Publications

Distributed UCON in CoAP and MQTT Protocols
[27/Sep/2019]

The Internet of Things (IoT) is playing a key role in consumer and business environments. Due to the sensitivity of the information IoT devices collect and share, and the potential impact a data breach can have in people's lives, securing communication and access to data in IoT has become a critical feature. Multiple application layer protocols are used nowadays in IoT, with the Constrained Application Protocol (CoAP) and the Message Queue Telemetry Transport (MQTT) being two of the most widely popular.

Authors: 
Daniel Bastos (ESR 11)
Andrea Saracino
Fabio Martinelli
Author (ESR): 
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)

Using IFTTT to Express and Enforce UCON Obligations
[26/Nov/2019]

If This Then That (IFTTT) is a free and widely used web-based platform where it is possible to create applet chains (Applets) of simple conditional statements that combine different web and smart services. In this paper we propose a methodology to express Usage Control (UCON) obligations in such a way that they can contain valid data in order to trigger such applet chains.

Authors: 
Antonio La Marra
Fabio Martinelli
Paolo Mori
Andrea Saracino
Author (ESR): 
Athanasios Rizos (Consiglio Nazionale Delle Ricerche)

A scheme for the sticky policy representation supporting secure Cyber-Threat Intelligence analysis and sharing

The paper proposes a STIX-based data representation for privacy-preserving data analysis, to report format and semantics of specific data types, and to represent sticky policies in the format of embedded human-readable DSAs. More specifically, we exploit and extend the STIX standard, to represent in a structured way analysis-ready pieces of data and the attached privacy policies. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation.

Authors: 
Oleksii Osliak
Fabio Martinelli
Andrea Saracino
Author (ESR): 
Oleksii Osliak (Consiglio Nazionale Delle Ricerche)

An Analysis of Trust in Smart Home Devices
[21/Aug/2019]

In recent times, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. These devices are intrinsically intrusive, being able to access user’s personal information.There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices. Improper trust assumptions and security controls can lead to unauthorized access of the devices,which can have severe consequences (i.e. safety risks). In this paper, we analysed the behaviour of smart home devices with respect to trust relationships.

Authors: 
Davide Ferraris (ESR3)
Daniel Bastos (ESR11)
Carmen Fernandez-Gago
Fadi El-Moussa
Javier Lopez
Author (ESR): 
Davide Ferraris (Universidad De Malaga)

Extended Reality in IoT scenarios: Concepts, Applications and Future Trends
[12/Jun/2019]

The multiple branches of Extended Reality (XR) are pioneering new ways to interact with digital content, both in real and virtual worlds. The Internet of Things (IoT) is also pioneering new real-world scenarios and use cases by taking advantage of sensed data and automation. These technologies are bridging the gap between the real world and the digital world.

Authors: 
Daniel Bastos
Tiago Andrade
Author (ESR): 
Daniel Bastos (British Telecommunications Public Limited Company)

Cloud for IoT - A Survey of Technologies and Security Features of Public Cloud IoT Solutions
[2/May/2019]

All digital data that is produced nowadays is moving into the Cloud. Public Cloud providers offer unbeatable availability and redundancy of data in their servers, but the move to the Cloud is increasingly related to the associated services that it can provide. Internet of things devices are being deployed continuously with particular computing and storage constraints.

Authors: 
Daniel Bastos (ESR11)
Author (ESR): 
Daniel Bastos (British Telecommunications Public Limited Company)

Managing QoS in Smart Buildings Through Software Defined Network and Usage Control
[10/Mar/2019]

This work presents a framework for applying QoS in a network of a Smart Building environment, exploiting Software Defined Networks (SDN) and Usage Control (UCON) policy enforcement. The proposed framework will be presented in a plausible use case of a Smart Building where the available Internet connection provided by an Internet Service Provider will be distributed both to tenants and the devices responsible for the management and the safety of the building, taking into account different levels of QoS.

Authors: 
Fabio Martinelli
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Phylogenetic Analysis for Ransomware Detection and Classification into Families
[26/Jul/2018]

The widespread of ransomware experienced in the last years has been caused also by the ability of attackers
to introduce changes and mutations that make the malware hard to identify from antimalware software. In this
paper we propose a two-phase method based on machine learning on API-level analysis aimed (i) to effectively
detect ransomware despite the applied techniques for obfuscation and introduced variations, (ii) to provide a
tool for security analysts to track phylogenetic relationships exploiting the binary tree obtained by the classification

Authors: 
Fabio Martinelli
Francesco Mercaldo
Andrea saracino
Author (ESR): 
Christina Michailidou (Consiglio Nazionale Delle Ricerche)

Building Taxonomies based on Human-Machine Teaming: Cyber Security as an Example

Taxonomies and ontologies are handy tools in many application domains such as knowledge systematization and automatic reasoning. In the cyber security field, many researchers have proposed such taxonomies and ontologies, most of which were built based on manual work. Some researchers proposed the use of computing tools to automate the building process, but mainly on very narrow sub-areas of cyber security.

Authors: 
Mohamad Imad Mahaini
Shujun Li
Rahime Belen Sağlam
Author (ESR): 
Mohamad Imad Mahaini (University of Kent)

Pages