Trustworthy exams without trusted parties

By

Interdisciplinary Research Group in Socio-technical CybersecurityTrustworthy exams without trusted partiesGiampaolo Bella, Rosario Giustolisi, Gabriele Lenzini, Peter Y.A.RyanAbstract:Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam scandals confirm, also invigilators and authorities may pose security threats. The introduction … Continued

The Cipher, the Random and the Ransom: A Survey on Current and Future Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecurityThe Cipher, the Random and the Ransom: A Survey on Current and Future RansomwareGenç Ziya Alper, Lenzini Gabriele, Ryan Peter Abstract:Although conceptually not new, ransomware recently regained attraction in the cybersecurity community: notorious attacks in fact have caused serious damage, proving their disruptive effect. This is likely just the beginning … Continued

Privacy-Preserving Verifiability: A Case for an Electronic Exam Protocol

By

Interdisciplinary Research Group in Socio-technical CybersecurityPrivacy-Preserving Verifiability: A Case for an Electronic Exam ProtocolRosario Giustolisi, Vincenzo Iovino, Gabriele LenziniAbstract:We introduce the notion of privacy-preserving verifiability for security protocols. It holds when a protocol admits a verifiability test that does not reveal, to the verifier that runs it, more pieces of information about the protocol’s execution … Continued

From Situation Awareness to Action: An Information Security Management Toolkit for Socio-Technical Security Retrospective and Prospective Analysis

By

Interdisciplinary Research Group in Socio-technical CybersecurityFrom Situation Awareness to Action: An Information Security Management Toolkit for Socio-Technical Security Retrospective and Prospective AnalysisHuynen Jean-Louis, Lenzini GabrieleAbstract:Inspired by the root cause analysis procedures common in safety, we propose a methodology for a prospective and a retrospective analysis of security and a tool that implements it. When applied … Continued

Security in the Shell : An Optical Physical Unclonable Function made of Shells of Cholesteric Liquid Crystals

By

Interdisciplinary Research Group in Socio-technical CybersecuritySecurity in the Shell : An Optical Physical Unclonable Function made of Shells of Cholesteric Liquid CrystalsGabriele Lenzini ; Samir Ouchani ; Peter Roenne ; Peter Y. A. Ryan ; Yong Geng ; Jan Lagerwall ; Noh JunghyunAbstract:We describe the application in security of shells of Cholesteric Liquid Crystals (ChLCs). … Continued

Modelling Metrics for Transparency in Medical Systems

By

Interdisciplinary Research Group in Socio-technical CybersecurityModelling Metrics for Transparency in Medical SystemsDayana Spagnuelo, Cesare Bartolini, Gabriele LenziniAbstract:Transparency, a principle advocated by the General Data Protection Regulation, is usually defined in terms of properties such as availability, auditability and accountability and for this reason it is not straightforwardly measurable. In requirement engineering, measuring a quality is … Continued

Insider Threats to Information Security, Digital Espionage, and Counter-Intelligence

By

Interdisciplinary Research Group in Socio-technical CybersecurityInsider Threats to Information Security, Digital Espionage, and Counter-IntelligenceYou Ilsun, Lenzini Gabriele, De Santis AlfredoAbstract:The papers in this special issue focus on insider threats to information security, counter-intelligence, digital espionage, cyber-security, and cryptography.Authors:You Ilsun, Lenzini Gabriele, De Santis AlfredoPublication date:June, 2017Published in:IEEE Systems JournalReference:You, I., Lenzini, G., & De Santis, … Continued

A Framework to Reason about the Legal Compliance of Security Standards

By

Interdisciplinary Research Group in Socio-technical CybersecurityA Framework to Reason about the Legal Compliance of Security StandardsBartolini Cesare, Giurgiu Andra, Lenzini Gabriele, Robaldo LivioAbstract:Achieving compliance with legal regulations is no easy task. Normally, laws state general requirements but do not provide clear parameters to determine when such requirements are met. On a different level, industrial standards … Continued

Towards legal compliance by correlating Standards and Laws with a semi-automated methodology

By

Interdisciplinary Research Group in Socio-technical CybersecurityTowards legal compliance by correlating Standards and Laws with a semi-automated methodologyCesare Bartolini, Andra Giurgiu, Gabriele Lenzini, Livio RobaldoAbstract:Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of … Continued

Comparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for Healthcare

By

Interdisciplinary Research Group in Socio-technical CybersecurityComparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for HealthcareAna Ferreira, Gabriele LenziniAbstract:In healthcare security, Role-based Access Control (RBAC) should be flexible and include capabilities such as Break-the-Glass and Delegation. The former is useful in emergencies to overcome otherwise a denial of access, the latter to transfer rights … Continued