Publications

Policy Languages and Their Suitability for Trust Negotiation
[16/Jul/2018]

Entities, such as people, companies, institutions, authorities and web sites live and exist in a conjoined world. In order to live and enjoy social benefits, entities need to share knowledge, resources and to cooperate together. The cooperation brings with it many new challenges and problems, among which one is the problem of trust. This area is also important for the Computer Science. When unfamiliar entities wish to cooperate, they do not know what to expect nor whether they can trust each other.

Authors: 
Martin Kolar, Carmen Fernandez-Gago, Javier Lopez
Author (ESR): 
Martin Kolar (Universidad De Malaga)

Towards General scheme for Data Sharing Agreements empowering Privacy-Preserving Data Analysis of structured CTI
[3/Sep/2018]

This paper proposes an extension to the standard STIX representation for Cyber Threat Information (CTI) which couples specific data attributes with privacy-preserving conditions expressed through Data Sharing Agreements (DSA). The proposed scheme allows, in fact, to define sharing and anonymization policies in the form of a human-readable DSA, bound to the specific CTI. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation.

Authors: 
Fabio Martinelli
Oleksii Osliak
Andrea Saracino
Author (ESR): 
Oleksii Osliak (Consiglio Nazionale Delle Ricerche)

Enhancing Usage Control for Performance: A Proposal for Systems of Systems
[16/Jul/2018]

Modern interconnected systems of systems, such as the Internet of Things (IoT), demand the presence of access and usage control mechanisms which will be able to manage the right of access to the corresponding services, and the plethora of information being generated in a daily basis. The Usage Control (UCON) model offers the means for fine-grained dynamic control of access to specific resources, by monitoring and evaluating the attributes defined within a dedicated security policy.

Authors: 
Athanasios Rizos
Vasileios Gkioulos
Paolo Mori
Andrea Saracino
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Enhancing Usage Control for Performance: An Architecture for Systems of Systems
[3/Sep/2018]

The distributiveness and heterogeneity of today’s systems of systems, such as the Internet of Things (IoT), on-line banking systems, and contemporary emergency information systems, require the integration of access and usage control mechanisms, for managing the right of access both to the corresponding services, and the plethora of information that is generated in a daily basis. Usage Control (UCON) is such a mechanism, allowing the fine-grained policy based management of system resources, based on dynamic monitoring and evaluation of object, subject, and environmental attributes.

Authors: 
Athanasios Rizos
Vasileios Gkioulos
Paolo Mori
Andrea Saracino
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Enhancing Usage Control for Performance: An Architecture for Systems of Systems
[3/Sep/2018]

The distributiveness and heterogeneity of today’s systems of systems, such as the Internet of Things (IoT), on-line banking systems, and contemporary emergency information systems, require the integration of access and usage control mechanisms, for managing the right of access both to the corresponding services, and the plethora of information that is generated in a daily basis. Usage Control (UCON) is such a mechanism, allowing the fine-grained policy based management of system resources, based on dynamic monitoring and evaluation of object, subject, and environmental attributes.

Authors: 
Vasileiow Gkioulos
Christina Michailidou
Paolo Mori
Andrea Saracino
Author (ESR): 
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)

Enhancing Usage Control for Performance: A Proposal for Systems of Systems
[16/Jul/2018]

Modern interconnected systems of systems, such as the Internet of Things (IoT), demand the presence of access and usage control mechanisms which will be able to manage the right of access to the corresponding services, and the plethora of information being generated in a daily basis. The Usage Control (UCON) model offers the means for fine-grained dynamic control of access to specific resources, by monitoring and evaluating the attributes defined within a dedicated security policy.

Authors: 
Vasileios Gkioulos
Christina Michailidou
Fabio Martinelli
Paolo Mori
Author (ESR): 
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)

Too Long, did not Enforce: A Qualitative Hierarchical Risk-Aware Data Usage Control Model for Complex Policies in Distributed Environments
[4/Jun/2018]

Distributed environments such as Internet of Things, have an increasing need of introducing access and usage control mechanisms, to manage the rights to perform specific operations and regulate the access to the plethora of information daily generated by these devices. Defining policies which are specific to these distributed environments could be a challenging and tedious task, mainly due to the large set of attributes that should be considered, hence the upcoming of unforeseen conflicts or unconsidered conditions.

Authors: 
Fabio Martinelli
Paolo Mori
Andrea Saracino
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Pages