed systems. This study aims at validating the ElasTest solution, and consists of the assessment of four demonstrators belonging to different application domains, namely e-commerce, 5G networking, WebRTC and Internet of Things. For each demonstrator, they collected differing requirements, and achieved varying results, both positive and negative, showing that cloud testing needs careful assessment before adoption.Source: IET software (Print) 14 (2020): 553–562. doi:10.1049/iet-sen.2019.0140
DOI: 10.1049/iet-sen.2019.0140
Project(s): ELASTEST via OpenAIRE

See at: IET Software Restricted | IET Software Restricted | IET Software Restricted | IET Software Restricted | IET Software Restricted | IET Software Restricted | IET Software Restricted | IET Software Restricted | Fraunhofer-ePrints Restricted | CNR ExploRA Restricted


2020 Conference article Restricted

Continuous Development and Testing of Access and Usage Control: A Systematic Literature Review
Daoudagh S., Lonetti F., Marchetti E.
Context: Development and testing of access/usage control systems is a growing research area. With new trends in software development such as DevOps, the development of access/usage control also has to evolve. Objective: The main aim of this paper is to provide an overview of research proposals in the area of continuous development and testing of access and usage control systems. Method: The paper uses a Systematic Literature Review as a research method to define the research questions and answer them following a systematic approach. With the specified search string, 210 studies were retrieved. After applying the inclusion and exclusion criteria in two phases, a final set of 20 primary studies was selected for this review. Results: Results show that primary studies are mostly published in security venues followed by software engineering venues. Furthermore, most of the studies are based on the standard XACML access control language. In addition, a significant portion of the proposals for development and testing is automated with test assessment and generation the most targeted areas. Some general guidelines for leveraging continuous developing and testing of the usage and access control systems inside the DevOps process are also provided.Source: 2020 European Symposium on Software Engineering, pp. 51–59, Rome, Italy, 06-08/11/2020
DOI: 10.1145/3393822.3432330
Project(s): CyberSec4Europe via OpenAIRE

See at: academic.microsoft.com Restricted | dl.acm.org Restricted | dl.acm.org Restricted | CNR ExploRA Restricted


2020 Journal article Embargo

An automated framework for continuous development and testing of access control systems
Daoudagh S., Lonetti F., Marchetti E.
Automated testing in DevOps represents a key factor for providing fast release of new software features assuring quality delivery. In this paper, we introduce DOXAT, an automated framework for continuous development and testing of access control mechanisms based on the XACML standard. It leverages mutation analysis for the selection and assessment of the test strategies and provides automated facilities for test oracle definition, test execution, and results analysis, in order to speedup and automate the Plan, Code, Build, and Test phases of DevOps process. We show the usage of the framework during the planning and testing phases of the software development cycle of a PDP example.Source: Journal of software (Malden, Mass. Online) (2020). doi:10.1002/smr.2306
DOI: 10.1002/smr.2306
Project(s): CyberSec4Europe via OpenAIRE

See at: Journal of Software Evolution and Process Restricted | Journal of Software Evolution and Process Restricted | Journal of Software Evolution and Process Restricted | Journal of Software Evolution and Process Restricted | CNR ExploRA Restricted


2019 Conference article Open Access OPEN

A dynamic and scalable solution for improving daily life safety
Calabrò A., Marchetti E., Moroni D., Pieri G.
The integration of computation, networking, and physical processes requires regular exchange of critical information in timely and reliable fashion and a secure modeling and control engine able to rule and to coordinate all different sources of information. In this paper we provide the description of a dynamic and flexible infrastructure to be installed and applied into daily realities, able to maximize safety and security with an extremely low impact on the maintenance and the updating effort. The proposal has been conceived in collaboration with an Italian kindergarten. Preliminary results collected during simulation and testing activity are encouraging.Source: 2nd International Conference on Applications of Intelligent Systems, Las Palmas de Gran Canaria, Spain, 07-09 January 2019
DOI: 10.1145/3309772.3309796

See at: ISTI Repository Open Access | academic.microsoft.com Restricted | dblp.uni-trier.de Restricted | dl.acm.org Restricted | dl.acm.org Restricted | CNR ExploRA Restricted


2019 Journal article Open Access OPEN

A systematic review on cloud testing
Bertolino A., De Angelis G., Gallego M., García B., Gortázar F., Lonetti F., Marchetti E.
A systematic literature review is presented that surveyed the topic of cloud testing over the period 2012-2017. Cloud testing can refer either to testing cloud-based systems (testing of the cloud) or to leveraging the cloud for testing purposes (testing in the cloud): both approaches (and their combination into testing of the cloud in the cloud) have drawn research interest. An extensive paper search was conducted by both automated query of popular digital libraries and snowballing, which resulted in the final selection of 147 primary studies. Along the survey, a framework has been incrementally derived that classifies cloud testing research among six main areas and their topics. The article includes a detailed analysis of the selected primary studies to identify trends and gaps, as well as an extensive report of the state-of-the-art as it emerges by answering the identified Research Questions. We find that cloud testing is an active research field, although not all topics have received enough attention and conclude by presenting the most relevant open research challenges for each area of the classification framework.Source: ACM computing surveys 52 (2019). doi:10.1145/3331447
DOI: 10.1145/3331447
Project(s): ELASTEST via OpenAIRE

See at: ISTI Repository Open Access | ZENODO Open Access | ACM Computing Surveys Open Access | ACM Computing Surveys Restricted | ACM Computing Surveys Restricted | ACM Computing Surveys Restricted | ACM Computing Surveys Restricted | dl.acm.org Restricted | ACM Computing Surveys Restricted | ACM Computing Surveys Restricted | ACM Computing Surveys Restricted | CNR ExploRA Restricted


2019 Conference article Restricted

GDPR and business processes: an effective solution
Bartolini C., Calabró A., Marchetti E.
In the European Union, the recent update to data protection laws by virtue of the General Data Protection Regulation (GDPR) significantly changed the landscape of the processing of personal data. Consequently, adequate solutions to ensure that the controller and processor properly understand and meet the data protection requirements are needed. In enterprise reality it is quite common to use Business Process (BP) models to manage the different business activities. Hence the idea of integrating privacy concepts into BP models so as to leverage them to the role of GDPR recommenders. To this end, suggestions and recommendations about data management pursuant to GDPR provisions have been added to specific tasks of the BP, to improve both the process management and personnel learning and training. Feasibility of the proposed idea, implemented into an Eclipse plugin, has been provided through a realistic example.Source: APPIS 2019 - 2nd International Conference on Applications of Intelligent Systems, Las Palmas de Gran Canaria, Spain, 7-12 January 2019
DOI: 10.1145/3309772.3309779

See at: academic.microsoft.com Restricted | dblp.uni-trier.de Restricted | dl.acm.org Restricted | dl.acm.org Restricted | CNR ExploRA Restricted


2019 Conference article Open Access OPEN

A decentralized solution for combinatorial testing of access control engine
Daoudagh S., Lonetti F., Marchetti E.
In distributed environments, information security is a key factor and access control is an important means to guarantee confidentiality of sensitive and valuable data. In this paper, we introduce a new decentralized framework for testing of XACML-based access control engines. The proposed framework is composed of different web services and provides the following functionalities: I) generation of test cases based on combinatorial testing strategies; ii) decentralized oracle that associates the expected result to a given test case, i.e. an XACML request; and finally, iii) a GUI for interacting with the framework and providing some analysis about the expected results. A first validation confirms the efficiency of the proposed approach.Source: ICISSP 2019 - 5th International Conference on Information Systems Security and Privacy, pp. 126–135, Prague, Czech Republic, 23-25 February 2019
DOI: 10.5220/0007379401260135
Project(s): CyberSec4Europe via OpenAIRE

See at: doi.org Open Access | ISTI Repository Open Access | CNR ExploRA Open Access | www.scitepress.org Open Access | academic.microsoft.com Restricted | dblp.uni-trier.de Restricted | www.scopus.com Restricted


2019 Conference article Open Access OPEN

Enhancing business process modelling with data protection compliance: an ontology-based proposal
Bartolin C., Calabró A., Marchetti E.
The research and industrial environments are struggling to identify practical approaches to highlight the (new) duties of controllers of personal data and foster the transition of IT-based systems, services, and tools to comply with the GDPR. In this paper, we present a solution for enhancing the modelling of business processes with facilities to help evaluate the compliance with the GDPR. The proposal is based on a model describing the constituents of the data protection domain: A structured form of the legal text, an ontology of data protection concepts, and a machine-readable translation of the GDPR provisions. An example of application is also provided.Source: ICISSP 2019 - 5th International Conference on Information Systems Security and Privacy, pp. 421–428, Prague, Czech Republic, 23-25 February 2019
DOI: 10.5220/0007392304210428

See at: doi.org Open Access | ISTI Repository Open Access | CNR ExploRA Open Access | www.scitepress.org Open Access | academic.microsoft.com Restricted | dblp.uni-trier.de Restricted | www.scopus.com Restricted