An Agile Approach to Validate a Formal Representation of the GDPR

By

Interdisciplinary Research Group in Socio-technical CybersecurityAn Agile Approach to Validate a Formal Representation of the GDPRCesare Bartolini, Gabriele Lenzini, Cristiana SantosAbstract:Modeling in a knowledge base of logic formulæ the articles of the GDPR enables semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the legal meaning of the … Continued

NoCry: No More Secure Encryption Keys for Cryptographic Ransomware

By

Interdisciplinary Research Group in Socio-technical CybersecurityNoCry: No More Secure Encryption Keys for Cryptographic RansomwareZiya Alper Genç, Gabriele Lenzini, Peter Y. A. RyanAbstract:Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific strategy they implement, and all have … Continued

A Game of “Cut and Mouse”: Bypassing Antivirus by Simulating User Inputs

By

Interdisciplinary Research Group in Socio-technical CybersecurityA Game of “Cut and Mouse”: Bypassing Antivirus by Simulating User InputsZiya Alper Genç, Gabriele Lenzini, Daniele Sgandurra Abstract: To protect their digital assets from malware attacks, most users and companies rely on anti-virus (AV) software. But AVs' protection is a full-time task and AVs are engaged in a cat-and-mouse … Continued

A Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption Attack

By

Interdisciplinary Research Group in Socio-technical CybersecurityA Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption AttackZiya Alper Genç, Gabriele Lenzini, Peter Y. A. Ryan, Itzel Vazquez SandovalAbstract:Password-based authentication is a widespread method to access into systems, thus password files are a valuable resource often target of attacks. To detect when a password file … Continued

A Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email

By

Interdisciplinary Research Group in Socio-technical CybersecurityA Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted EmailVazquez Sandoval Itzel, Lenzini GabrieleAbstract:To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome … Continued

Modelling of Railways Signalling System Requirements by Controlled Natural Languages: A Case Study

By

Interdisciplinary Research Group in Socio-technical CybersecurityModelling of Railways Signalling System Requirements by Controlled Natural Languages: A Case StudyGabriele Lenzini, Marinella PetrocchiAbstract:The railway sector has been a source of inspiration for generations of researchers challenged to develop models and tools to analyze safety and reliability. Threats were coming mainly from within, due to occasionally faults in … Continued

The DAta Protection REgulation COmpliance Model

By

Interdisciplinary Research Group in Socio-technical CybersecurityThe DAta Protection REgulation COmpliance ModelCesare Bartolini, Gabriele Lenzini, Livio RobaldoAbstract:Understanding whether certain technical measures comply with the General Data Protection Regulation's (GDPR's) principles is complex legal work. This article describes a model of the GDPR that allows for a semiautomatic processing of legal text and the leveraging of state-of-the-art … Continued

DaPIS: an Ontology-Based Data Protection Icon Set

By

Privacy policies are known to be impenetrable and lengthy texts that are hardly read and poorly understood. This is why GDPR introduces provisions to enhance information transparency including icons as visual means to clarify data practices.