Publications

A scheme for the sticky policy representation supporting secure Cyber-Threat Intelligence analysis and sharing

The paper proposes a STIX-based data representation for privacy-preserving data analysis, to report format and semantics of specific data types, and to represent sticky policies in the format of embedded human-readable DSAs. More specifically, we exploit and extend the STIX standard, to represent in a structured way analysis-ready pieces of data and the attached privacy policies. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation.

Authors: 
Oleksii Osliak
Fabio Martinelli
Andrea Saracino
Author (ESR): 
Oleksii Osliak (Consiglio Nazionale Delle Ricerche)

An Analysis of Trust in Smart Home Devices
[21/Aug/2019]

In recent times, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. These devices are intrinsically intrusive, being able to access user’s personal information.There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices. Improper trust assumptions and security controls can lead to unauthorized access of the devices,which can have severe consequences (i.e. safety risks). In this paper, we analysed the behaviour of smart home devices with respect to trust relationships.

Authors: 
Davide Ferraris (ESR3)
Daniel Bastos (ESR11)
Carmen Fernandez-Gago
Fadi El-Moussa
Javier Lopez
Author (ESR): 
Davide Ferraris (Universidad De Malaga)

Extended Reality in IoT scenarios: Concepts, Applications and Future Trends
[12/Jun/2019]

The multiple branches of Extended Reality (XR) are pioneering new ways to interact with digital content, both in real and virtual worlds. The Internet of Things (IoT) is also pioneering new real-world scenarios and use cases by taking advantage of sensed data and automation. These technologies are bridging the gap between the real world and the digital world.

Authors: 
Daniel Bastos
Tiago Andrade
Author (ESR): 
Daniel Bastos (British Telecommunications Public Limited Company)

Cloud for IoT - A Survey of Technologies and Security Features of Public Cloud IoT Solutions
[2/May/2019]

All digital data that is produced nowadays is moving into the Cloud. Public Cloud providers offer unbeatable availability and redundancy of data in their servers, but the move to the Cloud is increasingly related to the associated services that it can provide. Internet of things devices are being deployed continuously with particular computing and storage constraints.

Authors: 
Daniel Bastos (ESR11)
Author (ESR): 
Daniel Bastos (British Telecommunications Public Limited Company)

Managing QoS in Smart Buildings Through Software Defined Network and Usage Control
[10/Mar/2019]

This work presents a framework for applying QoS in a network of a Smart Building environment, exploiting Software Defined Networks (SDN) and Usage Control (UCON) policy enforcement. The proposed framework will be presented in a plausible use case of a Smart Building where the available Internet connection provided by an Internet Service Provider will be distributed both to tenants and the devices responsible for the management and the safety of the building, taking into account different levels of QoS.

Authors: 
Fabio Martinelli
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Phylogenetic Analysis for Ransomware Detection and Classification into Families
[26/Jul/2018]

The widespread of ransomware experienced in the last years has been caused also by the ability of attackers
to introduce changes and mutations that make the malware hard to identify from antimalware software. In this
paper we propose a two-phase method based on machine learning on API-level analysis aimed (i) to effectively
detect ransomware despite the applied techniques for obfuscation and introduced variations, (ii) to provide a
tool for security analysts to track phylogenetic relationships exploiting the binary tree obtained by the classification

Authors: 
Fabio Martinelli
Francesco Mercaldo
Andrea saracino
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Building Taxonomies based on Human-Machine Teaming: Cyber Security as an Example

Taxonomies and ontologies are handy tools in many application domains such as knowledge systematization and automatic reasoning. In the cyber security field, many researchers have proposed such taxonomies and ontologies, most of which were built based on manual work. Some researchers proposed the use of computing tools to automate the building process, but mainly on very narrow sub-areas of cyber security.

Authors: 
Mohamad Imad Mahaini
Shujun Li
Rahime Belen Sağlam
Author (ESR): 
Mohamad Imad Mahaini (University of Kent)

MAL2IMAGE: Hybrid Image Transformation for Malware Classification
[1/Aug/2019]

Poster

Existing image transformation approaches (e.g. Nataraj et al. [1], Liu 2016 [2]) for malware detection only perform simple transformation methods that have not considered color encoding and pixel rendering techniques on the performance of machine learning classifiers.

Aims of the research: We propose a new approach to encode and arrange bytes from a binary file into images. These developed images contain statistical (e.g., entropy) and syntactic artifacts (e.g., strings) and their pixels are filled up using Hilbert curves.

Authors: 
Duc-Ly Vu
Nguyen Trong Kha
Fabio Massacci
Tam V. Nguyen
Phu H. Phung
Author (ESR): 
Ly Vu Duc (Universita Degli Studi Di Trento)

Pages