Massimiliano MasiAutostrade Per L'Italia SpA · Tecnologia e Trasformazione
Massimiliano Masi
Doctor of Philosophy
About
32
Publications
7,931
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
301
Citations
Introduction
My current research interests are on securing Operational Technology and Industrial Internet of Things by means of the application of Formal Methods to Enterprise Architectures.
Additional affiliations
December 2019 - present
Autostrade Per L'Italia SpA
Position
- CyberSecurity
Description
- IT/OT/I-IoT Security Architect.
January 2017 - January 2020
GrapevineWorld
Position
- Blockchain architect
Description
- Blockchain architect for eHealth
April 2007 - December 2019
Tiani "Spirit" GmbH
Position
- IT Security Architect
Description
- IT Security Architect. Standard writer for IHE.net. Consultant for the AT Ministry of Health and for the European Commission for Security and eHealth. Author of the Cross-Border eHealth Exchange specifications.
Education
January 2008 - February 2012
January 1998 - April 2005
Publications
Publications (32)
Risk analysis and risk management are mandatory by law in critical sectors, but also for enterprises, to comply with liability frameworks. However, a gap exists between the establishment of an organizational risk culture and the actual preparedness of organizations. The problem is twofold, as in the ongoing trend towards cyber-physical organization...
The European Commission released the documentation related to the security of Cooperative Intelligent Transport System. In particular, it has been defined a set of security levels, from testing, named L0, up to production, named L2. The intent is to regulate a fully functional system with different governance efforts for the C-ITS stakeholders. Whi...
With the diffusion of integrated design environments and tools for visual threat modeling for critical infrastructures, the concept of Digital Twin (DT) is gaining momentum in the field of cybersecurity. Its main use is for enabling attack simulations and evaluation of countermeasures, without causing outage of the physical system. However, the use...
Cooperative Intelligent Transport Systems C-ITS are considered critical infrastructure by the EU 2016/1148 and therefore require a high security posture. C-ITS are highly regulated by standards and policies. However, they are considered complex systems, involving several stakeholders in exchanging messages for assisted driving. Thus, the evaluation...
Inter-dependencies in critical industrial systems pose huge security challenges, which are tightly linked to the problems of interoperability and trustworthiness within and among those systems. In this paper, we try to establish the interconnection between these system properties in a way that allows the establishment of one property to positively...
In this work, we draft a methodology to build a cyber-security digital twin of a Smart Grid, starting from its architectural blueprint. The idea of a digital twin is not new and has recently been proposed as a means to enable simulations for the purpose of environmental protection where tests on the real system are difficult or expensive. The novel...
The problem of performing cybersecurity tests over existing industrial control systems is well-known.
Once it is deployed, a critical system cannot be made unavailable for the purpose of simulating a cyber attack and thus it is hard to introduce corrective measures based on actual test outcomes.
On the other hand, a high security posture is requir...
Electronic healthcare solutions permit interconnecting hospitals and clinics to enable sharing of electronic medical records according to interoperability and legal standards. However, healthcare record data is siloed across hospitals and data sharing processes are unsuccessful in providing accountable audit of the data. Blockchain technology has b...
The Internet of Actors (IoA) provides a complete framework to attain interoperability by design in Subject-oriented Business Process Management (S-BPM). However, at present, some important architectural concerns remain out of focus. In this paper we lay the basis to ensure critical architectural qualities by adopting an Enterprise Architecture (EA)...
As for any other Critical Infrastructure, the design and implementation of a Smart Grid shall satisfy the demand for a strong security posture, while complying with regulatory requirements and maintaining an high level of interoperability among heterogeneous components. In this paper, we provide a goal-based methodology to ensure the fulfillment of...
Provenance is the foundation of data quality, usually implemented by automatically capturing the trace of data manipulation over space and time. In healthcare, provenance becomes critical since it encompasses both clinical research and patient safety. In this proposal we aim at exploiting and innovating existing health IT deployments by enabling da...
Objective
The creation and exchange of patients’ Electronic Healthcare Records have developed significantly in the last decade. Patients’ records are however distributed in data silos across multiple healthcare facilities, posing technical and clinical challenges that may endanger patients’ safety. Current healthcare sharing systems ensure interope...
Technology management through enterprise architectures has already become a widespread practice across large enterprises. Modeling and evaluating the cybersecurity aspect of it, however, has just begun to get the needed attention. This paper presents a cybersecurity evaluation methodology developed for the reference architecture of the e-SENS proje...
Employing wireless devices, like sensors and remote controllers, in medical workflows has become the norm in healthcare treatments, substantially increasing the quality of patient care. Medical data gathered and processed by the hardware and software components continuously traverses the existing IT infrastructures ranging from hospital datacenters...
Energy Distribution Grids are considered critical infrastructure and over time, the Distribution System Operators (DSOs) have developed sophisticated engineering practices to improve their resilience in case of attacks or faults. Over the last years, due to the so called "Smart Grid" evolution, this infrastructure has become a distributed system wh...
The Energy sector and Smart Grids face great interoperability challenges, with virtual power plants (VPPs) being a major representative. In this paper, we present a methodology that automates and facilitates the design of solution architectures, producing a structured approach for building interoperable complex systems. Building on solid approaches...
Safeguarding patient safety, patient rights, and preserving trust are crucial components of providing high quality medical treatments across borders. This work presents technological improvements needed in order to address certain reliability and quality challenges towards enabling seamless care between European healthcare systems. More specificall...
Access control systems are widely used means for the protection of computing systems. They are defined in terms of access control policies regulating the accesses to system resources. In this paper, we introduce a formally-defined, fully-implemented framework for specification, analysis and enforcement of attribute-based access control policies. Th...
The Electronic Simple European Networked Services (e-SENS) project develops infrastructure for interoperability, adaptable to various EU public service domains (including e-Justice, e-Procurement, and Business Lifecycle), using the results of previous large scale pilot projects, such as e-CODEX, SPOCS, STORK, PEPPOL and the more specific to eHealth...
The Electronic Simple European Networked Services (e-SENS) project develops infrastructure for interoperability, adaptable to various EU public service domains (including e-Justice, e-Procurement, and Business Lifecycle), using the results of previous large scale pilot projects, such as e-CODEX, SPOCS, STORK, PEPPOL and the more specific to eHealth...
Seamless patient identification, as well as locating capabilities of remote services, are considered to be key enablers for large scale deployment of facilities to support the delivery of cross-border healthcare. This work highlights challenges investigated within the context of the Electronic Simple European Networked Services (e-SENS) large scale...
Policy-based software architectures are nowadays widely exploited to regulate different aspects of systems’ behavior, such as access control, resource usage, and adaptation. Several languages and technologies have been proposed as, e.g., the standard XACML. However, developing real-world systems using such approaches is still a tricky task, being t...
The importance of the exchange of Electronic Health Records (EHRs) between hospitals has been recognized by governments and institutions. Due to the sensitivity of data exchanged, only mature standards and implementations can be chosen to operate. This exchange process is of course under the control of the patient, who decides who has the rights to...
We introduce a UML-based notation for graphically modeling systems' security aspects in a simple and intuitive way and a model-driven process that transforms graphical specifications of access control policies in XACML. These XACML policies are then translated in FACPL, a policy language with a formal semantics, and the resulting policies are evalu...
The importance of the Electronic Health Record (EHR), that stores all healthcare-related data belonging to a patient, has been recognised in recent years by governments, institutions and industry. Initiatives like the Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interope...
We propose a formal account of XACML, an OASIS standard adhering to the Policy Based Access Control model for the specification and enforcement of access control policies. To clarify all ambiguous and intricate aspects of XACML, we provide it with a more manageable alternative syntax and with a solid semantic ground. This lays the basis for develop...
We report the experience gained in an e-Health project in the Gauteng province, in South Africa. A Proof-of-Concept of the project has been already installed in 3 clinics in the Sebokeng township. The project is now going to be applied to 300 clinics in the whole province. This extension of the Proof-of-Concept can however give rise to security fla...
The importance of the Electronic Health Record (EHR), which stores all healthcare-related data belonging to a patient, has been recognized in recent years by governments, institutions, and industry. Initiatives like Integrating the Healthcare Enterprise (IHE) have been developed for the definition of standard methodologies for secure and interopera...
The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions. Many large scale projects have been funded with the aim to allow healthcare professionals to consult patients data in different organizations. Concepts like interoperability, security and confidentiality are the key for the succe...
The importance of the Electronic Health Record (EHR) has been addressed in recent years by governments and institutions.Many
large scale projects have been funded with the aim to allow healthcare professionals to consult patients data. Properties
such as confidentiality, authentication and authorization are the key for the success for these project...