Massimiliano Rak

Massimiliano Rak
Università degli Studi della Campania "Luigi Vanvitelli · Dipartimento di Ingegneria

PhD

About

210
Publications
36,448
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,628
Citations
Additional affiliations
November 2002 - present
Università degli Studi della Campania "Luigi Vanvitelli
Position
  • Professor (Assistant)

Publications

Publications (210)
Chapter
DevOps is becoming one of the most popular software development methodologies, especially for cloud-based applications. In spite of its popularity, it is still difficult to integrate non-functional requirements, such as security, in the full application development life-cycle. In some recent works, security DevOps (or SecDevOps) has been introduced...
Article
Recent software development methodologies, as DevOps or Agile, are very popular and widely used, especially for the development of cloud services and applications. They dramatically reduce the time-to-market of developed software but, at the same time, they can be hardly integrated with security design and risk management methodologies. These canno...
Chapter
Cloud computing is currently a thriving technology. Due to their critical nature, it is necessary to consider all kinds of intrusions and abuses that typically plague cloud environments. In order to maintain its resilient-state, a cloud system should have tools capable of detecting known and updated threats, but also unknown attacks (0-day). This p...
Chapter
E-government aspires to improve the quality of public services delivery, improving efficiency, effectivity and accessibly applying IT advanced methodologies and technologies. However, there are a lot of challenges that needs to be addressed in order to enable a full adoption of state of art solution in public administration. This preliminary study...
Chapter
One of the main advantages of cloud computing is elasticity, which allows to rapidly expand or reduce the amount of leased resources in order to adapt to load variations, guaranteeing the desired quality of service. Auto-scaling is an extensively studied topic. Making optimal scaling choices is of paramount importance and can help reduce leasing co...
Article
Security assessment is a very time- and money-consuming activity. It needs specialized security skills and, furthermore, it is not fully integrated into the software development life-cycle. One of the best solutions for the security testing of an application relies on the use of penetration testing techniques. Unfortunately, penetration testing is...
Article
Security assessment is a very time- and money-consuming activity. It needs specialized security skills and, furthermore, it is not fully integrated into the software development life-cycle. One of the best solutions for the security testing of an application relies on the use of penetration testing techniques. Unfortunately, penetration testing is...
Book
This book constitutes the refereed proceedings of the 32nd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2020, which was supposed to be held in Naples, Italy, in December 2020, but was held virtually due to the COVID-19 pandemic. The 17 regular papers and 4 short papers presented were carefully reviewed and selected fr...
Article
The Internet of Things (IoT) has recently become one of the most relevant emerging technologies in the IT landscape. IoT systems are characterized by the high heterogeneity of involved architectural components (e.g., device platforms, services, networks, architectures) and involve a multiplicity of application domains. In the IoT scenario, the iden...
Article
Full-text available
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and security assurance are currently two major challenges of Cloud‐based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This study presents a novel DevOps fra...
Chapter
The widespread diffusion of cloud computing is still slowed down by security and performance concerns. As a matter of fact, issues such as security and confidentiality of data on one hand, fluctuating performance on the other are still limiting factors for the switch from on-premise to cloud-hosted environments. This paper sketches the structure of...
Chapter
Designing and assessing the security of IoT systems is very challenging, mainly due to the fact that new threats and vulnerabilities affecting IoT devices are continually discovered and published. Moreover, new (typically low-cost) devices are continuously plugged-in into IoT systems, thus introducing unpredictable security issues. This paper propo...
Conference Paper
The large adoption of cloud services in many business domains dramatically increases the need for effective solutions to improve the security of deployed services. The adoption of Security Service Level Agreements (Security SLAs) represents an effective solution to state formally the security guarantees that a cloud service is able to provide. Even...
Article
Full-text available
The term Internet of Things (IoT) is used as an umbrella that covers several topics, related to the application of technological means to monitor, measure and act upon the environment. As a result, it is difficult to determine a univocal architecture to identify as a reference and several scenarios, involving different sensors, smart devices, netwo...
Conference Paper
Full-text available
Cloud monitoring and, above all, security monitoring, is of fundamental importance for both providers and consumers. The availability of effective security metrics and related monitoring tools would not only improve the trust of consumers in acquired services and the control of providers over their infrastructures, but it would also enable the adop...
Article
Currently, an increasing number of customers require cloud services with guaranteed security levels. At this aim, the adoption of multi-cloud strategies is spreading in a large number of interesting application domains, since they may potentially improve security and reduce development costs. However, the problem of identifying the optimal distribu...
Conference Paper
Next generation Data Centers (ngDC) provide a significant evolution how storage resources can be provisioned. They are cloud-based architectures offering flexible IT infrastructure and services through the virtualization of resources: managing in an integrated way compute, network and storage resources. Despite the multitude of benefits available w...
Technical Report
Full-text available
This white paper collects the technology solutions that the projects in the Data Protection, Security and Privacy Cluster propose to address the challenges raised by the working areas of the Free Flow of Data initiative. The document describes the technologies, methodologies, models, and tools researched and developed by the clustered projects mapp...
Chapter
Full-text available
Cloud paradigm is currently one of the most remunerative segments of Information Technology. It has gained the interest of a very large number of corporates and organizations. However, despite the promising features, security is the major concern for businesses that want to shift their services to the cloud. On the other hand, business critical sys...
Article
Full-text available
This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud applica...
Article
Full-text available
The Free Flow of Data is an emerging challenge to which the European Commission is currently working on with a legislative proposal due for the end of 2016, as part of the Digital Single Market (DSM) strategy. The proposal aims at tackling unjustified “restrictions on the free movement of data” among Member States. This paper analyses a number of c...
Article
Full-text available
The perception of lack of control over resources deployed in the cloud may represent one of the critical factors for an organization to decide to cloudify or not its own services. The flat security features offered by commercial cloud providers to every customer, from simple practitioners to managers of huge amounts of sensitive data and services,...
Article
Cloud Computing is a large-set of resources and services offered through the Internet according to a on-demand self service model. In particular, the cloud elasticity allows customers to scale-up their applications in order to provide services to a larger number of end-users. The provided services are charged based on a pay-per-use business model....
Article
Dealing with the provisioning of Cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that it is understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLO...
Technical Report
Full-text available
The future Digital Single Market (DSM) poses a number of research challenges for future years. Particularly, the DSM Initiative #14 on " Free flow of data " directly impacts on a number of security and privacy issues on (multi-)cloud-based services and cloud services. The objective of this White paper is to develop an initial map of challenges iden...
Technical Report
Full-text available
The present open access document aims to depict the map of research topics and innovations of the projects in the Data Protection Security and Privacy in the Cloud cluster (from now on DPSP cluster for short). The DPSP cluster includes projects and actions on Cloud partially funded by the European Commission through the H2020-LEIT-ICT, FP7-Collabor...
Conference Paper
Next generation Data Centers (ngDC) are the cloud-based architectures devoted to offering infrastructure services in flexible ways: managing in an integrated way compute, network and storage services. This solution is very attractive from an organisation’s perspective but one of the main challenges to adoption is the perception of loss of security...
Article
Full-text available
The potential of cloud computing is still underutilised in the scientific computing field. Even if clouds probably are not fit for high-end HPC applications, they could be profitably used to bring the power of low-cost and scalable parallel computing to the masses. But this requires simple and friendly development environments, able to exploit clou...
Article
After a decade of diffusion, cloud computing has received wide acceptance, but it is not yet attractive for the HPC community. Clouds could be a cost-effective alternative to clusters and supercomputers, providing economy of scale, elasticity, flexibility, and easy customization. Unfortunately, most clouds are optimized for running business applica...
Article
Full-text available
In cloud computing, possible risks linked to availability, performance and security can be mitigated by the adoption of Service Level Agreements (SLAs) formally agreed upon by cloud service providers and their users. This paper presents the design of services for the management of cloud-oriented SLAs that hinge on the use of a REST-based API. Such...
Conference Paper
Full-text available
In this paper we present a monitoring architecture that is automatically configured and activated based on a signed Security SLA. Such monitoring architecture integrates different security-related monitoring tools (either developed ad-hoc or already available as open-source or commercial products) to collect measurements related to specific metrics...
Chapter
Full-text available
The Cloud paradigm has largely been adopted in several different contexts and applied to an incredibly large set of technologies. It is an opportunity for IT users to reduce costs and increase efficiency providing an alternative way of using IT services. It represents both a technology for using computing infrastructures in a more efficient way and...
Chapter
Can security be provided as-a-Service? Is it possible to cover a security service by a proper Service Level Agreement? This paper tries to reply to these questions by presenting some ongoing research activities from standardization bodies and academia, trying to cope with the open issues in the management of Security Service Level Agreement in its...
Article
Cloud computing founds on the pay-per-use paradigm, and offers a simple way to acquire any kind of resources through an as-a-service approach. As a consequence, the cloud is currently seen as a viable and inexpensive alternative to customary parallel/distributed computing solutions, ranging from small clusters to GRIDs, which were widely used in th...
Article
Even if clouds are not fit for high-end HPC applications, they could be profitably used to bring the power of economic and scalable parallel computing to the masses. But this requires both simple development environments, able to exploit cloud scalability, and the capability to easily predict the cost of HPC application runs. This paper presents a...
Article
Full-text available
The success of the cloud computing paradigm is due to its on-demand, self-service, and pay-by-use nature. According to this paradigm, the effects of Denial of Service (DoS) attacks involve not only the quality of the delivered service, but also the service maintenance costs in terms of resource consumption. Specifically, the longer the detection de...
Article
As the cloud paradigm gains widespread adoption, the performance evaluation and prediction of cloud applications remain daunting tasks, not yet fully accomplished. Nevertheless, reliable performance figures are the key to take the cloud to the next step, in which it will be possible to predict the maintenance cost of the applications and to introdu...
Conference Paper
Full-text available
As the popularity of Cloud computing has grown during the last years, the choice of Cloud Service Provider (CSP) has become an important issue from user’s perspective. Although the Cloud users are more and more concerned about their security in the Cloud and might have some specific security requirements, currently this choice is based on requireme...
Conference Paper
Full-text available
The potential of cloud computing is still underutilized in the scientific computing field. Even if clouds probably are not fit for high-end HPC applications, they could be profitably used to bring the power of economic and scalable parallel computing to the masses. But this requires simple and friendly development environments, able to exploit clou...
Article
Full-text available
Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate...
Article
Cloud computing represents an opportunity for IT users to reduce costs and increase efficiency providing an alternative way of using IT services. Elastic provisioning plays an important role by giving the possibility to get the best resources configuration that satisfies the application requirements. Even if there are many cloud providers, with a r...
Article
Full-text available
The capability of making sensor infrastructures accessible by authorised users is a desirable property in many application scenarios. The integration of sensors into the cloud enables users to easily search, access, process and share large amounts of sensor data from different applications. Most of the current solutions model sensor networks as a p...