Trust and Security in the Future Internet Ilaria Matteucci Istituto - - PowerPoint PPT Presentation

trust and security in the future internet
SMART_READER_LITE
LIVE PREVIEW

Trust and Security in the Future Internet Ilaria Matteucci Istituto - - PowerPoint PPT Presentation

Oct 10, 2022 419 likes •537 views

Trust and Security in the Future Internet Ilaria Matteucci Istituto di Informatica e Telematica - Consiglio Nazionale delle Ricerche 5th of December 2019 Main Research Areas Authentication Risk Management Authorization and Usage

slide-1
SLIDE 1

5th of December 2019

Trust and Security in the Future Internet

Ilaria Matteucci

Istituto di Informatica e Telematica - Consiglio Nazionale delle Ricerche

slide-2
SLIDE 2

Main Research Areas

2

  • Authentication
  • Authorization and Usage

Control

  • Privacy-aware technologies
  • Trust and Reputation

Management

  • Intrusion Detection
  • Formal methods for system

design, analysis, and synthesis

  • Risk Management
  • Cyber Insurance
  • Modelling of Online

Behaviours

  • Detection of Fake Accounts
  • Online reviews analysis
  • Distributed Ledger and

Block-chains

slide-3
SLIDE 3

Main Application Scenarios

3

  • Critical Infrastructures

Protection

  • Power Grid
  • Airport security
  • Social Media
  • Distributed OSN
  • Automotive
  • Distributed Systems
  • Web Services
  • Grid
  • Cloud
  • Mobile Devices
  • Internet of Things
  • Smart Home
  • Critical Data Protection
  • E-health
slide-4
SLIDE 4

Topic 1: Usage Control in IoT

4

  • The IoT scenario (e.g.,

Industry4.0) poses new security and privacy challenges

  • Huge amount of data are

continuously created from sensors (data streams)

  • Typically stored on the Cloud
  • Used for Collaborative Analytics
  • Data producers are willing to share

their data only if they can regulate their subsequent usage

slide-5
SLIDE 5

Topic 1: Usage Control in IoT

5

  • The Usage Control model could be

used to regulate the access to, and the subsequent usage of data and resources in dynamic access contexts

slide-6
SLIDE 6

Topic 2. Offensive and Defensive security in Automotive

Reverse engineering on:

  • CAN bus considering the different in-vehicle

partitions

  • In-Vehicle Infotainment system as entry-point to

CAN communications

Penetration Testing for:

  • Remote access to the vehicle
  • Passengers’ privacy leakage
  • https://youtu.be/6pTvD4wya50

Design and development of :

  • Security protocols on CAN bus communication
  • Keys exchange mechanisms
  • Intrusion detection and prevention systems

6

1010100101010100110 110

slide-7
SLIDE 7

Topic 3. Fake News Detection

7

  • Evaluation of quality and credibility of online information
  • Computational fact-checking
  • Provenance and source detection of claims
  • Analysis of misinformation spread on social media
  • Addressing and quantifying biases eliciting belief in false news
  • Quantifying the statistical efficacy of social bots in diffusing false

news

slide-8
SLIDE 8

Topic 4. Risk assessment for certification

8

Goal:

  • Develop a risk-based cyber security certification schema for software systems (i.e., cloud, IoT/CPS, etc.).
  • Objectives:
  • Flexible certification scheme
  • Easy and fast certification process
  • Continuous certification

Approach:

  • Develop a methodology suitable for assessment and mitigation of risks
  • Integrate risk assessment methodology into a certification schema
  • Expand the capabilities of the schema with rapid and frequent risk re-assessment and certification.

The need:

  • Strong on-going political trend on cybersecurity certification (e.g., see the EU Cybersecurity Act, or the outcomes from

ESCO, 4 Pilot projects, etc.)

  • Security certification schemes targeting products (e.g., Common Criteria) are not risk-assessment based, unlike the
  • nes for processes (e.g., ISO 27001, NIST CSF, CSA).
  • Security group of IIT has very good knowledge in risk assessment and certification. There is a risk assessment tool for

network systems to start with.

slide-9
SLIDE 9

Bibliography

9

Topic 1. Usage Control in IoT

  • A. La Marra, F. Martinelli, P. Mori, A. Rizos, A. Saracino. Introducing Usage Control in MQTT protocol for IoT. In Proceedings
  • f the 3rd Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS 2017). In

Conjunction With ESORICS 2017. Lecture Notes in Computer Science, vol 10683. Springer, Cham (2017), 35--43, DOI 10.1007/978-3-319-72817-9_3

Topic 2. Offensive and Defensive security in Automotive

  • Costantino, G., Matteucci, I.: CANDY CREAM - haCking infotAiNment anDroid sYstems to Command instRument clustEr via

cAn data fraMe. In: Proceedings of the 17th IEEE International Conference on Embedded and Ubiquitous Computing EUC

  • 2019. IEEE (2019, in press)

Topic 3. Fake News Detection

  • Guido Caldarelli, Rocco De Nicola, Fabio Del Vigna, Marinella Petrocchi, Fabio Saracco: The role of bot squads in the

political propaganda on Twitter. CoRR abs/1905.12687 (2019)

Topic 4. Risk assessment for certification

  • George Hatzivasilis, Panos Chatziadam, Nikos Petroulakis, Sotiris Ioannidis, Matteo Mangini, Christos Kloukinas, Artsiom

Yautsiukhin, Michalis Antoniou, Dimitrios G. Katehakis, Marios Panayiotou: Cyber Insurance of Information Systems: Security and Privacy Cyber Insurance Contracts for ICT and Helathcare Organizations. CAMAD 2019: 1-6

slide-10
SLIDE 10

Pisa, 5 Dicembre 2019 Istituto di Informatica e Telematica CNR – Pisa, Italy

Thank you!