Massimiliano RakUniversity of Campania "Luigi Vanvitelli" · Dipartimento di Ingegneria
Massimiliano Rak
PhD
About
210
Publications
49,521
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
3,123
Citations
Introduction
Additional affiliations
November 2002 - present
Publications
Publications (210)
DevOps is becoming one of the most popular software development methodologies, especially for cloud-based applications. In spite of its popularity, it is still difficult to integrate non-functional requirements, such as security, in the full application development life-cycle. In some recent works, security DevOps (or SecDevOps) has been introduced...
Recent software development methodologies, as DevOps or Agile, are very popular and widely used, especially for the development of cloud services and applications. They dramatically reduce the time-to-market of developed software but, at the same time, they can be hardly integrated with security design and risk management methodologies. These canno...
Cloud computing is currently a thriving technology. Due to their critical nature, it is necessary to consider all kinds of intrusions and abuses that typically plague cloud environments. In order to maintain its resilient-state, a cloud system should have tools capable of detecting known and updated threats, but also unknown attacks (0-day). This p...
E-government aspires to improve the quality of public services delivery, improving efficiency, effectivity and accessibly applying IT advanced methodologies and technologies. However, there are a lot of challenges that needs to be addressed in order to enable a full adoption of state of art solution in public administration. This preliminary study...
One of the main advantages of cloud computing is elasticity, which allows to rapidly expand or reduce the amount of leased resources in order to adapt to load variations, guaranteeing the desired quality of service. Auto-scaling is an extensively studied topic. Making optimal scaling choices is of paramount importance and can help reduce leasing co...
Security assessment is a very time- and money-consuming activity. It needs specialized security skills and, furthermore, it is not fully integrated into the software development life-cycle.
One of the best solutions for the security testing of an application relies on the use of penetration testing techniques. Unfortunately, penetration testing is...
Security assessment is a very time- and money-consuming activity. It needs specialized security skills and, furthermore, it is not fully integrated into the software development life-cycle.
One of the best solutions for the security testing of an application relies on the use of penetration testing techniques. Unfortunately, penetration testing is...
This book constitutes the refereed proceedings of the 32nd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2020, which was supposed to be held in Naples, Italy, in December 2020, but was held virtually due to the COVID-19 pandemic.
The 17 regular papers and 4 short papers presented were carefully reviewed and selected fr...
The Internet of Things (IoT) has recently become one of the most relevant emerging technologies in the IT landscape. IoT systems are characterized by the high heterogeneity of involved architectural components (e.g., device platforms, services, networks, architectures) and involve a multiplicity of application domains. In the IoT scenario, the iden...
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud‐based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps fra...
The widespread diffusion of cloud computing is still slowed down by security and performance concerns. As a matter of fact, issues such as security and confidentiality of data on one hand, fluctuating performance on the other are still limiting factors for the switch from on-premise to cloud-hosted environments. This paper sketches the structure of...
Designing and assessing the security of IoT systems is very challenging, mainly due to the fact that new threats and vulnerabilities affecting IoT devices are continually discovered and published. Moreover, new (typically low-cost) devices are continuously plugged-in into IoT systems, thus introducing unpredictable security issues. This paper propo...
The large adoption of cloud services in many business domains dramatically increases the need for effective solutions to improve the security of deployed services. The adoption of Security Service Level Agreements (Security SLAs) represents an effective solution to state formally the security guarantees that a cloud service is able to provide. Even...
The term Internet of Things (IoT) is used as an umbrella that covers several topics, related to the application of technological means to monitor, measure and act upon the environment. As a result, it is difficult to determine a univocal architecture to identify as a reference and several scenarios, involving different sensors, smart devices, netwo...
Cloud monitoring and, above all, security monitoring, is of fundamental importance for both providers and consumers. The availability of effective security metrics and related monitoring tools would not only improve the trust of consumers in acquired services and the control of providers over their infrastructures, but it would also enable the adop...
Currently, an increasing number of customers require cloud services with guaranteed security levels. At this aim, the adoption of multi-cloud strategies is spreading in a large number of interesting application domains, since they may potentially improve security and reduce development costs. However, the problem of identifying the optimal distribu...
Next generation Data Centers (ngDC) provide a significant evolution how storage resources can be provisioned. They are cloud-based architectures offering flexible IT infrastructure and services through the virtualization of resources: managing in an integrated way compute, network and storage resources. Despite the multitude of benefits available w...
This white paper collects the technology solutions that the projects in the Data Protection, Security and Privacy Cluster propose to address the challenges raised by the working areas of the Free Flow of Data initiative. The document describes the technologies, methodologies, models, and tools researched and developed by the clustered projects mapp...
Cloud paradigm is currently one of the most remunerative segments of Information Technology. It has gained the interest of a very large number of corporates and organizations. However, despite the promising features, security is the major concern for businesses that want to shift their services to the cloud. On the other hand, business critical sys...
This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud applica...
The Free Flow of Data is an emerging challenge to which the European Commission is currently working on with a legislative proposal due for the end of 2016, as part of the Digital Single Market (DSM) strategy. The proposal aims at tackling unjustified “restrictions on the free movement of data” among Member States. This paper analyses a number of c...
The perception of lack of control over resources deployed in the cloud may represent one of the critical factors for an organization to decide to cloudify or not its own services. The flat security features offered by commercial cloud providers to every customer, from simple practitioners to managers of huge amounts of sensitive data and services,...
Cloud Computing is a large-set of resources and services offered through the Internet according to a on-demand self service model. In particular, the cloud elasticity allows customers to scale-up their applications in order to provide services to a larger number of end-users. The provided services are charged based on a pay-per-use business model....
Dealing with the provisioning of Cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that it is understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLO...
The future Digital Single Market (DSM) poses a number of research challenges for future years. Particularly, the DSM Initiative #14 on " Free flow of data " directly impacts on a number of security and privacy issues on (multi-)cloud-based services and cloud services. The objective of this White paper is to develop an initial map of challenges iden...
The present open access document aims to depict the map of research topics and innovations of the
projects in the Data Protection Security and Privacy in the Cloud cluster (from now on DPSP cluster for
short). The DPSP cluster includes projects and actions on Cloud partially funded by the European
Commission through the H2020-LEIT-ICT, FP7-Collabor...
Next generation Data Centers (ngDC) are the cloud-based architectures devoted to offering infrastructure
services in flexible ways: managing in an integrated way compute, network and storage services. This solution
is very attractive from an organisation’s perspective but one of the main challenges to adoption is the perception
of loss of security...
The potential of cloud computing is still underutilised in the scientific computing field. Even if clouds probably are not fit for high-end HPC applications, they could be profitably used to bring the power of low-cost and scalable parallel computing to the masses. But this requires simple and friendly development environments, able to exploit clou...
After a decade of diffusion, cloud computing has received wide acceptance, but it is not yet attractive for the HPC community. Clouds could be a cost-effective alternative to clusters and supercomputers, providing economy of scale, elasticity, flexibility, and easy customization. Unfortunately, most clouds are optimized for running business applica...
In cloud computing, possible risks linked to availability, performance and security can be mitigated by the adoption of Service Level Agreements (SLAs) formally agreed upon by cloud service providers and their users. This paper presents the design of services for the management of cloud-oriented SLAs that hinge on the use of a REST-based API. Such...
In this paper we present a monitoring architecture that is automatically configured and activated based on a signed Security SLA. Such monitoring architecture integrates different security-related monitoring tools (either developed ad-hoc or already available as open-source or commercial products) to collect measurements related to specific metrics...
The Cloud paradigm has largely been adopted in several different contexts and applied to an incredibly large set of technologies. It is an opportunity for IT users to reduce costs and increase efficiency providing an alternative way of using IT services. It represents both a technology for using computing infrastructures in a more efficient way and...
Can security be provided as-a-Service? Is it possible to cover a security service by a proper Service Level Agreement? This paper tries to reply to these questions by presenting some ongoing research activities from standardization bodies and academia, trying to cope with the open issues in the management of Security Service Level Agreement in its...
Cloud computing founds on the pay-per-use paradigm, and offers a simple way to acquire any kind of resources through an as-a-service approach. As a consequence, the cloud is currently seen as a viable and inexpensive alternative to customary parallel/distributed computing solutions, ranging from small clusters to GRIDs, which were widely used in th...
Even if clouds are not fit for high-end HPC applications, they could be profitably used to bring the power of economic and scalable parallel computing to the masses. But this requires both simple development environments, able to exploit cloud scalability, and the capability to easily predict the cost of HPC application runs. This paper presents a...
The success of the cloud computing paradigm is due to its on-demand, self-service, and pay-by-use nature. According to this paradigm, the effects of Denial of Service (DoS) attacks involve not only the quality of the delivered service, but also the service maintenance costs in terms of resource consumption. Specifically, the longer the detection de...
As the cloud paradigm gains widespread adoption, the performance evaluation and prediction of cloud applications remain daunting tasks, not yet fully accomplished. Nevertheless, reliable performance figures are the key to take the cloud to the next step, in which it will be possible to predict the maintenance cost of the applications and to introdu...
As the popularity of Cloud computing has grown during the last years, the choice of Cloud Service Provider (CSP) has become an important issue from user’s perspective. Although the Cloud users are more and more concerned about their security in the Cloud and might have some specific security requirements, currently this choice is based on requireme...
The potential of cloud computing is still underutilized in the scientific computing field. Even if clouds probably are not fit for high-end HPC applications, they could be profitably used to bring the power of economic and scalable parallel computing to the masses. But this requires simple and friendly development environments, able to exploit clou...
Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate...
Cloud computing represents an opportunity for IT users to reduce costs and increase efficiency providing an alternative way of using IT services. Elastic provisioning plays an important role by giving the possibility to get the best resources configuration that satisfies the application requirements. Even if there are many cloud providers, with a r...
The capability of making sensor infrastructures accessible by authorised users is a desirable property in many application scenarios. The integration of sensors into the cloud enables users to easily search, access, process and share large amounts of sensor data from different applications. Most of the current solutions model sensor networks as a p...
As the popularity of Cloud computing has grown during the last years, the choice of Cloud Service Provider (CSP) has become an important issue from user’s perspective. Although the Cloud users are more and more concerned about their security in the Cloud and might have some specific security requirements, currently this choice is based on requireme...
Cloud security is today considered one of the main limits to the adoption of Cloud Computing. Academic works and the Cloud community (e.g., work-groups at the European Network and Information Security Agency, ENISA) have stated that specifying security parameters in Service Level Agreements actually enables the establishment of a common semantic in...
Cloud computing is an emerging paradigm, widely adopted in distributed and business computing. Nevertheless, the biggest issue with the large adoption of cloud computing is the perception of loss of security and control over resources that are dynamically acquired in the cloud and that reside on remote providers, and the strong integration of secur...
The cloud offers attractive options to migrate corporate applications, without any implication for the corporate security manager to manage or to secure physical resources. While this ease of migration is appealing, several security issues arise: can the validity of corporate legal compliance regulations still be ensured for remote data storage? Ho...
The integration of sensing infrastructures into the Cloud gives a number of advantages in providing sensor data as a service over the Internet. Many solutions are now available in the literature, and most of them focus on modeling sensor networks as part of the infrastructure to be offered as a service (IaaS), directly managed by means of the Cloud...
The Cloud Computing paradigm has been an incredible success in the last few years. It is based on the idea of delegate to the Cloud provider every kind of resources, and let the users access them in a self-service fashion. The Cloud paradigm has largely been adopted in several different contexts and applied to an incredibly large set of technologie...
Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud Provider prospective in order to securely integrate frameworks and Infrastructures as a Services (IaaS) in a Cloud datacenter. There is no way to monitor and evaluate t...
The pay-per-use business model is one of the key factors for the success of the cloud computing paradigm: resources are acquired only when needed and charged on the basis of their actual usage. The execution of applications in the cloud implies costs that depend on the usage of the leased resources and on the resource pricing model adopted by the p...
Cloud Computing represents both a technology for using distributed computing infrastructures in a more effcient way, and a business model for renting computing services and resources. It is an opportunity for customers to reduce costs and increase effciency. Moreover, it gives to small and medium enterprises the possibility of using services and te...
A natural consequence of the pay-per-use business model of Cloud Computing is that cloud users need to evaluate and to compare different cloud providers in order to choose the best offerings in terms of trade-off between performance and cost. But at the state of the art, in cloud environments no real grants are offered by providers about the qualit...
Initially intended to support elastic and long-running Web applications, cloud computing paradigm is currently associated with a large variety of services, from infrastructure to software. In this context, the portability of the applications, based on cloud services, even only of infrastructure type, has become a challenge. To overcome this situati...