About
66
Publications
18,929
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
620
Citations
Citations since 2017
Introduction
Security of network architectures for cloud, IoT, and industrial applications
Skills and Expertise
Additional affiliations
January 2012 - October 2015
January 2001 - present
January 2001 - December 2011
Education
October 1996 - October 1999
September 1989 - July 1995
Publications
Publications (66)
The recent widespread novel network technologies for programming data planes are remarkably enhancing the customization of data packet processing. In this direction, the Programming Protocol-independent Packet Processors (P4) is envisioned as a disruptive technology, capable of configuring network devices in a highly customizable way. P4 enables ne...
In this work we demonstrate the integration of P4 enabled switches with high level AI techniques with the aim to improve efficiency and performance of DDoS detection and mitigation. Powerful ML-based strategies are adopted only when a suspicious behaviour is occurring in the network, and its activation is triggered by a coarser-grained and lightwei...
Industry 4.0 has revolutionized process innovation while facilitating and encouraging many new possibilities. The objective of Industry 4.0 is the radical enhancement of productivity, a goal that presupposes the integration of Operational Technology (OT) networks with Information Technology (IT) networks, which were hitherto isolated. This disrupti...
Network management strategies depend on a timely and accurate knowledge of the network performance measures. Among these, one of the most relevant is the delay of the links, which unfortunately is not easy to measure with accuracy, especially when considering multi-hop paths. This is a classical networking problem, for which several solutions have...
Microservices is an emerging paradigm for developing distributed systems. With their widespread adoption, more and more work investigated the relation between microservices and security. Alas, the literature on this subject does not form a well-defined corpus : it is spread over many venues and composed of contributions mainly addressing specific s...
CFP - We would like to invite you to contribute an original paper—either a
comprehensive literature review or a full research article—to the
special issue on Microservices and Security of the Journal of
Cybersecurity and Privacy (MDPI).
https://www.mdpi.com/journal/jcp/special_issues/Microservices_Security
For submission: http://susy.mdpi.com/use...
Passwords should be easy to remember, yet expiration policies mandate their frequent change. Caught in the crossfire between these conflicting requirements, users often adopt creative methods to perform slight variations over time. While easily fooling the most basic checks for similarity, these schemes lead to a substantial decrease in actual secu...
In this manuscript we present an original implementation of network management functions in the context of Software Defined Networking. We demonstrate a full integration of an artificial intelligence driven management, an SDN control plane, and a programmable data plane. Constraint Programming is used to implement a management operating system that...
Passwords should be easy to remember, yet expiration policies mandate their frequent change. Caught in the crossfire between these conflicting requirements, users often adopt creative methods to perform slight variations over time. While easily fooling the most basic checks for similarity, these schemes lead to a substantial decrease in actual secu...
New media and devices are offering huge possibilities for the enhancement and the enrichment of heritage experiences, improving the users’ involvement. In particular, tourists equipped with their mobile devices are invading cultural attractions, sharing pictures and comments (together with hashtags and geo-localized positions) on social networks. T...
Mobility is a crucial sector for the livability of urban spaces, both in terms of accessibility for people with disabilities, and in terms of enjoyability by people with different interests. The deep transformation mobility is undergoing, heading towards commoditization of the full spectrum of transportation services, can lead to efficient solution...
Mobility-as-a-Service (MaaS) applies the everything-as-a-service paradigm of Cloud Computing to transportation: a MaaS provider offers to its users the dynamic composition of solutions of different travel agencies into a single, consistent interface. Traditionally, transits and data on mobility belong to a scattered plethora of operators. Thus, we...
—Mobility as a Service (MaaS) applies the everything-as-a-service paradigm of Cloud Computing to transportation: a MaaS provider offers to its users the dynamic composition of solutions of different travel agencies into a single, consistent interface. Traditionally, transits and data on mobility belong to a scattered plethora of operators. Thus, we...
Applications supporting the independent living of people with disabilities are usually built in a monolithic fashion for a specific purpose. On the other hand, a crucial sector for the livability of urban spaces such as mobility is undergoing a deep transformation, heading towards flexible composition of standardized services. This paper shows how...
Crowdsensing is a powerful approach to collab-oratively build representations of specific aspects of reality which are of great interest for people with special needs. In this paper, we present an evolution of the classical, vertical approach to detect urban barriers and other features to later exploit this knowledge in accessible route planning. B...
Mobility as a Service (MaaS) applies the everything-as-a-service paradigm of Cloud Computing to transportation: a MaaS provider offers to its users the dynamic composition of solutions of different travel agencies into a single, consistent interface. Traditionally, transits and data on mobility belong to a scattered plethora of operators. Thus, we...
The technological compound known as Internet of Things is enabling massive transformations in many fields. In this paper, we deal with one emerging scenario, Mobility as a Service, where the interplay between technical, regulatory and social aspects is intense. We advocate the need for interdisciplinary research, taking into account the different f...
Crowdsensing is a powerful approach to build representations of specific aspects of reality which are of interest for citizens in smart cities, and in particular for people with special needs. In this work, we present an application of the microservice paradigm to create a mobility services platform. By exposing each part of the process as a micros...
Mobility as a Service takes the concept of XaaS to transportation: a MaaS provider shall merge transport options from different mobility providers, seamlessly handling the whole experience of traveling, from providing information, to travel planning, and payments handling. To effectively support the creation of a market of MaaS providers, we envisi...
Voting over the Internet is subject to a number of security requirements. Each voting scheme has its own bespoke set of assumptions to ensure these security requirements. The criticality of these assumptions depends on the election setting (e.g., how trustworthy the voting servers or the voting devices are). The consequence of this is that the secu...
This work presents an architecture to help designing and deploying smart mobility applications. The proposed solution builds on the experience already matured by the authors in different fields: crowdsourcing and sensing done by users to gather data related to urban barriers and facilities, computation of personalized paths for users with special n...
The adoption of electronic voting in political elections, notwithstanding a long history of academic studies and practical experiences, is still debated. Arguments in its favor or against it are usually rather biased, and take into account only a limited subset of the issues at stake. In particular, no study has ever tried to draw a comprehensive p...
Scientists have been studying electronic voting for 30 years, and some countries have been using it for almost 20 years. Yet, arguments in favor of its adoption or against it usually take into account only a limited subset of the issues at stake. As we show in this paper, no study has ever tried to draw a comprehensive picture of the interplay betw...
Attackers able to compromise the memory of a target machine can change its behavior and usually gain complete control over it. Despite the ingenious prevention and protection mechanisms that have been implemented in modern operating systems, memory corruption attacks still account for a big share of the security breaches afflicting software systems...
More than a decade after the first enthusiastic attempts at deploying Internet voting, there is still only a single case of continued adoption for the election of a political body. In this paper we illustrate the motivations behind the apparent failure of a process that, at a first sight, looks desirable for many reasons. We analyze the most releva...
In the recent past, the so-called “Web 2.0” became a powerful tool for decision making processes. Politicians and managers, seeking to improve participation, embraced this technology as if it simply were a new, enhanced version of theWorldWideWeb, better suited to retrieve information, opinions and feedbacks from the general public on subjects like...
In this work, we define a novel scheme for evaluating the compliance of e-voting system to technical standards. The ultimate goal of such a certification path should be guaranteeing that the tested system respects the expected outcome of an election, in terms of correctness of results, identification of voters, anonymity of ballots and other measur...
HTTPS stripping attacks leverage a combination of weak configuration choices to trick users into providing sensitive data through hijacked connections. Here we present a browser extension that helps web users to detect this kind of integrity and authenticity breaches, by extracting relevant features from the browsed pages and comparing them to refe...
In the recent past, the so-called "Web 2.0" became a powerful tool to enable various eGovernment processes, especially as a link between political bodies and citizens. Politicians and managers, seeking to improve participation, embraced this technology as if it simply were a new, enhanced version of world wide web, better suited to retrieve informa...
With regard to e-voting system certification, political bodies around the world show very different approaches, ranging from high-level recommendations on the electoral system, not providing the associated details, to procedures that describe specific controls over critical components, not framing them in a "big picture". In this work, we compare a...
The HTTPS protocol is commonly adopted to secure connections to websites, both to guarantee the server's authenticity and to protect the privacy of transmitted data. However, the computational load associated with the protocol's key exchange and encryption/decryption activities isn't negligible. Many trafficked websites must avoid using HTTPS for m...
Various technical bodies have devised methodologies to guide testers to the selection, design, and implementation of the most
appropriate security testing procedures for various contexts. Their general applicability is obviously regarded as a necessary
and positive feature, but its consequence is the need for a complex adaptation phase to the speci...
Security testing is an important step in the lifetime of both newly-designed and existing systems. Different methodologies exist to guide testers to the selection, design, and implementation of the most appropriate testing procedures for various contexts. Typically, each methodology stems from the specific needs of a particular category of actors,...
In this paper, existing sophisticated techniques can provide a deep and effective analysis to discover whether files hide a computer virus or other malware. Examples of the most effective approaches are heuristic or exhaustive static code analysis and behavior alanalysis in a sandbox environment. However, given the huge number of circulating malwar...
Multi-agent systems (MASs) are a powerful paradigm enabling effective software engineering techniques: yet, it easily lets the designer be oblivious of the emergent security problems. This can be a critical issue, especially when MASs are exploited as an infrastructure to provide secure services. This paper performs a security analysis of such a sc...
Social networks heavily rely on the concept of reputation. Some platforms implement formalized systems to express reputation, for example as a rating, but the concept is broader and very often the reputation of a user, the perceived quality of a product, the popularity of a TV show or any other subject of published information stems from a more inf...
The most common method of system administration is accessing the remote system through the network by means of some client-server protocol, giving access to a privileged service always listening on the target system. There are important security and flexibility limitations deriving from the usage of a predictable access port for such a critical app...
Remote system administration is usually performed according to the standard client–server model. However, important security and flexibility limitations, arising from the usage of a predictable access port for such a critical application, prevent a satisfactory trade-off between authentication strength and service availability. We illustrate an alt...
The influence of web-based user-interaction platforms, like forums, wikis and blogs, has extended its reach into the business sphere, where comments about products and companies can affect corporate values. Thus, guaranteeing the authenticity of the published data has become very important. In fact, these platforms have quickly become the target of...
“Hosting” represents a commonplace solution for the low-cost implementation of web sites through the efficient sharing of
the resources of a single server. The arising security problems, however, are not always easily dealt with under the Discretionary
Access Control model implemented by traditional operating systems. More robust separation between...
Most organizations show a strong interest in digital signature technology as a means for secure and authenticated document exchange, hoping that it helps reduce the paper-based transactions. The main problem posed by this technology is with the necessary public-key infrastructure, and in particular with certificate status handling. Rather than addr...
A new on-line method for efficient handling of certificates within public-key infrastructures (PKIs) is presented. The method is based on a purposely-conceived extension of the one-way accumulator (OWA) cryptographic primitive, which permits one to provide an explicit, concise, authenticated and not forgeable information about the revocation status...
The widespread use of public networks, such as the Internet, for the exchange of sensitive data, like legally valid documents and business transactions, poses severe security constraints. The approach relying on public-key certificates certainly represents a valuable solution from the viewpoint of data integrity and authentication. The effectivenes...
Public administration has shown a strong interest in digital
signature technology as a means for secure and authenticated document
exchange, hoping that it will help reduce paper-based transactions with
citizens. The main problem posed by this technology is the necessary
public-key infrastructure, and in particular certificate status
handling. This...
Three-dimensional object recognition is a fundamental prerequisite to build versatile robotic systems. This paper describes an approach to the recognition problem that exploits tactile sensing, which can be conveniently integrated into an advanced robotic end-effector. The adopted design methodology is based on the training and classification activ...
The paper addresses the problem of efficiently handling certificates within public-key infrastructures, from both the communication traffic and computational load points of view. The main state-of-the-art schemes, recently proposed from both the academic and the industrial world, are discussed and the most relevant security, timeliness and efficien...
We envision an improved social Web, in which the Trolls' disruptive power is inhibited or restricted, and the content produced by and shared among community members can gain authoritativeness. We believe that ar-gumentation theories have the potential to give a key contribution to this vision. We sketch a research path in this direction and discuss...
Projects
Project (1)
The SMAll architecture revolves around the concept of service. SMAll is not simply a collection of services and it is rather an enabler for their deployment.
The aim of this class of services is to standardize the data and the interfaces of legacy software to make them available to other services. Other, more complex services, found in the upper layers, orchestrate these basic ones to implement their behaviors, up to the very refined policies of MaaS operators and similar applications.