Interdisciplinary Research Group in Socio-technical CybersecurityA Framework to Reason about the Legal Compliance of Security StandardsBartolini Cesare, Giurgiu Andra, Lenzini Gabriele, Robaldo LivioAbstract:Achieving compliance with legal regulations is no easy task. Normally, laws state general requirements but do not provide clear parameters to determine when such requirements are met. On a different level, industrial standards … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityTowards legal compliance by correlating Standards and Laws with a semi-automated methodologyCesare Bartolini, Andra Giurgiu, Gabriele Lenzini, Livio RobaldoAbstract:Since generally legal regulations do not provide clear parameters to determine when their requirements are met, achieving legal compliance is not trivial. The adoption of standards could help create an argument of … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityComparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for HealthcareAna Ferreira, Gabriele LenziniAbstract:In healthcare security, Role-based Access Control (RBAC) should be flexible and include capabilities such as Break-the-Glass and Delegation. The former is useful in emergencies to overcome otherwise a denial of access, the latter to transfer rights … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityHigh-fidelity spherical cholesteric liquid crystal Bragg reflectors generating unclonable patterns for secure authenticationGabriele Lenzini, Sjouke Mauw, Samir OuchaniAbstract:A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityAnalysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical SystemsGabriele Lenzini, Sjouke Mauw, Samir OuchaniAbstract:A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityMetrics for TransparencyDayana Spagnuelo, Cesare Bartolini, Gabriele LenziniAbstract:Transparency is a novel non-functional requirement for software systems. It is acclaimed to improve the quality of service since it gives users access to information concerning the system’s processes, clarifying who is responsible if something goes wrong. Thus, it is believed to support … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityTransparent Medical Data SystemsDayana Spagnuelo, Gabriele Lenzini Abstract:Transparency is described as the quality to be open about policies and practices. It is intended to inform end users of what happens to their data. It promotes good quality of service and is believed to sustain people’s demand for privacy. However, at … Continued

Interdisciplinary Research Group in Socio-technical CybersecurityPatient-Centred Transparency Requirements for Medical Data Sharing SystemsDayana Spagnuelo, Gabriele LenziniAbstract:We compose, propose, and discuss several requirements to support transparency in Medical Data Sharing Systems. Transparency is a property that suggests openness and compliance with policies, practices, and processes employed to secure data, and it is believed to promote good … Continued