Valentina Casola

University of Naples Federico II | UNINA · Department of Electrical Engineering and Information Technology

Both cloud and GRID are computing paradigms for the large-scale management of distributed resources, and currently their integration is of great interest. This is typically obtained through the Infrastructure-as-a-Service cloud model, which is exploited in the GRID context to offer machine with full administration rights to users. In this paper the...

Validating an end-entity X. 509 digital certificate prior to authorizing it for using a resource into the computational Grid has become a widely studied topic due to its importance for security. A more comprehensive validation process involves not only a real-time check on the credential's status, but also an evaluation of the trust level applicabl...

Cooperative services in Service Oriented Architectures (SOA) inter act and delegate jobs to each other; when they have to respect a Service Level Agreement (SLA) they need to explicitly manage it amongst each other. SLAs and, above all, security-SLAs, are usually expressed in ambiguous ways and this implies that they need to be manually evaluated b...

Dealing with the provisioning of Cloud services granted by Security SLAs is a very challenging research topic. At the state of the art, the main related issues involve: (i) representing security features so that it is understandable by both customers and providers and measurable (by means of verifiable security-related Service Level Objectives (SLO...

The evolution of Cloud Computing into a service utility, along with the pervasive adoption of the IoT paradigm, has promoted a significant growth in the need of computational and storage services. The traditional use of cloud services, focused on the consumption of one provider, is not valid anymore due to different shortcomings being the risk of v...

In the last years, agile methodologies are gaining substantial momentum, becoming increasingly popular in a broad plethora of industrial contexts. Unfortunately, many obstacles have been met while pursuing adoption in secure and safe systems, where different standards and operational constraints apply. In this paper, we propose a novel agile method...

The growing markets of Cloud services and IoT platforms have dramatically raised system flexibility and deployment options. However, increasing complexity and dependency on third-party providers make it difficult to assess the security and privacy levels that distributed systems can offer to their users. In the last years, machine-readable Service...

Cyber-physical systems (CPSs) rely upon the deep integration of computation and physical processes/systems, enabled by Internet of Things (IoT), edge computing, and cloud technologies. Noticeably, cybersecurity is a major concern in CPSs, since attacks may exploit both cyber and physical vulnerabilities and damage significantly physical equipment,...

The adoption of agile methodologies in all domains of software development is a desired goal. Unfortunately, many obstacles have been meet in the past for a full adoption in secure and safe systems, where different standards and operational constraints apply. In this paper we propose a novel agile methodology to be applied in the development of saf...

The fourth industrial revolution, or Industry 4.0, brings together digital and physical technologies to create responsive and interconnected operations. Companies use AI, robotics, edge computing, and the cloud to make informed and timely decisions from the supply chain to the smart factory. Solutions designed for the Industrial Internet of Things...

e-Health applications enable one to acquire, process, and share patient medical data to improve diagnosis, treatment, and patient monitoring. Despite the undeniable benefits brought by the digitization of health systems, the transmission of and access to medical information raises critical issues, mainly related to security and privacy. While sever...

The growing convergence among Information and Operation Technology worlds in modern Industrial Internet of Things (IIoT) systems is posing new security challenges, requiring the adoption of novel security mechanisms involving light architectures and protocols to cope with IIoT devices resource constraints. In this paper, we investigate the adoption...

Clinical de-identification aims to identify Protected Health Information in clinical data, enabling data sharing and publication. First automatic de-identification systems were based on rules or on machine learning methods, limited by language changes, lack of context awareness and time consuming feature engineering. Newer deep learning techniques...

In the last years, the need to de-identify privacy-sensitive information within Electronic Health Records (EHRs) has become increasingly felt and extremely relevant to encourage the sharing and publication of their content in accordance with the restrictions imposed by both national and supranational privacy authorities. In the field of Natural Lan...

The COrona VIrus Disease 19 (COVID-19) pandemic required the work of all global experts to tackle it. Despite the abundance of new studies, privacy laws prevent their dissemination for medical investigations: through clinical de-identification, the Protected Health Information (PHI) contained therein can be anonymized so that medical records can be...

This article introduces a model for cloud-aware enterprise governance with a focus on its semantic aspects. It considers the need for Business-IT/OT and Governance-Security alignments. The proposed model suggests the usage of ontologies as specific tools to address the governance of each IT/OT environment in a holistic way. The concrete utilization...

DevOps is becoming one of the most popular software development methodologies, especially for cloud-based applications. In spite of its popularity, it is still difficult to integrate non-functional requirements, such as security, in the full application development life-cycle. In some recent works, security DevOps (or SecDevOps) has been introduced...

As cloud services become central in an increasing number of applications, they process and store more personal and business-critical data. At the same time, privacy and compliance regulations such as GDPR, the EU ePrivacy regulation, PCI, and the upcoming EU Cybersecurity Act raise the bar for secure processing and traceability of critical data. Es...

Cloud computing, Edge computing and IoT are significantly changing from the original architectural models with a pure provisioning of virtual resources (and services) to a transparent and adaptive hosting environment where cloud providers, as well as “on-premise” resources and end-nodes, fully realize the “everything-as-a-service” provisioning conc...

Recent software development methodologies, as DevOps or Agile, are very popular and widely used, especially for the development of cloud services and applications. They dramatically reduce the time-to-market of developed software but, at the same time, they can be hardly integrated with security design and risk management methodologies. These canno...

Security assessment is a very time- and money-consuming activity. It needs specialized security skills and, furthermore, it is not fully integrated into the software development life-cycle. One of the best solutions for the security testing of an application relies on the use of penetration testing techniques. Unfortunately, penetration testing is...

Security assessment is a very time- and money-consuming activity. It needs specialized security skills and, furthermore, it is not fully integrated into the software development life-cycle. One of the best solutions for the security testing of an application relies on the use of penetration testing techniques. Unfortunately, penetration testing is...

This book constitutes the refereed proceedings of the 32nd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2020, which was supposed to be held in Naples, Italy, in December 2020, but was held virtually due to the COVID-19 pandemic. The 17 regular papers and 4 short papers presented were carefully reviewed and selected fr...

Internet of Things (IoT) ecosystems are recently experiencing a significant grow in complexity. Most IoT applications in domains like healthcare, industry, automotive and smart energy are composed of several interconnected sub-systems that produce, collect, process and exchange a huge amount of data, and that offer composite services to the end-use...

The wide adoption of the Internet of Things (IoT) paradigm in several application domains has raised new security issues, which should be carefully taken into account to achieve a real benefit from the indisputable innovation potential of IoT. In fact, the heterogeneity of involved technologies, including the integration of different resource-const...

The need for SIEM systems increased in the last few years, especially as cyber-attacks are evolving and targeting enterprises, which may cause discontinuity of their services, leakage of their data, and affect their reputation. Cybersecurity breaches can range from no or limited impact to stealing or manipulation of data, or even taking control of...

The Internet of Things (IoT) has recently become one of the most relevant emerging technologies in the IT landscape. IoT systems are characterized by the high heterogeneity of involved architectural components (e.g., device platforms, services, networks, architectures) and involve a multiplicity of application domains. In the IoT scenario, the iden...

The widespread diffusion of cloud computing is still slowed down by security and performance concerns. As a matter of fact, issues such as security and confidentiality of data on one hand, fluctuating performance on the other are still limiting factors for the switch from on-premise to cloud-hosted environments. This paper sketches the structure of...

Designing and assessing the security of IoT systems is very challenging, mainly due to the fact that new threats and vulnerabilities affecting IoT devices are continually discovered and published. Moreover, new (typically low-cost) devices are continuously plugged-in into IoT systems, thus introducing unpredictable security issues. This paper propo...

The large adoption of cloud services in many business domains dramatically increases the need for effective solutions to improve the security of deployed services. The adoption of Security Service Level Agreements (Security SLAs) represents an effective solution to state formally the security guarantees that a cloud service is able to provide. Even...

Cloud monitoring and, above all, security monitoring, is of fundamental importance for both providers and consumers. The availability of effective security metrics and related monitoring tools would not only improve the trust of consumers in acquired services and the control of providers over their infrastructures, but it would also enable the adop...

Currently, an increasing number of customers require cloud services with guaranteed security levels. At this aim, the adoption of multi-cloud strategies is spreading in a large number of interesting application domains, since they may potentially improve security and reduce development costs. However, the problem of identifying the optimal distribu...

Next generation Data Centers (ngDC) provide a significant evolution how storage resources can be provisioned. They are cloud-based architectures offering flexible IT infrastructure and services through the virtualization of resources: managing in an integrated way compute, network and storage resources. Despite the multitude of benefits available w...

Security issues are still posing limitations to the full exploitation of the potential of the cloud computing paradigm, and cloud developers are more and more required to take security into account from the very beginning of the development process. Unfortunately, the application of classical security best practices may be not enough due to the inv...

This paper presents a security-by-design methodology for the development of cloud applications, which relies on Security SLAs as a means to express their security requirements. The process followed to build such Security SLAs entails the application of a risk analysis procedure aimed at identifying the main vulnerabilities affecting a cloud applica...

A key issue in electronic health systems is the underlying security and privacy risk. For example, confidential patient information or medical records ending up in the hands of a person not privy to the information could have far-reaching consequences. With the trend toward cloud computing use in the healthcare industry continuing to grow (for exam...

The perception of lack of control over resources deployed in the cloud may represent one of the critical factors for an organization to decide to cloudify or not its own services. The flat security features offered by commercial cloud providers to every customer, from simple practitioners to managers of huge amounts of sensitive data and services,...

We present a case study on the migration to a cloud computing environment of the advanced differential synthetic aperture radar interferometry (DInSAR) technique, referred to as Small BAseline Subset (SBAS), which is widely used for the investigation of Earth surface deformation phenomena. In particular, we focus on the SBAS parallel algorithmic so...

Next generation Data Centers (ngDC) are the cloud-based architectures devoted to offering infrastructure services in flexible ways: managing in an integrated way compute, network and storage services. This solution is very attractive from an organisation’s perspective but one of the main challenges to adoption is the perception of loss of security...

This paper presents a web tool for the unsupervised retrieval of Earth's surface deformation from Synthetic Aperture Radar (SAR) satellite data. The system is based on the implementation of the Differential SAR Interferometry (DInSAR) algorithm referred to as Parallel Small BAseline Subset (P-SBAS) approach, within the Grid Processing on Demand (G-...

In this paper we present a monitoring architecture that is automatically configured and activated based on a signed Security SLA. Such monitoring architecture integrates different security-related monitoring tools (either developed ad-hoc or already available as open-source or commercial products) to collect measurements related to specific metrics...

Can security be provided as-a-Service? Is it possible to cover a security service by a proper Service Level Agreement? This paper tries to reply to these questions by presenting some ongoing research activities from standardization bodies and academia, trying to cope with the open issues in the management of Security Service Level Agreement in its...

Cyber attacks are typically preceded by a reconnaissance phase in which attackers aim at collecting valuable information about the target system, including network topology, service dependencies, and unpatched vulnerabilities. Unfortunately, when system configurations are static, attackers will always be able, given enough time, to acquire accurate...

The advanced Differential SAR Interferometry (DInSAR) methodologies are widely used for the investigation of Earth's surface deformation phenomena. In particular, the advanced DInSAR approach referred to as Small BAseline Subset (SBAS) technique is able to produce deformation velocity maps and the corresponding displacement time-series from a tempo...

Today the main limit to Cloud adoption is related to the perception of a security loss the users have. Indeed, the existing solutions to provide security are mainly focused on Cloud service provider prospective in order to securely integrate frameworks and Infrastructures as a Services in a Cloud datacenter. Customer could not monitor and evaluate...

In recent years, the accuracy and performance of decision support systems have become a bottleneck in many monitoring applications. As for the accuracy, different classification algorithms are available but the overall performance are related to the specific software implementation. In this paper we propose a novel hardware implementation to fasten...

The capability of making sensor infrastructures accessible by authorised users is a desirable property in many application scenarios. The integration of sensors into the cloud enables users to easily search, access, process and share large amounts of sensor data from different applications. Most of the current solutions model sensor networks as a p...

Cloud security is today considered one of the main limits to the adoption of Cloud Computing. Academic works and the Cloud community (e.g., work-groups at the European Network and Information Security Agency, ENISA) have stated that specifying security parameters in Service Level Agreements actually enables the establishment of a common semantic in...

Cloud computing is an emerging paradigm, widely adopted in distributed and business computing. Nevertheless, the biggest issue with the large adoption of cloud computing is the perception of loss of security and control over resources that are dynamically acquired in the cloud and that reside on remote providers, and the strong integration of secur...

Nowadays, in a broad range of application areas, the daily data production has reached unprecedented levels. This data origins from multiple sources, such as sensors, social media posts, digital pictures and videos and so on. The technical and scientific issues related to the data booming have been designated as the “Big Data” challenges. To deal w...