Publications

Enhancing Usage Control for Performance: An Architecture for Systems of Systems
[3/Sep/2018]

The distributiveness and heterogeneity of today’s systems of systems, such as the Internet of Things (IoT), on-line banking systems, and contemporary emergency information systems, require the integration of access and usage control mechanisms, for managing the right of access both to the corresponding services, and the plethora of information that is generated in a daily basis. Usage Control (UCON) is such a mechanism, allowing the fine-grained policy based management of system resources, based on dynamic monitoring and evaluation of object, subject, and environmental attributes.

Authors: 
Vasileiow Gkioulos
Christina Michailidou
Paolo Mori
Andrea Saracino
Author (ESR): 
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)

Enhancing Usage Control for Performance: A Proposal for Systems of Systems
[16/Jul/2018]

Modern interconnected systems of systems, such as the Internet of Things (IoT), demand the presence of access and usage control mechanisms which will be able to manage the right of access to the corresponding services, and the plethora of information being generated in a daily basis. The Usage Control (UCON) model offers the means for fine-grained dynamic control of access to specific resources, by monitoring and evaluating the attributes defined within a dedicated security policy.

Authors: 
Vasileios Gkioulos
Christina Michailidou
Fabio Martinelli
Paolo Mori
Author (ESR): 
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)

Too Long, did not Enforce: A Qualitative Hierarchical Risk-Aware Data Usage Control Model for Complex Policies in Distributed Environments
[4/Jun/2018]

Distributed environments such as Internet of Things, have an increasing need of introducing access and usage control mechanisms, to manage the rights to perform specific operations and regulate the access to the plethora of information daily generated by these devices. Defining policies which are specific to these distributed environments could be a challenging and tedious task, mainly due to the large set of attributes that should be considered, hence the upcoming of unforeseen conflicts or unconsidered conditions.

Authors: 
Fabio Martinelli
Paolo Mori
Andrea Saracino
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Internet of Things: A Survey of Technologies and Security Risks in Smart Home and City Environments
[29/Mar/2018]

With the introduction of the Amazon Echo family and Google devices like Chromecast and Home the adoption of IoT devices in the household is bound to increase exponentially this year. While usability is at the front and centre of the experience to facilitate the adoption and use of these new devices, security and privacy are often an afterthought. As a consequence, a dangerous environment of opportunity is available for malicious actors to exploit vulnerable devices sitting in domestic houses.

Authors: 
Daniel Bastos
Mark Shackleton
Fadi El-Moussa
Author (ESR): 
Daniel Bastos (British Telecommunications Public Limited Company)

DriverAuth: Behavioral Biometric-based Driver Authentication Mechanism for On-demand Ride and Ridesharing Infrastructure
[25/Jan/2018]

On-demand ride services and the rideshare infrastructure primarily focus on the minimization of travel time and cost. However, the safety of riders is overlooked by service providers. For driver authentication, existing identity management methods typically check the driving license, which can be easily stolen, forged, or misused. Further, background checks are not performed at all; instead, social profiles and peer reviews are used to foster trust, thereby compromising the safety and security of riders.

Authors: 
Sandeep Gupta
Attaullah Buriro
Bruno Crispo
Author (ESR): 
Sandeep Gupta (Universita Degli Studi Di Trento)

Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access
[10/Jan/2018]

Smartphones are the most popular and widespread personal devices. Apart from their conventional use, i.e., calling and texting, they have also been used to perform multiple security-sensitive activities, such as online banking and shopping, social networking, taking pictures and emailing. On a positive side, smartphones have improved the quality of life by providing multiple services that users desire, e.g., anytime-anywhere computing, etc. However, on the other side, they also pose security and privacy threats to the users’ stored data.

Authors: 
Sandeep Gupta
Attaullah Buriro
Bruno Crispo
Author (ESR): 
Sandeep Gupta (Universita Degli Studi Di Trento)

DialerAuth: A Motion-assisted Touch-based Smartphone User Authentication Scheme
[21/Mar/2018]

This paper introduces DialerAuth - a mechanism which leverages the way a smartphone user taps/enters any “text-independent" 10-digit number (replicating the dialing process) and the hand’s micro-movements she makes while doing so. DialerAuth authenticates the user on the basis of timing differences in the entered 10-digit strokes. DialerAuth provides enhanced security by leveraging the transparent and unobservable layer based on another

Authors: 
Attaullah Buriro
Bruno Crispo
Filippo Del Frari
Author (ESR): 
Sandeep Gupta (Universita Degli Studi Di Trento)

Pages