Giovanni Mazzeo

Parthenope University of Naples | Università Parthenope · Department of Engineering

The InfraStress-EU framework was defined in the context of the H2020 project InfraStress, to provide operators of sensitive industrial sites – i.e., industrial plants where dangerous substances are handled and are thus subject to the Seveso III Directive (2012/18/EU) – with a technically sound approach and an accompanying simulation tool for the pr...

Security monitoring is invariably enabled by Security Information and Event Management (SIEM) technology. A major problem with SIEM is that in house deployment and operation are costly in terms of purchase, human resources, and IT infrastructure. Managed Security Services (MSS) offerings can provide high quality security monitoring solutions at a f...

The majority of financial organizations managing confidential data are aware of security threats and leverage widely accepted solutions (e.g., storage encryption, transport-level encryption, intrusion detection systems) to prevent or detect attacks. Yet these hardening measures do little to face even worse threats posed on data-in-use. Solutions su...

The majority of financial organizations managing confidential data are aware of security threats and leverage widely accepted solutions (e.g., storage encryption, transport-level encryption, intrusion detection systems) to prevent or detect attacks. Yet these hardening measures do little to face even worse threats posed on data-in-use. Solutions su...

Background The increase of healthcare digitalization comes along with potential information security risks. Thus, the EU H2020 KONFIDO project aimed to provide a toolkit supporting secure cross-border health data exchange. Methods KONFIDO focused on the so-called “User Goals”, while also identifying barriers and facilitators regarding eHealth acce...

Intel SGX has started to be widely adopted. Cloud providers (Microsoft Azure, IBM Cloud, Alibaba Cloud) are offering new solutions, implementing data-in-use protection via SGX. A major challenge faced by both academia and industry is providing transparent SGX support to legacy applications. The approach with the highest consensus is linking the tar...

The use of pervasive IoT devices in Smart Cities, have increased the Volume of data produced in many and many field. Interesting and very useful applications grow up in number in E-health domain, where smart devices are used in order to manage huge amount of data, in highly distributed environments, in order to provide smart services able to collec...

The spread adoption of humanoid social robots in different application fields is growing the interest of hackers who could violate the privacy of people, or—even worse—threaten humans’ life from physical and emotional/social point of views. Different vectors of attack exist, which are more easily exploitable if physical access to the target robot i...

Protecting data-in-use from privileged attackers is challenging. New CPU extensions (notably: Intel SGX ) and cryptographic techniques (specifically: Homomorphic Encryption ) can guarantee privacy even in untrusted third-party systems. HE allows sensitive processing on ciphered data. However, it is affected by i) a dramatic ciphertext expansi...

A promising approach for designing critical embedded systems is based on virtualization technologies and multi-core platforms. These enable the deployment of both real-time and general-purpose systems with different criticalities in a single host. Integrating virtualization while also meeting the real-time and isolation requirements is non-trivial,...

The European Dependable Computing Conference is a unique forum for researchers and practitioners to present and discuss their latest research results on theory, techniques, systems, and tools for the design, validation, operation and evaluation of dependable and secure computing systems. In addition to original papers on research, EDCC welcomes pap...

Sensitive data processing occurs more and more on machines or devices out of users control. In the Internet of Things world, for example, the security of data could be posed at risk regardless the adopted deployment is oriented on Cloud or Edge Computing. In these systems different categories of attacks — such as physical bus sniffing, cold boot, c...

Intel SGX enables developers to protect security critical parts of their application code and data even from privileged software. This type of protection is needed in all cases where applications run on untrusted infrastructures, including public clouds. Since a significant fraction of current applications is written in Java, the research strand on...

Cyber-attacks represent a serious threat to public authorities and their agencies are an attractive target for hackers. The public sector as a whole collects lots of data on its citizens, but that data is often kept on vulnerable systems. Especially for Local Public Administrations (LPAs), protection against cyber-attacks is an extremely relevant i...

Computing power and flexibility provided by cloud technologies represent an opportunity for Smart Grid applications, in general, and for Wide Area Monitoring Systems, in particular. Even though the cloud model is considered efficient for Smart Grids, it has stringent constraints in terms of security and reliability. An attack to the integrity or co...

The European Commission is very focused on the development of possible solutions to allow effective cross-border healthcare provisioning with the aim of guaranteeing a uniform Quality of Service (QoS) level of healthcare systems across Europe. One of the most relevant efforts in this direction was the epSOS Project, with the release of the OpenNCP...

The need of reducing costs and shortening development time is resulting in a more and more pervasive use of Commercial-Off-The-Shelf components also for the development of Safety-Related systems, which traditionally relied on ad-hoc design. This technology trend exacerbates the inherent difficulty of satisfying – and certifying – the challenging sa...

The cloud computing has recently emerged as compelling paradigm for managing and delivery services over the internet. However, users as well as critical infrastructure operators, have legitimate concerns about the confidentiality, integrity and availability, in short the dependability, of applications and their data hosted on a third-party cloud. T...

This chapter presents a survey about the Internet of Things (IoT). The wide-scale diffusion of the Internet has been the driving force for this emerging trend, namely the use of such global communication infrastructure for enabling machines and smart objects to communicate, cooperate, and take decisions on real word situations. The scope of this su...

A consolidated trend in designing cloud-based applications is to make use of a reactive microservice architecture, which allows to divide an application in several well-partitioned software units with specific responsibilities. Such an architecture perfectly fits in cloud environments, ensuring a number of advantages (i.e., high availability and sc...

The micro service paradigm targets the implementation of large and scalable systems while enabling fine-grained service-level maintainability. Due to their scalability, such architectures are frequently used in cloud environments, which are often subject to privacy and trust issues hindering the deployment of services dealing with sensitive data. I...

Cloud computing paradigm is gaining more and more momentum, to the extent that it is no more confined to its initial application domains, i.e. use by enterprises and businesses willing to lower costs or to increase computing capacity in a flexible manner. In particular, increasing interest is recently being paid to the huge potentials-in terms of b...

Electronic payment systems have always represented an attractive target for cyber criminals. In this context the Single Euro Payments Area Direct Debit (SDD) service is gaining more and more importance since it has been promoted by the European banking industry as an innovative payment infrastructure. This service allows to perform electronic payme...

Many organizations are stuck in the cloudify or not to cloudify limbo, mainly due to concerns related to the security of enterprise sensitive data. Removing this barrier is a key pre-condition to fully unleash the tremendous potential of cloud computing. In this paper, we provide a comprehensive analysis of the main threats that hamper cloud comput...

Single Euro Payments Area (SEPA) is an initiative of the European banking industry aiming at making all electronic payments across the Euro area as easy as domestic payments currently are. One of the payment schemes defined by the SEPA mandate is the SEPA Direct Debit (SDD) that allows a creditor (biller) to collect directly funds from a debtor’s...