V. Sassone

University of Southampton · Department of Electronics and Computer Science (ECS)

Increased systems complexity and ubiquitous computing drive the need for improved systems design. Model-based systems engineering using general purpose languages such as SysML, is a wellestablished response to this challenge. However, for systems where correctness-by-construction is critical, formal methods are often also deployed. This is a signif...

The globalisation and outsourcing of the IC supply chain have led to a more complex production cycle. Using threat models to understand the attacks can help engineers build stronger countermeasures and evaluate against different options to create better protection from attacks. Gamification is an alternative to teaching engineers threats using thre...

In the last few years, serious games have become popular, with a consensus of the benefits for teaching cyber security awareness and education. However, there is still a lack of pedagogical driven methodologies and tools to support serious games design to ensure they achieve the learning objectives. This paper proposes MOTENS, a pedagogical model,...

In the last few years, serious games have become popular, with a consensus of the benefits for teaching cyber security awareness and education. However, there is still a lack of pedagogical driven methodologies and tools to support serious games design to ensure they achieve the learning objectives. This paper proposes MOTENS, a pedagogical model,...

p>An inability to produce documentary proof of compliance remains a chief reason for audit non-compliance. Herein, we propose a persistent SysML-based method for casting audit outcomes as system requirements, producing documentary evidence of compliance and locating non-compliance prior to audits.</p

Event-B, a refinement-based formal modelling language, has traditionally focused on safety, but now increasingly finds a new role in developing secure systems. In this paper we take a fresh look at security and focus on what security means for the system rather than looking at detailed protocols. We use Event-B for proving security from an abstract...

Event-B, a refinement-based formal modelling language, has traditionally focused on safety, but now increasingly finds a new role in developing secure systems. In this paper we take a fresh look at security and focus on what security means for the system rather than looking at detailed protocols. We use Event-B for proving security from an abstract...

Electronic healthcare solutions permit interconnecting hospitals and clinics to enable sharing of electronic medical records according to interoperability and legal standards. However, healthcare record data is siloed across hospitals and data sharing processes are unsuccessful in providing accountable audit of the data. Blockchain technology has b...

Provenance is the foundation of data quality, usually implemented by automatically capturing the trace of data manipulation over space and time. In healthcare, provenance becomes critical since it encompasses both clinical research and patient safety. In this proposal we aim at exploiting and innovating existing health IT deployments by enabling da...

Objective The creation and exchange of patients’ Electronic Healthcare Records have developed significantly in the last decade. Patients’ records are however distributed in data silos across multiple healthcare facilities, posing technical and clinical challenges that may endanger patients’ safety. Current healthcare sharing systems ensure interope...

Many academic and industrial research working on Wireless Communications and Networking rely on simulations, at least in the first stages, to obtain preliminary results to be subsequently validated in real settings. Topology generators (TG) are commonly used to generate the initial placement of nodes in artificial Ad Hoc Mesh Network topologies, wh...

Cyber attacks are increasing in number and sophistication, causing organisations to continuously adapt management strategies for cyber security risks. As a key risk mitigation policy, organisations are investing in professional training courses for their employees to raise awareness on cyber attacks and related defences. Serious games have emerged...

Many academic and industrial research works on WANETs rely on simulations, at least in the first stages, to obtain preliminary results to be subsequently validated in real settings. Topology generators (TG) are commonly used to generate the initial placement of nodes in artificial WANET topologies, where those simulations take place. The significan...

As software becomes ever more embedded into the fabric of society, more systems are becoming critical to large numbers of people, either by design or unintentionally. Even those that may not be considered safety-critical can have a large impact when they fail (e.g. banking systems). Consequently, software can be critical for a number of reasons, in...

The evolution of Internet-of-Things (IoT) is leading to an increasing number of new security issues. This is due to the nature of IoT devices which use lighter protocols and which may be either hacked or physically tampered with. Thus, common approaches for threat modelling are insufficient on IoT environments , since they hardly catch all possible...

Access control systems are nowadays the first line of defence of modern IT systems. However, their effectiveness is often compromised by policy miscofigurations that can be exploited by insider threats. In this paper, we present an approach based on machine learning to refine attribute-based access control policies in order to reduce the risks of u...

One of the main trends in the evolution of smart grids is transactive energy, where istributed energy resources, e.g. smart meters, develop towards Internet-of-Things (IoT) devices enabling prosumers to trade energy directly among each other, without the need of involving any centralised third party. The expected advantages in terms of cost-effect...

Federating Cloud systems is an urgent need of the Public Sector. In this paper, we showcase a recent Cloud Federation-as-a-Service solution empowered by blockchain technology. This solution is used by the Italian Ministry of Economy and Finance to realise a cross-Cloud application for payslip calculation of Police Forces. Blockchain offers decentra...

One of the main trends in the evolution of smart grids is trans-active energy, where distributed energy resources, e.g. smart meters, develop towards Internet-of-Things (IoT) devices enabling prosumers to trade energy directly among each other, without the need of involving any centralised third party. The expected advantages in terms of cost-effec...

Provenance is the foundation of data quality, usually implemented by automatically capturing the trace of data manipulation over space and time. In healthcare, provenance becomes critical since it encompasses both clinical research and patient safety. In this proposal we aim at exploiting and innovating existing health IT deployments by enabling da...

Cloud federation is a novel concept that has been drawing attention from research and industry. However, there is a lack of solid proposal that can be widely adopted in practice to guarantee adequate governance of federations, especially in the Public Sector contexts due to legal requirements. In this paper, we propose an innovative governance app...

A Cloud federation is a collaboration of organizations sharing data hosted on their private cloud infrastructures in order to exploit a common business opportunity. However, the adoption of cloud federations is hindered by member organizations’ concerns on sharing their data with potentially competing organizations. For cloud federations to be viab...

Belief and min-entropy leakage are two well-known approaches to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches founded on Shannon entropy and mutual information, which were shown to provide inadequate security guarantees. In this paper we unify the two concepts in one model so as to...

Cloud federations are a new collaboration paradigm where organizations share data across their private cloud infrastructures. However, the adoption of cloud federations is hindered by federated organizations’ concerns on potential risks of data leakage and data misuse. For cloud federations to be viable, federated organizations’ privacy concerns sh...

Cloud federation is an emergent cloud-computing paradigm that allows services from different cloud systems to be aggregated in a single pool. To support secure data sharing in a cloud federation, anonymization services that obfuscate sensitive datasets under differential privacy have been recently proposed. However, by outsourcing data protection t...

Permissioned blockchains are arising as a solution to federate companies prompting accountable interactions. A variety of consensus algorithms for such blockchains have been proposed, each of which has dierent benets and drawbacks. Proof-of-Authority (PoA) is a new family of BFT consensus algorithms largely used in practice which ensure better perf...

This document is the main high-level architecture specification of the SUNFISH cloud federation solution. Its main objective is to introduce the concept of Federation-as-a-Service (FaaS) and the SUNFISH platform. FaaS is the new and innovative cloud federation service proposed by the SUNFISH project. The document defines the functionalities of FaaS...

As data provenance becomes a significant metadata in validating the origin of information and asserting its quality, it is crucial to hide the sensitive information of provenance data to enable trustworthi-ness prior to sharing provenance in open environments such as the Web. In this paper, a graph rewriting system is constructed from the PROV data...

This paper provides a type theoretic foundation for descriptive types that appear in Linked Data. Linked Data is data published on the Web according to principles and standards supported by the W3C. Such Linked Data is inherently messy: this is due to the fact that instead of being assigned a strict a priori schema, the schema is inferred a posteri...

Provenance is a record that describes the people, institutions, entities, and activities involved in producing, influencing, or delivering a piece of data or a thing. In particular, the provenance of information is crucial in deciding whether information is to be trusted. PROV is a recent W3C specification for sharing provenance over the Web. Howev...

We provide an introduction to the Web of Linked Data from the perspective of a Web developer who would like to build an application using Linked Data. We identify a weakness in the development stack, namely a lack of domain specific scripting languages for designing background processes that consume Linked Data. To address this weakness, we design...

The aim of this work is to verify an algebra for high level languages for reading and writing Linked Data. Linked Data is raw data published on the Web and interlinked using a collection of standards. The main innovation is simply to use dereferenceable URIs as global identifiers in data, rather than a key local to a dataset. This introduces signif...

This work introduces the notion of descriptive typing. Type systems are typically prescriptive in the sense that they prescribe a space of permitted programs. In contrast, descriptive types assigned to resources in Linked Data provide useful annotations that describe how a resource may be used. Resources are represented by URIs that have no interna...

Anonymity is a security property of paramount importance, as we move steadily towards a wired, online community. Its import touches upon subjects as different as eGovernance, eBusiness and eLeisure, as well as personal freedom of speech in authoritarian societies. Trust metrics are used in anonymity networks to support and enhance reliability in th...

In modern global networks, principals usually have incomplete information about each other. Therefore trust and reputation frameworks have been recently adopted to maximise the security level by basing decision making on estimated trust values for network peers. Existing models for trust and reputation have ignored dynamic behaviours, or introduced...

The Web of Linked Data is the cumulation of over a decade of work by the Web standards community in their effort to make data more Web-like. We provide an introduction to the Web of Linked Data from the perspective of a Web developer that would like to build an application using Linked Data. We identify a weakness in the development stack as being...

We introduce weighted GSOS, a general syntactic framework to specify well-behaved transition systems where transitions are equipped with weights coming from a commutative monoid. We prove that weighted bisimilarity is a congruence on systems defined by weighted GSOS specifications. We illustrate the flexibility of the framework by instantiating it...

Linked Data provides some sensible guidelines for publishing and consuming data on the Web. Data published on the Web has no inherent truth, yet its quality can often be assessed based on its provenance. This work introduces a new approach to provenance for Linked Data. The simplest notion of provenance–viz., a named graph indicating where the data...

In this annex, we will set out a few examples of the anonymisation of data, to indicate the range of techniques available to the information manager. The aim is not to provide a manual of anonymisation, but to give a flavour of the field, and of the variety of the options. We do not pretend that this is an exhaustive list of methods, or that the me...

In this annex, we will set out a few examples of the anonymisation of data, to indicate the range of techniques available to the information manager. The aim is not to provide a manual of anonymisation, but to give a flavour of the field, and of the variety of the options. We do not pretend that this is an exhaustive list of methods, or that the me...

Concurrent fine grained updates are essential for using RDF stores in dynamic modern Web applications, where users increasingly contribute content as often as they read content. SPARQL Update is a language proposed by the W3C for fine grained updates for RDF stores. In this work we propose an operational semantics for SPARQL Update, suggesting a po...

Anonymity systems are of paramount and growing importance in communication networks. They rely on users to cooperate to the realisation of an effective anonymity service. Yet, existing systems are marred by the action of ‘selfish’ free-loaders, so that several cooperation incentives are being proposed. We propose a game-theoretic model of incentive...

Anonymity is a security property of paramount importance as it helps to protect users' privacy by ensuring that their identity remains unknown. Anonymity protocols generally suffer from denial of service (DoS) attack, as repeated message retransmission affords more opportunities for attackers to analyse traffic and lower the protocols' privacy. In...

A foundation is investigated for the application of loosely structured data on the Web. This area is often referred to as Linked Data, due to the use of URIs in data to establish links. This work focuses on emerging W3C standards which specify query languages for Linked Data. The approach is to provide an abstract syntax to capture Linked Data stru...

A foundation is investigated for the application of loosely structured data on the Web. This area is often referred to as Linked Data, due to the use of URIs in data to establish links. This work focuses on emerging W3C standards which specify query languages for Linked Data. The approach is to provide an abstract syntax to capture Linked Data stru...

We develop local reasoning techniques for message passing concurrent programs based on ideas from separation logics and resource usage analysis. We extend processes with permission- resources and define a reduction semantics for this extended language. This provides a foundation for interpreting separation formulas for message-passing concurrency....

The term Linked Data is used to describe ubiquitous and emerging semi-structured data formats on the Web. URIs in Linked Data allow diverse data sources to link to each other, forming a Web of Data. A calculus which models concurrent queries and updates over Linked Data is presented. The calculus exhibits operations essential for declaring rich ato...

Anonymity is a security property of paramount importance, as we move steadily towards a wired, online community. Its import touches upon subjects as different as eGovernance, eBusiness and eLeisure, as well as personal freedom of speech in authoritarian societies. Trust metrics are used in anonymity networks to support and enhance reliability in th...

Belief and vulnerability have been proposed re- cently to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches founded on Shannon entropy and mutual information, which were shown to provide inadequate security guarantees. In this paper we unify the two concepts in one model so as to cope w...

Belief and vulnerability have been proposed re- cently to quantify information flow in security systems. Both concepts stand as alternatives to the traditional approaches founded on Shannon entropy and mutual information, which were shown to provide inadequate security guarantees. In this paper we unify the two concepts in one model so as to cope w...

Preface to the `Logical Methods in Computer Science', special issue dedicated to ICALP 2006, Track B: Logic, Semantics and Theory of Programming

The existing analysis of the Crowds anonymity protocol assumes that a participating member is either ‘honest’ or ‘corrupted’. This paper generalises this analysis so that each member is assumed to maliciously disclose the identity of other nodes with a probability determined by her vulnerability to corruption. Within this model, the trust in a prin...

A calculus for modelling concurrent querying and maintenance of linked data is presented. The model is based on processes where the basic operations of querying and updating linked data are primitive. The model is executable due to its operational semantics. A type system ensures that names referring to entities within the model are used correctly....

Talk given at University of Bamberg, Germany on 14.12.09

A calculus for modelling concurrent querying and maintenance of Linked Data is presented. The model is based on processes where the basic operations of querying and updating linked data are primitive. The model is executable due to its operational semantics. A light type system based on RDFS ensures that names which refer to entities within the mod...

Probabilistic trust has been adopted as an approach to taking security sensitive decisions in modern global computing environments. Existing probabilistic trust frameworks either assume fixed behaviour for the principals or incorporate the notion of `decay' as an ad hoc approach to cope with their dynamic behaviour. Using Hidden Markov Models (HMMs...

We analyse the \textsc{Crowds} anonymity protocol under the novel assumption that the attacker has independent knowledge on behavioural patterns of individual users. Under such conditions we study, reformulate and extend Reiter and Rubin's notion of probable innocence, and provide a new formalisation for it based on the concept of protocol vulnerab...

Research in models for experience-based trust management has either ignored the problem of modelling and reasoning about dynamically changing principal behaviour, or provided ad hoc solutions to it. Probability theory provides a foundation for addressing this and many other issues in a rigorous and mathematically sound manner. Using Hidden Markov M...

Research in models for experience-based trust management has either ignored the problem of modelling and reasoning about dynamically changing principal behaviour, or provided ad hoc solutions to it. Probability theory provides a foundation for addressing this and many other issues in a rigorous and mathematically sound manner. Using Hidden Markov M...

We argue briefly for the role of computational trust in ubiquitous computing, and in particular for the need of a formal foundation for computational trust. We provide two examples towards such a foun- dation: a formal foundation for a some probabilistic approaches from the literature, and a formal framework for comparing probabilistic trust models...

We present a formalism for provenance in distributed systems based on the ?-calculus. Its main feature is that all data products are annotated with metadata represent- ing their provenance. The calculus is given a provenance tracking semantics, which ensures that data provenance is updated as the computation proceeds. The calculus also enjoys a pat...

We present a formalism for provenance in distributed systems based on the π-calculus. Its main feature is that all data products are annotated with metadata represent- ing their provenance. The calculus is given a provenance tracking semantics, which ensures that data provenance is updated as the computation proceeds. The calculus also enjoys a pat...

Talk given at LMU, Munich 14.1.09

Talk given at ECS, Southampton on 21.10.09

Talk given at INRIA Saclay, Paris on 5.11.09

Talk given at University of Bamberg, Germany on 14.12.09

A unified programming environment, the syndication calculus, is proposed for several technological trends which are attaining a ubiquitous status on the web. Trends suggest a range of technologies providing closely related minimalistic protocols for the management of resources with respect to collections — popularly referred to as feeds. An apparen...

The BCS launched its first international academic conference, intended as a major international event totake place in the UK. This year's theme was 'Visions of Computer Science'. Our aim was to establish the pattern of a high-quality wide-spectrum UK-based conference, with a strong international profile. Moreover, to energise the UK community and b...

Proceedings of Visions of Computer Science - BCS International Academic Conference

We recapture some of the arguments for trust-based technologies in ubiquitous computing, followed by a brief survey of some of the models of trust that have been introduced in this respect. Based on this, we argue for the need of more formal and foundational trust models.

Ugo’s research activity in the area of Models of Computation (MoC, for short) has been prominent, influential and broadly scoped. In this introductory contribution we would like to recall some of the influential MoC models put forward by Ugo which cut across the three approaches.

A syntactic framework called SGSOS, for defining well-behaved Markovian stochastic transition systems, is introduced by analogy to the GSOS congruence format for nondeterministic processes. Stochastic bisimilarity is guaranteed a congruence for systems defined by SGSOS rules. Associativity of parallel composition in stochastic process algebras is als...

We introduce the model of Markov nets, a probabilistic extension of safe Petri nets under the true-concurrency semantics-this means that traces, not firing sequences, are given a probability. This model builds upon our previous work on probabilistic ...

Special issue of Theoretical Computer Science dedicated to Fossacs 2005

Reputation systems are meta systems that record, aggregate and distribute information about principals' behaviour in distributed applications. Similarly, history-based access control systems make decisions based on programs' past security-sensitive actions. While the applications are distinct, the two types of systems are fundamentally making decis...

Ugo’s research activity in the area ofModels of Computation (MoC, for short) has been prominent, influential and broadly scoped. Ugo’s trademark is that undefinable ability to understand and distill computational aspects into new models as if you were reading them out of some evident connection between well-know models: only, most often, that conne...

Talk given at "UbiCom Grand Challenge Retreat", Nottingham 30.10.08

Talk given at "UbiCom Grand Challenge Retreat", Nottingham 30.10.08

Talk given at ECS, Southampton 20.10.08

This paper presents an object-oriented, Java-like core language with primitives for distributed programming and explicit code mobility. We apply our formulation to prove the correctness of several optimisations for distributed programs. Our language ...

Aiming at a unified view of the logics describing spatial structures, we introduce a gen- eral framework, BiLog, whose formulae characterise monoidal categories. As a first instance of the framework we consider bigraphs, which are emerging as a an interesting (meta-)model for spatial structures and distributed calculi. Since bigraphs are built orth...

The application scenarios envisioned for 'global ubiquitous computing ' have unique re- quirements that are often incompatible with traditional security paradigms. One alternative currently being investigated is to support security decision-making by explicit representa- tion of principals' trusting relationships, i.e., via systems for computationa...

We use the framework of biorthogonality to introduce a novel semantic definition of the concept of barb (basic observable) for process calculi. We develop a uniform basic theory of barbs and demonstrate its robustness by showing that it gives rise to the correct observables in specific process calculi which model synchronous, asynchronous and broad...