Qualifying and Measuring Transparency: A Medical Data System Case Study

Interdisciplinary Research Group in Socio-technical CybersecurityQualifying and Measuring Transparency: A Medical Data System Case StudyDayana Spagnuelo, Cesare Bartolini, Gabriele LenziniAbstract:Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides practical guidance on how … Continued

Experience report: How to extract security protocols’ specifications from C libraries

Interdisciplinary Research Group in Socio-technical CybersecurityExperience report: How to extract security protocols’ specifications from C librariesItzel Vazquez Sandoval, Gabriele LenziniAbstract:Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code, and with little … Continued

A Security Analysis, and a Fix, of a Code-Corrupted Honeywords System

Interdisciplinary Research Group in Socio-technical CybersecurityA Security Analysis, and a Fix, of a Code-Corrupted Honeywords SystemGenç Ziya Alper, Lenzini Gabriele, Ryan Peter, Vazquez Sandoval ItzelAbstract:In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together with indistinguishable … Continued

Towards legal compliance by correlating Standards and Laws with a semi-automated methodology

Interdisciplinary Research Group in Socio-technical CybersecurityTowards legal compliance by correlating Standards and Laws with a semi-automated methodologyCesare Bartolini, Andra Giurgiu, Gabriele Lenzini, Livio RobaldoAbstract:Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of … Continued

Law and the software development life cycle

Interdisciplinary Research Group in Socio-technical CybersecurityLaw and the software development life cycleBartolini Cesare, Lenzini GabrieleAbstract:The increasing demand of reliable software services and the dependability that our daily personal and professional life have on them is bringing significant changes in the domain of software service engineering. One of the most revolutionary is the introduction of regulations, … Continued

Human Rights in the era of Information and Communication Technology

Interdisciplinary Research Group in Socio-technical CybersecurityHuman Rights in the era of Information and Communication TechnologyBartolini Cesare, Lenzini GabrieleAbstract:Authors:Bartolini Cesare, Lenzini GabrielePublication date:May, 2017Published in:Speeches/Talks (2017)Reference:Bartolini, C., & Lenzini, G. (2017). Human Rights in the era of Information and Communication Technology.Get in touch with us SnT - Interdisciplinary Centre for Security, Reliability and Trust Maison du … Continued

Trustworthy exams without trusted parties

Interdisciplinary Research Group in Socio-technical CybersecurityTrustworthy exams without trusted partiesGiampaolo Bella, Rosario Giustolisi, Gabriele Lenzini, Peter Y.A.RyanAbstract:Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam scandals confirm, also invigilators and authorities may pose security threats. The introduction … Continued

The Cipher, the Random and the Ransom: A Survey on Current and Future Ransomware

Interdisciplinary Research Group in Socio-technical CybersecurityThe Cipher, the Random and the Ransom: A Survey on Current and Future RansomwareGenç Ziya Alper, Lenzini Gabriele, Ryan Peter Abstract:Although conceptually not new, ransomware recently regained attraction in the cybersecurity community: notorious attacks in fact have caused serious damage, proving their disruptive effect. This is likely just the beginning … Continued

Privacy-Preserving Verifiability: A Case for an Electronic Exam Protocol

Interdisciplinary Research Group in Socio-technical CybersecurityPrivacy-Preserving Verifiability: A Case for an Electronic Exam ProtocolRosario Giustolisi, Vincenzo Iovino, Gabriele LenziniAbstract:We introduce the notion of privacy-preserving verifiability for security protocols. It holds when a protocol admits a verifiability test that does not reveal, to the verifier that runs it, more pieces of information about the protocol’s execution … Continued

From Situation Awareness to Action: An Information Security Management Toolkit for Socio-Technical Security Retrospective and Prospective Analysis

Interdisciplinary Research Group in Socio-technical CybersecurityFrom Situation Awareness to Action: An Information Security Management Toolkit for Socio-Technical Security Retrospective and Prospective AnalysisHuynen Jean-Louis, Lenzini GabrieleAbstract:Inspired by the root cause analysis procedures common in safety, we propose a methodology for a prospective and a retrospective analysis of security and a tool that implements it. When applied … Continued