Interdisciplinary Research Group in Socio-technical CybersecuritySecurity in the Shell : An Optical Physical Unclonable Function made of Shells of Cholesteric Liquid CrystalsGabriele Lenzini ; Samir Ouchani ; Peter Roenne ; Peter Y. A. Ryan ; Yong Geng ; Jan Lagerwall ; Noh JunghyunAbstract:We describe the application in security of shells of Cholesteric Liquid Crystals (ChLCs). … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityModelling Metrics for Transparency in Medical SystemsDayana Spagnuelo, Cesare Bartolini, Gabriele LenziniAbstract:Transparency, a principle advocated by the General Data Protection Regulation, is usually defined in terms of properties such as availability, auditability and accountability and for this reason it is not straightforwardly measurable. In requirement engineering, measuring a quality is … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityInsider Threats to Information Security, Digital Espionage, and Counter-IntelligenceYou Ilsun, Lenzini Gabriele, De Santis AlfredoAbstract:The papers in this special issue focus on insider threats to information security, counter-intelligence, digital espionage, cyber-security, and cryptography.Authors:You Ilsun, Lenzini Gabriele, De Santis AlfredoPublication date:June, 2017Published in:IEEE Systems JournalReference:You, I., Lenzini, G., & De Santis, … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityA Framework to Reason about the Legal Compliance of Security StandardsBartolini Cesare, Giurgiu Andra, Lenzini Gabriele, Robaldo LivioAbstract:Achieving compliance with legal regulations is no easy task. Normally, laws state general requirements but do not provide clear parameters to determine when such requirements are met. On a different level, industrial standards … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityTowards legal compliance by correlating Standards and Laws with a semi-automated methodologyCesare Bartolini, Andra Giurgiu, Gabriele Lenzini, Livio RobaldoAbstract:Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityComparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for HealthcareAna Ferreira, Gabriele LenziniAbstract:In healthcare security, Role-based Access Control (RBAC) should be flexible and include capabilities such as Break-the-Glass and Delegation. The former is useful in emergencies to overcome otherwise a denial of access, the latter to transfer rights … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityHigh-fidelity spherical cholesteric liquid crystal Bragg reflectors generating unclonable patterns for secure authenticationGabriele Lenzini, Sjouke Mauw, Samir OuchaniAbstract:A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityAnalysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical SystemsGabriele Lenzini, Sjouke Mauw, Samir OuchaniAbstract:A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityMetrics for TransparencyDayana Spagnuelo, Cesare Bartolini, Gabriele LenziniAbstract:Transparency is a novel non-functional requirement for software systems. It is acclaimed to improve the quality of service since it gives users access to information concerning the system’s processes, clarifying who is responsible if something goes wrong. Thus, it is believed to support … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityTransparent Medical Data SystemsDayana Spagnuelo, Gabriele Lenzini Abstract:Transparency is described as the quality to be open about policies and practices. It is intended to inform end users of what happens to their data. It promotes good quality of service and is believed to sustain people’s demand for privacy. However, at … Continued