Main menu:

Supported by the TENACE PRIN project Tenace Prin Project

and by


CINI

Invited Speakers

(all confirmed)


Roberto Baldoni, Sapienza University of Rome

National Framework of Cybersecurity

This talk will present a national framework of cyber security whose aim is to provide domestic organizations of a country with an homogeneous and coherent approach to manage and practice cyber security operations to reduce the cyber risk. The framework presented in this talk extends the NIST one while at the same time is contextualized for the Italian economy. The talk will introduce the main steps for the adoption of the framework by an organization and who are the players that can provide contextualization of the framework for a given economic sector. The talk will analyze the advantages for adopting such a framework for the government, for regulated sectors and for different types of domestic companies. Finally, the framework is positioned with respect to similar experiences running in different countries.


Andrea Ceccarelli, University of Florence

Biometric recognition for secure and trusted services

Biometric techniques offer emerging solutions for secure and trusted authentication. However, parallel to the spreading usage of biometric systems, the incentive in their misuse is also growing, especially considering their possible application in the financial and banking sectors. This talk introduces fundamentals of biometric authentication, and discusses security and privacy issues as well as the main threats to biometric systems. Possible countermeasures from the state of the art to selected attacks are also surveyed. Further, the talk digs into the topic of continuous authentication, an approach that turns user verification into a continuous process rather than a one-time occurrence. Continuous authentication protocols are discussed to protect mobile devices and control rooms. Finally, a model-based approach for the security assessment of a continuous authentication solution is discussed.


Bruno Crispo, University of Trento

Security and Privacy Issues of Android Platforms

The lecture presents the security and privacy features of the main smartphone platform. It describes its ecosystems and the security issues related to it. Then, it provides an overview of the main research results aiming at enhancing the security and privacy of the platform. The first part of the lecture covers approaches strengthening the security of the platform itself while the second parts overview approaches that operate at the level of mobile applications.


Salvatore D'Antonio and Luigi Coppolino, University of Naples Partenophe

Enabling convergence of physical and logical security through multi-sensor data fusion

Technologies for implementing security services in the physical and in the logical domain are both stable and mature, but they have been developed independently of each other. Some of them have recently merged, but real convergence of physical and logical security technologies is still a faraway target. By "convergence" we mean effective cooperation (i.e. a coordinated and results-oriented effort to work together) among previously disjointed functions. This talk presents a correlation-based approach that aims at detecting coordinated and sophisticated attacks by exploiting multi-sensor data fusion techniques, thus bringing a significant advancement in the convergence of physical and logical security. Security-related events are collected from multiple and heterogeneous sources in the logical and in the physical domain in order to get an accurate picture of the security status of the infrastructure being protected. The proposed approach relies on the use of data fusion algorithms to combine the collected information and enable a timely and effective attack detection.


Luigi Vincenzo Mancini, Sapienza University of Rome

Secure Information Sharing in Federated Heterogeneous Clouds Infrastructures

Gartner's quadrant shows that non-European companies (such as: Amazon, Google, and Microsoft) control most of the cloud computing market. It appears that any proposal for a cloud-solution for Europe has to consider also the issues concerning the use of a public cloud solution based on foreign companies. Such issues include: Violation of User Privacy, Risk of mass surveillance, and International Litigation in the presence of illegal acts, such as misappropriation of personal data. In all this cases, the damage could be very serious, with the difficulty of achieving legal solutions and/or prosecution, if the Cloud provider resides in a non-European state. Research and innovation are needed to overcome the obstacles in adopting commercial public cloud solutions in Europe. This lecture provides an overview of possible solutions, and of open research problems to be addressed to create large cloud infrastructures for public bodies and enterprises in Europe. The contributions are based on the activities carried out under the SUNFISH project (N-644666) funded by the EC H2020 Program.


Bart Preneel, Katholieke Universiteit Leuven

Cryptography and Information Security in the post-Snowden era

In June 2013 Snowden has transferred a set of sensitive documents to journalists, resulting in a continuous stream of revelations on mass surveillance by governments. In this talk we present an overview of these revelations; we also discuss their impact on our understanding of mass surveillance practices and the security of ICT systems. In particular, we discuss the known ways in which sophisticated attackers can bypass or undermine cryptography. We conclude by analyzing how these revelations affect future research in information security and privacy.


Vladimiro Sassone, University of Southampton

Tor: beyond myth and reality

Tor -often dubbed the "dark net" or the "deep web"- is the most well known, successful and controversial anonymity network. Acclaimed by some as a beacon of freedom from surveillance, demonised by others as tool for criminals, Tor is a de facto anonymity standard providing a neat crypto-protocol, a practical implementation, a web browser, and an entire operating system. In this lecture we will review concepts and principles of anonymity networks and illustrate the mechanisms of onion routing. We will focus on threats and attacks from both the point of view of attackers and defenders, and look into the social and criminology implications of some of the phenomena that Tor enables.


Stefano Zanero, Politecnico di Milano University

Detecting and fighting frauds in modern banking infrastructures

In this talk we will briefly analyze the most significant threat and fraud vectors for banking infrastructures. Then we will focus on a modern, multi-pronged approach to combat them, by: a) detecting in near-real-time anomalous, fraudulent transactions by comparing them against the past behavior of users b) analyzing and characterizing banking trojans and financial malware, extracting signatures of their behavior c) using these technologies to protect banking websites and online transactions against fraud We will show industrial and lab validation of the approaches, thanks to our cooperation with a leading Italian bank and two leading information security firms.