Publications

Towards General scheme for Data Sharing Agreements empowering Privacy-Preserving Data Analysis of structured CTI
[3/Sep/2018]

This paper proposes an extension to the standard STIX representation for Cyber Threat Information (CTI) which couples specific data attributes with privacy-preserving conditions expressed through Data Sharing Agreements (DSA). The proposed scheme allows, in fact, to define sharing and anonymization policies in the form of a human-readable DSA, bound to the specific CTI. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation.

Authors: 
Fabio Martinelli
Oleksii Osliak
Andrea Saracino
Author (ESR): 
Oleksii Osliak (Consiglio Nazionale Delle Ricerche)

Enhancing Usage Control for Performance: A Proposal for Systems of Systems
[16/Jul/2018]

Modern interconnected systems of systems, such as the Internet of Things (IoT), demand the presence of access and usage control mechanisms which will be able to manage the right of access to the corresponding services, and the plethora of information being generated in a daily basis. The Usage Control (UCON) model offers the means for fine-grained dynamic control of access to specific resources, by monitoring and evaluating the attributes defined within a dedicated security policy.

Authors: 
Athanasios Rizos
Vasileios Gkioulos
Paolo Mori
Andrea Saracino
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Enhancing Usage Control for Performance: An Architecture for Systems of Systems
[3/Sep/2018]

The distributiveness and heterogeneity of today’s systems of systems, such as the Internet of Things (IoT), on-line banking systems, and contemporary emergency information systems, require the integration of access and usage control mechanisms, for managing the right of access both to the corresponding services, and the plethora of information that is generated in a daily basis. Usage Control (UCON) is such a mechanism, allowing the fine-grained policy based management of system resources, based on dynamic monitoring and evaluation of object, subject, and environmental attributes.

Authors: 
Athanasios Rizos
Vasileios Gkioulos
Paolo Mori
Andrea Saracino
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Enhancing Usage Control for Performance: An Architecture for Systems of Systems
[3/Sep/2018]

The distributiveness and heterogeneity of today’s systems of systems, such as the Internet of Things (IoT), on-line banking systems, and contemporary emergency information systems, require the integration of access and usage control mechanisms, for managing the right of access both to the corresponding services, and the plethora of information that is generated in a daily basis. Usage Control (UCON) is such a mechanism, allowing the fine-grained policy based management of system resources, based on dynamic monitoring and evaluation of object, subject, and environmental attributes.

Authors: 
Vasileiow Gkioulos
Christina Michailidou
Paolo Mori
Andrea Saracino
Author (ESR): 
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)

Enhancing Usage Control for Performance: A Proposal for Systems of Systems
[16/Jul/2018]

Modern interconnected systems of systems, such as the Internet of Things (IoT), demand the presence of access and usage control mechanisms which will be able to manage the right of access to the corresponding services, and the plethora of information being generated in a daily basis. The Usage Control (UCON) model offers the means for fine-grained dynamic control of access to specific resources, by monitoring and evaluating the attributes defined within a dedicated security policy.

Authors: 
Vasileios Gkioulos
Christina Michailidou
Fabio Martinelli
Paolo Mori
Author (ESR): 
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)

Too Long, did not Enforce: A Qualitative Hierarchical Risk-Aware Data Usage Control Model for Complex Policies in Distributed Environments
[4/Jun/2018]

Distributed environments such as Internet of Things, have an increasing need of introducing access and usage control mechanisms, to manage the rights to perform specific operations and regulate the access to the plethora of information daily generated by these devices. Defining policies which are specific to these distributed environments could be a challenging and tedious task, mainly due to the large set of attributes that should be considered, hence the upcoming of unforeseen conflicts or unconsidered conditions.

Authors: 
Fabio Martinelli
Paolo Mori
Andrea Saracino
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Internet of Things: A Survey of Technologies and Security Risks in Smart Home and City Environments
[29/Mar/2018]

With the introduction of the Amazon Echo family and Google devices like Chromecast and Home the adoption of IoT devices in the household is bound to increase exponentially this year. While usability is at the front and centre of the experience to facilitate the adoption and use of these new devices, security and privacy are often an afterthought. As a consequence, a dangerous environment of opportunity is available for malicious actors to exploit vulnerable devices sitting in domestic houses.

Authors: 
Daniel Bastos
Mark Shackleton
Fadi El-Moussa
Author (ESR): 
Daniel Bastos (British Telecommunications Public Limited Company)

Pages