- Network Security, Information Security and Privacy, RFID Security and Privacy, Computer Security, Intrusion Detection Systems, Information Security, and 20 moreSemantic Computing, Complex Event Processing, Cloud Computing, VoIP/SIP/IMS, P2P/Overlay Networks, Data Mining, Machine Learning, Distributed Information Systems, Cyber Physical Systems, Smart spaces, RFID and Sensor Networks, Access Control, Cyber Security, Malware Analysis, Authentication Protocols, Ontology, Privacy, Trust, Protocols, and Securityedit
Research Interests:
It is usually the case that before a transaction can take place, some mutual trust must be established between the participants. On-line, doing so requires the exchange of some certified information about the participants. The easy... more
It is usually the case that before a transaction can take place, some mutual trust must be established between the participants. On-line, doing so requires the exchange of some certified information about the participants. The easy solution is to disclose one's identity and reveal all of one's certificates to establish such a trust relationship. However, it is clear that such
Research Interests:
Research Interests:
Research Interests:
We discuss here some of the issues that must be consideredto build evidence in an appropriate way in a public-key infrastructure (PKI). Despite the fact that one of the most recurrent motivation bypapers advocating the necessity of a PKI,... more
We discuss here some of the issues that must be consideredto build evidence in an appropriate way in a public-key infrastructure (PKI). Despite the fact that one of the most recurrent motivation bypapers advocating the necessity of a PKI, is to support electronic commerce, all the new proposals of PKIs do not define any procedure tospecify which evidence must be collected and in which form, when userscarry out a commercial transaction.
Data replication is a widely used technique for achieving fault tolerance and improved performance. With the advent of content delivery networks, it is becoming more and more frequent that data content is placed on hosts that are not... more
Data replication is a widely used technique for achieving fault tolerance and improved performance. With the advent of content delivery networks, it is becoming more and more frequent that data content is placed on hosts that are not directly controlled by the content owner, and because of this, security mechanisms to protect data integrity are necessary. In this paper we present a system architecture that allows arbitrary queries to be supported on data content replicated on untrusted servers. To prevent these servers from returning erroneous answers to client queries, we make use of a small number of trusted hosts that randomly check these answers and take corrective action whenever necessary. Additionally, our system employs an audit mechanism that guarantees that any untrusted server acting maliciously will eventually be detected and excluded from the system. 1
Abstract The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are forwarded to subscriber applications by a... more
Abstract The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are forwarded to subscriber applications by a network of brokers. Subscribers register by specifying filters that brokers match against events as part of the routing process. Brokers might be deployed on untrusted servers where malicious entities can get access to events and filters. Supporting confidentiality of events and filters in this setting is still an ...
Research Interests:
Abstract New important emerging business paradigms, such as ldquoservice virtualizationrdquo can be made easy and convenient by the use of P2P systems. In these paradigms, often the owners of the services are different (and independent)... more
Abstract New important emerging business paradigms, such as ldquoservice virtualizationrdquo can be made easy and convenient by the use of P2P systems. In these paradigms, often the owners of the services are different (and independent) from the owners of the resources used to offer such services. In comparison to centralized servers, P2P systems can conveniently offer higher availability and more bandwidth as they harness the computing and network resources of thousands of hosts in a decentralized fashion. ...
Research Interests:
The geolocation of data stored and being processed in cloud is an important issue for many organisations due to obligations that require sensitive data to reside or be processed in particular countries. In this paper we introduce an... more
The geolocation of data stored and being processed in cloud is an important issue for many organisations due to obligations that require sensitive data to reside or be processed in particular countries. In this paper we introduce an approach, named VLOC, to verify the physical location of a virtual machine on which the customer applications and data are stored. VLOC is implemented as a software which is able to estimate the geolocation of itself and notify the corresponding user if the location is unauthorised. VLOC uses a number of arbitrary web-servers as external landmarks for localisation and employs network latency measurement for distance estimation. Due to the fluctuation in the network latency, VLOC employs a machine learning technique in order to adapt itself to various network latency tolerance. Different from most of geolocation estimation approaches, VLOC is installed inside the target host (inside the cloud). VLOC does not require special hardware nor a network of trusted landmarks. The experimental results shows the accuracy of VLOC is higher than other existing approaches.
Research Interests:
ABSTRACT Energy consumption is one of the main concerns that refrain users from fully exploiting their smartphone capabilities. Guided by energy measurements on smartphones, which show that some services performed in parallel require less... more
ABSTRACT Energy consumption is one of the main concerns that refrain users from fully exploiting their smartphone capabilities. Guided by energy measurements on smartphones, which show that some services performed in parallel require less energy than their stand-alone executions, we investigate the possibility to delay some services to the time when other services have already been scheduled in such a way the total energy consumption is minimized once all services are accomplished. We define two new energy optimization problems, called Single Overlapping Pair (SOP) and Multiple Overlapping Pairs (MOP). The former assumes that a delay-tolerant service must be paired with a single pre-scheduled service, the latter that a delay-tolerant service may be paired with multiple prescheduled services. We propose new algorithms to solve both SOP and MOP optimally in polynomial time, when the set of services to be executed is known in advance. Finally, we evaluate the benefits of the energy-efficient pairing strategy via simulations on synthetic traces. The results of our preliminary experiments show a neat energy gain achievable by pairing executions, if compared to stand-alone executions. Indeed, the solution for SOP shows a 30% decrease in energy consumption, while the one for MOP shows a 70% decrease in energy demanding.
Research Interests:
ABSTRACT Smartphones are very effective tools for increasing the productivity of business users. With their increasing computational power and storage capacity, smartphones allow end users to perform several tasks and be always updated... more
ABSTRACT Smartphones are very effective tools for increasing the productivity of business users. With their increasing computational power and storage capacity, smartphones allow end users to perform several tasks and be always updated while on the move. As a consequence, end users require that their personal smartphones are connected to their work IT infrastructure. Companies are willing to support employee-owned smartphones because of the increase in productivity of their employees. However, smartphone security mechanisms have been discovered to offer very limited protection against malicious applications that can leak data stored on them. This poses a serious threat to sensitive corporate data. In this paper we present MOSES, a policy-based framework for enforcing software isolation of applications and data on the Android platform. In MOSES, it is possible to define distinct security profiles within a single smartphone. Each security profile is associated with a set of policies that control the access to applications and data. One of the main characteristics of MOSES is the dynamic switching from one security profile to another.
In this paper we propose a new biometric measure to authenticate the user of a smartphone: the movement the user performs when answering (or placing) a phone call. The biometric measure leverages features that are becoming commodities in... more
In this paper we propose a new biometric measure to authenticate the user of a smartphone: the movement the user performs when answering (or placing) a phone call. The biometric measure leverages features that are becoming commodities in new smartphones, i.e. accelerometer and orientation sensors. We argue that this new biometric measure has a unique feature. That is, it allows
Research Interests:
The capabilities of modern smartphones pave the way for a new collaborative usage of this technology. Several researchers already envisaged to use this technology for distributed sensing purposes. In particular, one of these purposes... more
The capabilities of modern smartphones pave the way for a new collaborative usage of this technology. Several researchers already envisaged to use this technology for distributed sensing purposes. In particular, one of these purposes focuses on tracing devices (people) movement. Current solutions for distributed tracing (either based on information provided by the mobile nodes, or collected by the surrounding network) have some limitations: eg accuracy, privacy, cost of deployment, and cost of operation. The aim of this paper is to ...
Research Interests:
Research Interests:
Thank-you for agreeing to act as a reviewer for the Security Protocols Workshop. Please follow these five (5) simple steps: 1 Send your position paper to the person whose name appears at the top of the list below. 2 Remove the first name... more
Thank-you for agreeing to act as a reviewer for the Security Protocols Workshop. Please follow these five (5) simple steps: 1 Send your position paper to the person whose name appears at the top of the list below. 2 Remove the first name on the list and add your own name and address at the bottom. 3 Make sixteen (16) copies of the resulting letter. 4 Choose the sixteen (16) people whom you believe should be invited to submit position papers to the workshop, and send them each one copy. 5 Within a month, you should receive ...
Research Interests:
Abstract Cloud computing has the advantage that it offers companies (virtually) unlimited data storage at attractive costs. However, it also introduces new challenges for protecting the confidentiality of the data, and the access to the... more
Abstract Cloud computing has the advantage that it offers companies (virtually) unlimited data storage at attractive costs. However, it also introduces new challenges for protecting the confidentiality of the data, and the access to the data. Sensitive data like medical records, business or governmental data cannot be stored unencrypted on the cloud. Moreover, they can be of interest to many users and different policies could apply to each. Companies need new mechanisms to query the encrypted data without revealing anything to the cloud ...
Research Interests:
Abstract The more service based applications appear in different business areas such as Location Based Services (LBS) and Field Service Management (FSM), the more important it becomes to support context-awareness in service based systems.... more
Abstract The more service based applications appear in different business areas such as Location Based Services (LBS) and Field Service Management (FSM), the more important it becomes to support context-awareness in service based systems. Exposition, collection, management and consumption of context information are the main processes to be addressed in a service based context management framework. This paper presents a framework, namely CoSCo, tackling these processes to enrich service applications with ...
Mobile and ad-hoc networks allow businesses to provide a new range of applications and services and at the same time they introduce new constraints that have important effects on the way in which security primitives must be designed. This... more
Mobile and ad-hoc networks allow businesses to provide a new range of applications and services and at the same time they introduce new constraints that have important effects on the way in which security primitives must be designed. This is challenging because it translates to a demand of richer and more flexible security primitives that often need to satisfy stricter requirements than traditional wired network scenarios. In this paper we focus on one of this primitive, namely security credentials. We present a solution that extends ...
Research Interests:
Research Interests:
More and more often, smartphones are relevant targets of civil and criminal investigations. Currently, there are several tools available to acquire forensic evidence from smartphones. Unfortunately, most of these tools require to connect... more
More and more often, smartphones are relevant targets of civil and criminal investigations. Currently, there are several tools available to acquire forensic evidence from smartphones. Unfortunately, most of these tools require to connect the smartphone under investigation through a cable to an external device, like a computer or a multimeter. Some tools even require to disassemble the chips from the smartphone board. In this paper, we propose LiveSD Forensics, an on-device live data acquisition solution, to acquire evidence from ...
Research Interests:
Abstract Software keyloggers are a fast growing class of invasive software often used to harvest confidential information. One of the main reasons for this rapid growth is the possibility for unprivileged programs running in user space to... more
Abstract Software keyloggers are a fast growing class of invasive software often used to harvest confidential information. One of the main reasons for this rapid growth is the possibility for unprivileged programs running in user space to eavesdrop and record all the keystrokes typed by the users of a system. The ability to run in unprivileged mode facilitates their implementation and distribution, but, at the same time, allows one to understand and model their behavior in detail. Leveraging this characteristic, we propose a new detection ...