Trust and Security in the Future Internet Ilaria Matteucci Istituto di Informatica e Telematica - Consiglio Nazionale delle Ricerche 5th of December 2019
Main Research Areas • Authentication • Risk Management • Authorization and Usage • Cyber Insurance Control • Modelling of Online • Privacy-aware technologies Behaviours • Trust and Reputation • Detection of Fake Accounts Management • Online reviews analysis • Intrusion Detection • Distributed Ledger and • Formal methods for system Block-chains design, analysis, and synthesis 2
Main Application Scenarios • Critical Infrastructures • Distributed Systems Protection • Web Services • Grid • Power Grid • Cloud • Airport security • Mobile Devices • Social Media • Internet of Things • Distributed OSN • Automotive • Smart Home • Critical Data Protection • E-health 3
Topic 1: Usage Control in IoT • The IoT scenario (e.g., Industry4.0) poses new security and privacy challenges • Huge amount of data are continuously created from sensors (data streams) • Typically stored on the Cloud • Used for Collaborative Analytics ● Data producers are willing to share their data only if they can regulate their subsequent usage 4
Topic 1: Usage Control in IoT • The Usage Control model could be used to regulate the access to, and the subsequent usage of data and resources in dynamic access contexts 5
Topic 2. Offensive and Defensive security in Automotive Reverse engineering on: • CAN bus considering the different in-vehicle partitions In-Vehicle Infotainment system as entry-point to • CAN communications Penetration Testing for: • Remote access to the vehicle • Passengers’ privacy leakage https://youtu.be/6pTvD4wya50 • Design and development of : • Security protocols on CAN bus communication 1010100101010100110 • Keys exchange mechanisms 110 • Intrusion detection and prevention systems 6
Topic 3. Fake News Detection • Evaluation of quality and credibility of online information • Computational fact-checking • Provenance and source detection of claims • Analysis of misinformation spread on social media • Addressing and quantifying biases eliciting belief in false news • Quantifying the statistical efficacy of social bots in diffusing false news 7
Topic 4. Risk assessment for certification Goal: • Develop a risk-based cyber security certification schema for software systems (i.e., cloud, IoT/CPS, etc.). • Objectives: • Flexible certification scheme • Easy and fast certification process • Continuous certification Approach: • Develop a methodology suitable for assessment and mitigation of risks • Integrate risk assessment methodology into a certification schema • Expand the capabilities of the schema with rapid and frequent risk re-assessment and certification. The need: • Strong on-going political trend on cybersecurity certification (e.g., see the EU Cybersecurity Act, or the outcomes from ESCO, 4 Pilot projects, etc.) • Security certification schemes targeting products (e.g., Common Criteria) are not risk-assessment based , unlike the ones for processes (e.g., ISO 27001, NIST CSF, CSA). • Security group of IIT has very good knowledge in risk assessment and certification. There is a risk assessment tool for network systems to start with. 8
Bibliography Topic 1. Usage Control in IoT • A. La Marra, F. Martinelli, P. Mori, A. Rizos, A. Saracino. Introducing Usage Control in MQTT protocol for IoT. In Proceedings of the 3rd Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS 2017). In Conjunction With ESORICS 2017. Lecture Notes in Computer Science, vol 10683. Springer, Cham (2017), 35--43, DOI 10.1007/978-3-319-72817-9_3 Topic 2. Offensive and Defensive security in Automotive • Costantino, G., Matteucci, I.: CANDY CREAM - haCking infotAiNment anDroid sYstems to Command instRument clustEr via cAn data fraMe. In: Proceedings of the 17th IEEE International Conference on Embedded and Ubiquitous Computing EUC 2019. IEEE (2019, in press) Topic 3. Fake News Detection • Guido Caldarelli, Rocco De Nicola, Fabio Del Vigna, Marinella Petrocchi, Fabio Saracco: The role of bot squads in the political propaganda on Twitter. CoRR abs/1905.12687 (2019) Topic 4. Risk assessment for certification • George Hatzivasilis, Panos Chatziadam, Nikos Petroulakis, Sotiris Ioannidis, Matteo Mangini, Christos Kloukinas, Artsiom Yautsiukhin, Michalis Antoniou, Dimitrios G. Katehakis, Marios Panayiotou: Cyber Insurance of Information Systems: Security and Privacy Cyber Insurance Contracts for ICT and Helathcare Organizations. CAMAD 2019: 1-6 9
Thank you! Istituto di Informatica e Telematica Pisa, 5 Dicembre 2019 CNR – Pisa, Italy
Recommend
More recommend
