Interdisciplinary Research Group in Socio-technical CybersecurityTowards legal compliance by correlating Standards and Laws with a semi-automated methodologyCesare Bartolini, Andra Giurgiu, Gabriele Lenzini, Livio RobaldoAbstract:Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityComparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for HealthcareAna Ferreira, Gabriele LenziniAbstract:In healthcare security, Role-based Access Control (RBAC) should be flexible and include capabilities such as Break-the-Glass and Delegation. The former is useful in emergencies to overcome otherwise a denial of access, the latter to transfer rights … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityHigh-fidelity spherical cholesteric liquid crystal Bragg reflectors generating unclonable patterns for secure authenticationGabriele Lenzini, Sjouke Mauw, Samir OuchaniAbstract:A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityAnalysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical SystemsGabriele Lenzini, Sjouke Mauw, Samir OuchaniAbstract:A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityMetrics for TransparencyDayana Spagnuelo, Cesare Bartolini, Gabriele LenziniAbstract:Transparency is a novel non-functional requirement for software systems. It is acclaimed to improve the quality of service since it gives users access to information concerning the system’s processes, clarifying who is responsible if something goes wrong. Thus, it is believed to support … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityTransparent Medical Data SystemsDayana Spagnuelo, Gabriele Lenzini Abstract:Transparency is described as the quality to be open about policies and practices. It is intended to inform end users of what happens to their data. It promotes good quality of service and is believed to sustain people’s demand for privacy. However, at … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityPatient-Centred Transparency Requirements for Medical Data Sharing SystemsDayana Spagnuelo, Gabriele LenziniAbstract:We compose, propose, and discuss several requirements to support transparency in Medical Data Sharing Systems. Transparency is a property that suggests openness and compliance with policies, practices, and processes employed to secure data, and it is believed to promote good … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityService security and privacy as a socio-technical problemBella Giampaolo, Curzon Paul, Lenzini GabrieleAbstract:The security and privacy of the data that users transmit, more or less deliberately, to modern services is an open problem. It is not solely limited to the actual Internet traversal, a sub-problem vastly tackled by consolidated research … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityA Secure Exam Protocol Without Trusted PartiesGiampaolo Bella, Rosario Giustolisi, Gabriele Lenzini, Peter Y. A. RyanAbstract:Relying on a trusted third party (TTP) in the design of a security protocol introduces obvious risks. Although the risks can be mitigated by distributing the trust across several parties, it still requires at least … Continued

Interdisciplinary Research Group in Socio-technical Cybersecurity4.2 Social Dynamics Metrics-Working Group ReportZinaida Benenson, Sören Bleikertz, Simon N.Foley, CarloHarpes,StewartKowalski, Gabriele Lenzini, Daniela Oliveira, Simon Parkin, Shari Lawrence Pfleeger, Paul Smith, Sven ÜbelackerAbstract:Individuals continually interact with security mechanisms when performing tasks in everyday life. These tasks may serve personal goals or work goals, be individual or shared. These … Continued