diff --git a/.github/workflows/update-cs-website.yml b/.github/workflows/update-cs-website.yml new file mode 100644 index 0000000..b3953cb --- /dev/null +++ b/.github/workflows/update-cs-website.yml @@ -0,0 +1,163 @@ +name: update-cs-website + +env: + API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} + DESTINATION_REPO: 'csfbk/csfbk.github.io' + USER_NAME: 'csfbk' + USER_EMAIL: 'cs@fbk.eu' + UNIT_ACRONYM: 'st' + +on: + push: + paths: + - '_data/destinations.yml' + - '_data/members.yml' + - '_data/people.yml' + - '_data/publications.yml' + - '_data/theses.yml' + - 'assets/areas/people/**' + +jobs: + check-changes: + runs-on: ubuntu-latest + outputs: + destinations: ${{ steps.changes.outputs.destinations }} + members: ${{ steps.changes.outputs.members }} + people: ${{ steps.changes.outputs.people }} + people-pictures: ${{ steps.changes.outputs.people-pictures }} + publications: ${{ steps.changes.outputs.publications }} + theses: ${{ steps.changes.outputs.theses }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - uses: dorny/paths-filter@v3 + id: changes + with: + filters: | + destinations: + - '_data/destinations.yml' + members: + - '_data/members.yml' + people: + - '_data/people.yml' + people-pictures: + - 'assets/areas/people/**' + publications: + - '_data/publications.yml' + theses: + - '_data/theses.yml' + + update-destinations: + runs-on: ubuntu-latest + needs: check-changes + if: ${{ needs.check-changes.outputs.destinations == 'true' }} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Push destinations to CS repository + uses: dmnemec/copy_file_to_another_repo_action@main + with: + source_file: '_data/destinations.yml' + destination_repo: ${{ env.DESTINATION_REPO }} + destination_folder: '_data/destinations' + rename: 'destinations_${{ env.UNIT_ACRONYM }}.yml' + user_name: ${{ env.USER_NAME }} + user_email: ${{ env.USER_EMAIL }} + + - run: echo "Operation completed." + + update-members: + runs-on: ubuntu-latest + needs: update-destinations + if: ${{ needs.check-changes.outputs.members == 'true' && always()}} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Push data to CS repository + uses: dmnemec/copy_file_to_another_repo_action@main + with: + source_file: '_data/members.yml' + destination_repo: ${{ env.DESTINATION_REPO }} + destination_folder: '_data/members' + rename: 'members_${{ env.UNIT_ACRONYM }}.yml' + user_name: ${{ env.USER_NAME }} + user_email: ${{ env.USER_EMAIL }} + + update-people: + runs-on: ubuntu-latest + needs: update-members + if: ${{ needs.check-changes.outputs.people == 'true' && always()}} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Push data to CS repository + uses: dmnemec/copy_file_to_another_repo_action@main + with: + source_file: '_data/people.yml' + destination_repo: ${{ env.DESTINATION_REPO }} + destination_folder: '_data/people' + rename: '1_people_${{ env.UNIT_ACRONYM }}.yml' + user_name: ${{ env.USER_NAME }} + user_email: ${{ env.USER_EMAIL }} + + - run: echo "Operation completed." + + update-people-pictures: + runs-on: ubuntu-latest + needs: update-people + if: ${{ needs.check-changes.outputs.people-pictures == 'true' && always()}} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Push data to CS repository + uses: dmnemec/copy_file_to_another_repo_action@main + with: + source_file: 'assets/areas/people/' + destination_repo: ${{ env.DESTINATION_REPO }} + destination_folder: 'assets/areas/people/${{ env.UNIT_ACRONYM }}' + user_name: ${{ env.USER_NAME }} + user_email: ${{ env.USER_EMAIL }} + use_rsync: true + + - run: echo "Operation completed." + + update-publications: + runs-on: ubuntu-latest + needs: update-people-pictures + if: ${{ needs.check-changes.outputs.publications == 'true' && always()}} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Push data to CS repository + uses: dmnemec/copy_file_to_another_repo_action@main + with: + source_file: '_data/publications.yml' + destination_repo: ${{ env.DESTINATION_REPO }} + destination_folder: '_data/publications' + rename: 'publications_${{ env.UNIT_ACRONYM }}.yml' + user_name: ${{ env.USER_NAME }} + user_email: ${{ env.USER_EMAIL }} + + update-theses: + runs-on: ubuntu-latest + needs: update-publications + if: ${{ needs.check-changes.outputs.theses == 'true' && always()}} + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Push data to CS repository + uses: dmnemec/copy_file_to_another_repo_action@main + with: + source_file: '_data/theses.yml' + destination_repo: ${{ env.DESTINATION_REPO }} + destination_folder: '_data/theses' + rename: 'theses_${{ env.UNIT_ACRONYM }}.yml' + user_name: ${{ env.USER_NAME }} + user_email: ${{ env.USER_EMAIL }} \ No newline at end of file diff --git a/.github/workflows/update-destinations-cs.yml b/.github/workflows/update-destinations-cs.yml deleted file mode 100644 index 624bdb6..0000000 --- a/.github/workflows/update-destinations-cs.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: update-destinations-cs - -on: - push: - paths: - - '_data/destinations.yml' - -jobs: - copy-file: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Push to CS repository - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: '_data/destinations.yml' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: '_data/destinations' - rename: 'destinations_st.yml' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - - - name: Re-checkout on failure - if: ${{ failure() }} - uses: actions/checkout@v2 - - - name: Re-push on failure - if: ${{ failure() }} - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: '_data/destinations.yml' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: '_data/destinations' - rename: 'destinations_st.yml' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - - - run: echo "Operation completed." diff --git a/.github/workflows/update-members-cs.yml b/.github/workflows/update-members-cs.yml deleted file mode 100644 index 8ebca06..0000000 --- a/.github/workflows/update-members-cs.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: update-members-cs - -on: - push: - paths: - - '_data/members.yml' - -jobs: - copy-file: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Push to CS repository - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: '_data/members.yml' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: '_data/members' - rename: 'members_st.yml' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - - - name: Re-checkout on failure - if: ${{ failure() }} - uses: actions/checkout@v2 - - - name: Re-push on failure - if: ${{ failure() }} - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: '_data/members.yml' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: '_data/members' - rename: 'members_st.yml' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - - - run: echo "Operation completed." diff --git a/.github/workflows/update-people-cs.yml b/.github/workflows/update-people-cs.yml deleted file mode 100644 index 5a97f4f..0000000 --- a/.github/workflows/update-people-cs.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: update-people-cs - -on: - push: - paths: - - '_data/people.yml' - -jobs: - copy-file: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Push to CS repository - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: '_data/people.yml' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: '_data/people' - rename: '1_people_st.yml' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - - - name: Re-checkout on failure - if: ${{ failure() }} - uses: actions/checkout@v2 - - - name: Re-push on failure - if: ${{ failure() }} - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: '_data/people.yml' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: '_data/people' - rename: '1_people_st.yml' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - - - run: echo "Operation completed." diff --git a/.github/workflows/update-people-pictures-cs.yml b/.github/workflows/update-people-pictures-cs.yml deleted file mode 100644 index 7fece91..0000000 --- a/.github/workflows/update-people-pictures-cs.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: update-people-pictures-cs - -on: - push: - paths: - - 'assets/areas/people/**' - -jobs: - copy-file: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Push to CS repository - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: 'assets/areas/people/' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: 'assets/areas/people/st' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - use_rsync: true - - - name: Re-checkout on failure - if: ${{ failure() }} - uses: actions/checkout@v2 - - - name: Re-push on failure - if: ${{ failure() }} - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: 'assets/areas/people/' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: 'assets/areas/people/st' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - use_rsync: true - - - run: echo "Operation completed." diff --git a/.github/workflows/update-publications-cs.yml b/.github/workflows/update-publications-cs.yml deleted file mode 100644 index 761c092..0000000 --- a/.github/workflows/update-publications-cs.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: update-publications-cs - -on: - push: - paths: - - '_data/publications.yml' - -jobs: - copy-file: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Push to CS repository - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: '_data/publications.yml' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: '_data/publications' - rename: 'publications_st.yml' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - - - name: Re-checkout on failure - if: ${{ failure() }} - uses: actions/checkout@v2 - - - name: Re-push on failure - if: ${{ failure() }} - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: '_data/publications.yml' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: '_data/publications' - rename: 'publications_st.yml' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - - - run: echo "Operation completed." diff --git a/.github/workflows/update-theses-cs.yml b/.github/workflows/update-theses-cs.yml deleted file mode 100644 index e18e72c..0000000 --- a/.github/workflows/update-theses-cs.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: update-theses-cs - -on: - push: - paths: - - '_data/theses.yml' - -jobs: - copy-file: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - - - name: Push to CS repository - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: '_data/theses.yml' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: '_data/theses' - rename: 'theses_st.yml' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - - - name: Re-checkout on failure - if: ${{ failure() }} - uses: actions/checkout@v2 - - - name: Re-push on failure - if: ${{ failure() }} - uses: dmnemec/copy_file_to_another_repo_action@main - env: - API_TOKEN_GITHUB: ${{ secrets.CS_SYNC_TOKEN }} - with: - source_file: '_data/theses.yml' - destination_repo: 'csfbk/csfbk.github.io' - destination_folder: '_data/theses' - rename: 'theses_st.yml' - user_name: 'csfbk' - user_email: 'cs@fbk.eu' - - - run: echo "Operation completed." diff --git a/_data/destinations.yml b/_data/destinations.yml index 701942b..e944313 100644 --- a/_data/destinations.yml +++ b/_data/destinations.yml @@ -1031,7 +1031,7 @@ - id: ARES2023 name: 18th International Conference on Availability, Reliability and Security acronym: ARES 2023 - url: https://www.ares-conference.eu + url: https://2023.ares-conference.eu/ type: conference location: Benevento, Italy startDate: "2023-08-29" @@ -1047,8 +1047,8 @@ startDate: "2022-07-19" endDate: "2022-07-21" -- id: ECML/PKDD2023_PP - name: ECML/PKDD 2023 Post-Workshops and Tutorials Proceedings +- id: ECML/PKDD2023_WP + name: Machine Learning and Principles and Practice of Knowledge Discovery in Databases url: https://2023.ecmlpkdd.org/ type: post-proceedings @@ -1121,7 +1121,7 @@ acronym: Ital-IA 2024 url: https://ital-ia2024.it/ type: conference - location: Napoli, Italy + location: Naples, Italy startDate: "2024-05-29" endDate: "2024-05-30" diff --git a/_data/members.yml b/_data/members.yml index 5f8981e..162d63a 100644 --- a/_data/members.yml +++ b/_data/members.yml @@ -139,6 +139,15 @@ former: yearFrom: 2024 yearTo: 2024 + - personId: AlessandroTomasi + formerRole: Researcher + yearTo: 2023 + + - personId: ZahraEbadiAnsaroudi + formerRole: Researcher + yearFrom: 2021 + yearTo: 2023 + phdStudents: - personId: FedericoSinigaglia thesisId: FedericoSinigaglia_P @@ -187,6 +196,9 @@ former: - personId: MarcoPernpruner thesisId: MarcoPernpruner_P + + - personId: StefanoBerlato + thesisId: StefanoBerlato_P students: - personId: MarcoPernpruner diff --git a/_data/people.yml b/_data/people.yml index 1dbbf28..d49a132 100644 --- a/_data/people.yml +++ b/_data/people.yml @@ -29,11 +29,6 @@ - id: AlbertoSiena name: Alberto surname: Siena - affiliations: - - role: Innovation Manager - institution: Securics - place: Trento, Italy - image: https://sites.google.com/site/albertosiena/_/rsrc/1263330308767/config/app/images/as.jpg - id: AlessandroArmando name: Alessandro @@ -44,7 +39,7 @@ institution: University of Genoa place: Genoa, Italy email: alessandro.armando@unige.it - image: https://rubrica.unige.it/static/foto/VUZDXlxu.jpg?1688135377.3747 + image: https://rubrica.unige.it/static/foto/VUZDXlxu.jpg - id: AlessandroBiasi name: Alessandro @@ -75,11 +70,6 @@ - id: AlessandroTomasi name: Alessandro surname: Tomasi - affiliations: - - role: Head of Unit - unit: AppLiEd cryptograPHy - institution: Fondazione Bruno Kessler - place: Trento, Italy email: altomasi@fbk.eu phone: "+390461314506" image: https://aleph.fbk.eu/assets/areas/people/AlessandroTomasi.jpg @@ -153,10 +143,6 @@ - id: AnnibalePanichella name: Annibale surname: Panichella - affiliations: - - role: Assistant Professor - institution: Delft University of Technology - place: Delft, The Netherlands - id: AntoninoSabetta name: Antonino @@ -173,10 +159,6 @@ - id: BiniamFissehaDemissie name: Biniam Fisseha surname: Demissie - affiliations: - - role: Senior Security Researcher - institution: Technology Innovation Institute - place: Abu Dhabi, United Arab Emirates - id: BrunoCrispo name: Bruno @@ -193,7 +175,6 @@ - id: CarlottaTagliaro name: Carlotta surname: Tagliaro - image: https://media-exp1.licdn.com/dms/image/C4E03AQEPRt71VVgABw/profile-displayphoto-shrink_200_200/0?e=1611187200&v=beta&t=mmnzNewMBhrMwqgAbd0ne8RA6kTdqBtvnn8YCCpbkq4 - id: CeciliaPasquini name: Cecilia @@ -325,10 +306,6 @@ - id: EmanueleViglianisi name: Emanuele surname: Viglianisi - affiliations: - - role: Data Engineer - institution: Runtastic - place: Linz, Austria image: https://emavgl.github.io/images/avatar.jpg - id: EmilianoRizzonelli @@ -467,7 +444,6 @@ - id: GiovanniFerronato name: Giovanni surname: Ferronato - image: https://media-exp1.licdn.com/dms/image/C5603AQEcwxof36633Q/profile-displayphoto-shrink_200_200/0?e=1611187200&v=beta&t=h5fI2ngKcl-4rahGVBf4cRWY9ZzhGnKSDqRsz5fwo6s - id: GiovanniMagoga name: Giovanni @@ -480,10 +456,6 @@ - id: GiovanniMariaAbbiati name: Giovanni Maria surname: Abbiati - affiliations: - - role: Research Fellow - institution: University of Milan - place: Milan, Italy email: giovanni.abbiati@unimi.it - id: GiulioPellizzari @@ -528,7 +500,6 @@ name: Ivan surname: Vaccari email: ivan.vaccari@ieiit.cnr.it - image: https://www.cnr.it/peoplepublic/peoplepublic/index/profileimage/login/ivanvaccari - id: IvanValentini name: Ivan @@ -555,11 +526,6 @@ - id: LauraCristiano name: Laura surname: Cristiano - affiliations: - - role: Researcher - unit: Center for Cybersecurity - institution: Fondazione Bruno Kessler - place: Trento, Italy email: l.cristiano@fbk.eu - id: LeonardoDeMoura @@ -666,11 +632,6 @@ - id: MarianoCeccato name: Mariano surname: Ceccato - affiliations: - - role: Assistant Professor - unit: Department of Computer Science - institution: University of Verona - place: Verona, Italy email: mariano.ceccato@univr.it image: https://www.di.univr.it/documenti/Persona/foto/foto347921.jpg @@ -698,7 +659,6 @@ name: Massimo surname: Merro email: massimo.merro@univr.it - image: https://www.di.univr.it/documenti//Persona/foto/foto450272.jpg - id: MatildeSalaorni name: Matilde @@ -883,11 +843,6 @@ - id: RiccardoLongo name: Riccardo surname: Longo - affiliations: - - role: Researcher - unit: AppLiEd cryptograPHy - institution: Fondazione Bruno Kessler - place: Trento, Italy email: rlongo@fbk.eu - id: RiccardoLussana @@ -991,10 +946,6 @@ - id: SergiiKushch name: Sergii surname: Kushch - affiliations: - - role: Senior Research Fellow - institution: University of Limerick - place: Limerick, Ireland - id: SergioManuelNobregaGoncalves name: Sergio Manuel @@ -1061,15 +1012,6 @@ - id: StefanoBerlato name: Stefano surname: Berlato - affiliations: - - role: PhD Student - unit: AppLiEd cryptograPHy - institution: Fondazione Bruno Kessler - place: Trento, Italy - - role: PhD Student - unit: DIBRIS - institution: University of Genoa - place: Genoa, Italy email: sberlato@fbk.eu - id: StefanoCamposilvan @@ -1102,11 +1044,6 @@ - id: TuanAnhTruong name: Tuan Anh surname: Truong - affiliations: - - role: Lecturer - unit: Faculty of Computer Science and Engineering - institution: HCMC University of Technology - place: Vietnam email: anhtt@cse.hcmut.edu.vn - id: UmbertoMorelli @@ -1151,11 +1088,6 @@ - id: ZahraEbadiAnsaroudi name: Zahra surname: Ebadi Ansaroudi - affiliations: - - role: Researcher - unit: AppLiEd cryptograPHy - institution: Fondazione Bruno Kessler - place: Trento, Italy email: zebadiansaroudi@fbk.eu # Please keep alphabetical order diff --git a/_data/publications.yml b/_data/publications.yml index 2e553cb..59d67f3 100644 --- a/_data/publications.yml +++ b/_data/publications.yml @@ -17,8 +17,8 @@ doi: 10.1007/978-3-642-15763-9_36 - id: HVC2010 - id_iris: 21635 - title: Automated Symbolic Analysis of ARBAC Policies + id_iris: 270624 + title: The SMT-LIB Initiative and the Rise of SMT authors: - ClarkBarrett - LeonardoDeMoura @@ -1996,6 +1996,7 @@ doi: 10.1007/978-3-031-37586-6_7 - id: ECML/PKDD2023_W + #id_iris: title: Towards a Fine-Grained Threat Model for Video-Based Remote Identity Proofing authors: - CeciliaPasquini @@ -2004,8 +2005,10 @@ - SilvioRanise abstract: > The attack landscape against video-based face verification is rapidly evolving, thus leading to increased opportunities of impersonation and identity theft within remote identity proofing processes. To support reliable security and risk analyses, we provide an extended threat model composed of threats and security controls for the face acquisition phase. Special emphasis is devoted to recent advancements in video synthesis and physical rendering, as well as diversified approaches for liveness detection. - destination: ECML/PKDD2023_PP - year: 2023 + destination: ECML/PKDD2023_WP + destinationAddon: International Workshops of ECML PKDD 2023, Revised Selected Papers, Part II + year: 2024 + #doi: urlNews: /news/2023/11/20/paper-accepted-at-ecml-pkdd-post-workshop-proceedings/ - id: EVOTEID2023 @@ -2023,28 +2026,13 @@ abstract: > This paper presents an architecture for an OAuth 2.0-based i-voting solution using a mobile native client in a variant of the Araújo-Traoré protocol. We follow a systematic approach by identifying relevant OAuth 2.0 specifications and best practices. Having defined our framework, we identify threats applicable to our proposed methodology and detail how our design mitigates them to provide a safer i-voting process. destination: EVOTEID2023 - #doi: 10. + #doi: tags: - ThresholdCryptography - ZKP - SMPC - PrivacyEnhancingCryptography - DecentralizationOfTrust - -- id: POLSIM2023 - #id_iris: 323366 - title: "A Simulation Framework for the Experimental Evaluation of Access Control Enforcement Mechanisms based on Business Processes" - authors: - - StefanoBerlato - - RobertoCarbone - - SilvioRanise - abstract: > - While the security analysis of Access Control (AC) policies has received a lot of attention, the same cannot be said for their enforcement. As systems become more distributed (e.g., centralized services may become a bottleneck) and legal compliance constraints stricter (e.g., the problem of honest but curious Cloud providers in the light of privacy regulations), the fine-tuning of AC enforcement mechanisms is likely to become more and more important. This is especially true in scenarios where the quality of service may suffer from computationally heavy security mechanisms and low latency is a prominent requirement. As a first step towards a principled approach to fine-tune AC enforcement, this paper introduces a methodology providing the means to measure the performance of AC enforcement mechanisms through the simulation of realistic deployment scenarios. To do so, we base our methodology on Business Process Model and Notation (BPMN) workflows—that provide for an appropriate abstraction of the sequence of requests toward AC enforcement mechanisms performed by applications—to derive lists of AC operations (e.g., access a resource, revoke a permission) and execute them to evaluate and compare the performance of different mechanisms. Finally, we implement our methodology and apply it to three case studies representative of both traditional centralized AC—i.e., the Open Policy Agent (OPA) and the eXtensible Access Control Markup Language (XACML)—and decentralized Cryptographic Access Control (CAC)—i.e., CryptoAC—. - destination: POLSIM2023 - year: 2023 - #doi: 10.1145/3320269.3384767 - urlComplementary: /complementary/POLSIM2023 - #urlNews: /news/2020/02/15/paper-accepted-at-asiaccs-2020/ - id: RACS2023 id_iris: 344627 @@ -2144,6 +2132,7 @@ urlNews: /news/2024/09/26/paper-accepted-at-ieee-sp/ - id: iMETA2024 + #id_iris: title: "Beyond Screens: Investigating Identity Proofing for the Metaverse Through Cross-Device Flows" authors: - MarcoPernpruner @@ -2151,11 +2140,11 @@ - GiadaSciarretta - SilvioRanise abstract: > - The paper addresses the design of identity proofing flows based on the validation of authoritative identity evidence (such as electronic passports or identity documents) for metaverse-based applications. This problem arises in business use cases where users can perform sensitive or legally binding operations with their Virtual Reality (VR) headsets.
- To this end, a cross-device flow is proposed where users first interact with their mobile device to get securely identified by presenting a valid identity evidence, and successively wear the headset to set their access credentials by presenting a suitably designed identity transfer code. According to best practices for cross-device flows, the proposed approach incorporates a number of both known and newly introduced security measures, which are thoroughly discussed in relation to possible impersonation attacks against the cross-device transfer phase. + This paper presents a secure identity proofing flow for metaverse-based applications, enabling the validation of authoritative identity evidence (such as electronic passports and identity cards) to support sensitive or legally binding operations performed through virtual reality (VR) headsets. These use cases, common in business environments, require users' credentials to be strongly linked to verified real-world identities, ensuring compliance with regulatory standards.
+ The solution involves a cross-device flow where users first verify their identity on a mobile device by presenting valid identity evidence. This verified identity is then transferred to the VR headset, where users can register and activate credentials for future authentication. Beyond providing key security considerations and defining a taxonomy of possible attacks, we discuss how our design choices enhance the security of the flow. destination: iMETA2024 year: 2024 - doi: + #doi: urlNews: /news/2024/09/02/paper-accepted-at-imeta-2024/ - id: Ital-IA2024 @@ -2169,6 +2158,7 @@ In the rapidly evolving landscape of Artificial Intelligence (AI), ensuring the trustworthiness of AI tools deployed in sensitive use cases, such as judicial or healthcare processes, is paramount. The management of AI risks in judicial systems necessitates a holistic approach that includes various elements, such as technical, ethical considerations, and legal responsibilities. This approach should not only involve the application of risk management frameworks and regulations but also focus on the education and training of legal professionals. For this, we propose a risk-based approach designed to evaluate and mitigate potential risks associated with AI applications in judicial settings. Our approach is a semi-automated process that integrates both user (i.e., judge) feedback and technical insights to assess the AI tool’s alignment with Trustworthy AI principles. destination: Ital-IA2024 year: 2024 + url: https://ceur-ws.org/Vol-3762/469.pdf urlNews: /news/2024/04/24/paper-accepted-at-ital-ia-2024/ - id: JISA2024 diff --git a/_data/theses.yml b/_data/theses.yml index 772b184..c2928f0 100644 --- a/_data/theses.yml +++ b/_data/theses.yml @@ -989,6 +989,21 @@ year: 2024 institution: University of Trento +- id: StefanoBerlato_P + title: "A Security Service for Performance-Aware End-to-End Protection of Sensitive Data in Cloud Native Applications" + type: P + author: StefanoBerlato + abstract: > + The characteristics of cloud native applications — like decentralized architectures, high automation, and dynamic and interconnected microservices — bring forth a number of security challenges across both architectural design and lifecycle management. Some prominent challenges are authentication and authorization, real-time detection of security incidents, network security, microservice (as well as container) security, and, especially, data security. An ecosystem of security mechanisms already exists and provides excellent solutions addressing these challenges throughout the developing and operating of cloud native applications: identity and access management, monitoring and logging, intrusion prevention and detection systems, vulnerabilities assessment and hardening, and cryptography, to mention a few. Nonetheless, despite the availability of such a rich ecosystem, some cloud native applications entail additional considerations linked to the aforementioned challenges — and, in particular, to data security — which may need to be contemplated when evaluating the adoption of security mechanisms and their effectiveness. First, the level of trust assigned to participating parties within the scope of some cloud native applications is inherently limited — e.g., those aligning with the well-known security-by-design and zero trust principles. These cloud native applications confront a multifaceted threat landscape that extends beyond external attackers by including malicious insiders and honest-but-curious cloud providers which threaten the confidentiality and integrity of the (often sensitive) data managed by cloud native applications. Moreover, cloud native applications are frequently deployed in resource-constrained environments — e.g., the Internet of Things (IoT) — or operate in delicate fields (e.g., eHealth, automotive) offering critical functions (e.g., remote monitoring, cooperative vehicle maneuvering) where the quality of service may suffer from computationally or network heavy security mechanisms. In other words, security is not absolute, and its achievement must instead be balanced with that of performance requirements relevant to the underlying cloud native applications — e.g., low latency, minimal bandwidth utilization, and high scalability — underscoring the necessity for nuanced security mechanisms that are mindful of performance aspects. Therefore, in this thesis, we propose a security service addressing the convoluted dynamics of data security in cloud native applications. Our security service comprises four security mechanisms — namely CryptoAC, ACE and ACME, and MOMO — which implement the actual contributions of this thesis as we describe below. First, the threat model of cloud native applications requires preventing unauthorized access to data while offering strong guarantees of data confidentiality and integrity. To this end, we consider the use of cryptography to enforce Access Control (AC) policies — a combination usually called Cryptographic Access Control (CAC) — and propose the design of two CAC schemes, compatible with the aforementioned characteristics, for the end-to-end (E2E) protection of data both in transit and at rest in cloud native applications. We implement both CAC schemes — one for Role-Based Access Control (RBAC) and one Attribute-Based Access Control (ABAC) — into CryptoAC , discuss its security, and conduct a thorough performance evaluation. Then, we propose a methodology for evaluating the performance of generic AC enforcement mechanisms — hence, applicable to both CAC and centralized AC — starting from realistic workloads expressed as Business Process Model and Notation (BPMN) workflows. In detail, our methodology comprises a procedure deriving sequences of AC requests (e.g., access data, distribute permission) which are representative of the scenarios in which a cloud native application is deployed, and an evaluator executing these sequences against the AC enforcement mechanisms under test; we implement the procedure and the evaluator into ACE and ACME, respectively. Finally, we define an architectural model that identifies the common base building blocks of CAC over which we formalize a Multi-Objective Combinatorial Optimization Problem (MOCOP) to balance the achievement of security and performance in cloud native applications. Consequently, we implement an algorithm to solve the aforementioned MOCOP in MOMO, for which we provide both a conceptual application and a proof-of-concept application. + supervisor: + - SilvioRanise + co-supervisor: + - RobertoCarbone + year: 2024 + cycle: XXXVI + institution: University of Genoa + doi: 10.15167/berlato-stefano_phd2024-05-31 + - id: StefanoCamposilvan_B title: Estimating the Likelihood of Successful Adversarial Examples Transferability type: B diff --git a/_includes/list-people.html b/_includes/list-people.html index 75537ef..bf4d496 100644 --- a/_includes/list-people.html +++ b/_includes/list-people.html @@ -248,22 +248,23 @@ {% endif %}
{% if person.name and person.surname %}

{{ person.name }} {{ person.surname }}

{% endif %} - {% if role and details contains "role" %}

{{ role }}

{% endif %} {% if type %}

{{ type }}

{% endif %} {% if details contains "unit" or details contains "institution" or details contains "place" %} {% for affiliation in person.affiliations %}
+ {% if affiliation.role and details contains "role" %}

{{ affiliation.role }}

{% endif %} {% if affiliation.unit and details contains "unit" %}

{{ affiliation.unit }}

{% endif %} {% if affiliation.institution and details contains "institution" %}

{{ affiliation.institution }}

{% endif %} {% if affiliation.place and details contains "place" %}

{{ affiliation.place }}

{% endif %}
{% endfor %} - {% elsif details contains "internalUnit" %} + {% elsif details contains "internalRole" or details contains "internalUnit" %} {% for affiliation in person.affiliations %} {% if affiliation.institution == "Fondazione Bruno Kessler" %} {% if affiliation.unit == "Security & Trust" or affiliation.unit == "Center for Cybersecurity" %}
-

{{ affiliation.unit }}

+ {% if details contains "internalRole" %}

{{ affiliation.role }}

{% endif %} + {% if details contains "internalUnit" %}

{{ affiliation.unit }}

{% endif %}
{% endif %} {% endif %} @@ -271,7 +272,6 @@ {% endif %} {% if institution %}

{{ institution }}

{% endif %} {% if formerRole %}

{{ formerRole }}

{% endif %} - {% if currentRole and details contains "currentRole" %}

{{ currentRole }}

{% endif %} {% if additionalInfo.topic and details contains "topic" %}

{{ additionalInfo.topic }}

{% endif %} {% if thesis.title and details contains "thesis" %}

Thesis: {{ thesis.title }}

{% endif %}
diff --git a/_people/current.md b/_people/current.md index 58e16cc..dbeaaa3 100644 --- a/_people/current.md +++ b/_people/current.md @@ -5,11 +5,11 @@ permalink: /people/ ---

Heads

-{% assign details = "picture, role, email, phone, personalPage, website" | split: ", " %} +{% assign details = "picture, internalRole, email, phone, personalPage, website" | split: ", " %} {% include list-people.html source=site.data.members.current.head style="card" details=details %}

Members

-{% assign details = "picture, role, email, phone, personalPage, website" | split: ", " %} +{% assign details = "picture, internalRole, email, phone, personalPage, website" | split: ", " %} {% include list-people.html source=site.data.members.current.members style="card" details=details sort="name" %} {%- if site.data.members.current.collaborators.size > 0 -%} diff --git a/_people/former.md b/_people/former.md index a9c04c7..63f22c2 100644 --- a/_people/former.md +++ b/_people/former.md @@ -14,7 +14,7 @@ permalink: /people/former {%- if site.data.members.former.members.size > 0 -%}

Former Members

- {% assign details = "formerRole, currentRole, year, personalPage" | split: ", " %} + {% assign details = "formerRole, year, personalPage" | split: ", " %} {% include list-people.html source=site.data.members.former.members style="list" details=details sort="name" %} {%- endif -%} diff --git a/assets/css/custom.css b/assets/css/custom.css index 985b602..22e5958 100644 --- a/assets/css/custom.css +++ b/assets/css/custom.css @@ -333,6 +333,12 @@ li.abstract, li.bio { margin-bottom: 10px; } +.affiliation.more + .affiliation.more { + border-top: 2px solid #f5f5f5; + margin: 1rem 0 0; + padding: 1rem 0 0; +} + ul.publications li, ul.dissemination li, ul.events li,