Nicola Mazzoccca’s research while affiliated with University of Naples Federico II and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (2)


Optimizing secure Web Services with MAWeS: A case study
  • Conference Paper

October 2007

·

10 Reads

·

2 Citations

·

·

Nicola Mazzoccca

·

[...]

·

Service-oriented architectures (SOA) and, in particular, Web Services are the emerging technologies to develop interoperable systems. In spite of the maturity of these new architectural models and technologies, the security of open services is still a challenging open issue; furthermore, the overall performance of a service built by composition of many atomic services can depend on many factors that need to be addressed. We are working on the design and the development of the MAWeS architecture, a framework that supports the development of self-optimizing autonomic systems for Web Services architectures. It relies on a simulation service to predict system performance and adopts a security evaluation service that implements a policy-based methodology for security description and evaluation. In this paper we sketch the MAWeS architecture, illustrating how to use it to optimize the performance of a typical compound Web Services application while at the same time guaranteeing that a set of security requirements, expressed by a security policy, are met.


Figure 2. Policy Matrix Representation 
Security design and evaluation in a VoIP secure infrastracture: A policy based approach
  • Conference Paper
  • Full-text available

May 2005

·

83 Reads

·

8 Citations

This paper aims at defining security levels of a voice over IP infrastructure during its design phase. The proposed technique uses security policies to express the security statements that could be adopted, and the policy evaluation is based on security metrics to compare policies. The technique first step consists of policy structure definition; the proposed approach is applied on the target VoIP infrastructure. In the second step of the technique, the policy is used to define reference levels against which a security designer can evaluate his design choice or compare the adopted security solution with existing ones.

Download

Citations (2)


... A buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. [10]This may result in erratic program behavior, including memory access errors, incorrect results, program termination (a crash), or a breach of system security. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. ...

Reference:

Prevention of Attacks in internet controlled Embedded Applications
Optimizing secure Web Services with MAWeS: A case study
  • Citing Conference Paper
  • October 2007

... Different security models to evaluate the QoP of a system are discussed in (Luo et al., 2009;Chen et al., 2011) and it is found that it is very hard to differentiate the strength offered by two protocols with similar status. Another approach to analyze the security strength of VoIP is shown in (Casola et al., 2005). In this method weights are assigned to each security feature and are framed in a matrix form. ...

Security design and evaluation in a VoIP secure infrastracture: A policy based approach