diff --git a/_data/destinations.yml b/_data/destinations.yml index 01b4b298..eaa3cd4c 100644 --- a/_data/destinations.yml +++ b/_data/destinations.yml @@ -102,6 +102,12 @@ url: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6979 type: journal +- id: TDSC + name: IEEE Transactions on Dependable and Secure Computing + acronym: TDSC + url: https://www.computer.org/csdl/journals/tq + type: journal + - id: TIFS name: IEEE Transactions on Information Forensics and Security acronym: TIFS diff --git a/_data/publications.yml b/_data/publications.yml index f74bc4b2..73c02817 100644 --- a/_data/publications.yml +++ b/_data/publications.yml @@ -1918,16 +1918,6 @@ doi: 10.1145/3532105.3535042 urlNews: /news/2022/04/25/demo-accepted-at-sacmat-2022/ -- id: TDSC2022 - title: "A Multi-Layered Methodology to Assist the Secure and Risk-Aware Design of Authentication Protocols: Application to Passwordless Solutions based on eID Cards" - authors: - - MarcoPernpruner - - RobertoCarbone - - GiadaSciarretta - - SilvioRanise - abstract: > - Authentication protocols represent the entry point to online services, so they must be sturdily designed in order to allow only authorized users to access the underlying data. However, designing authentication protocols is a complex process: security designers should carefully select the technologies to involve and integrate them properly in order to prevent potential vulnerabilities. In addition, these choices are usually restricted by further factors, such as the requirements associated with the scenario, the regulatory framework, the dimensions to balance (e.g., security vs. usability), and the standards to rely on. We come to the rescue by presenting an automated multi-layered methodology we have developed to assist security designers in this phase: by repeatedly evaluating their protocols, they can select the security mitigations to consider until they reach the desired security level, thus enabling a security-by-design approach. For concreteness, we also show how we have applied our methodology to a real use case scenario in the context of a collaboration with the Italian Government Printing Office and Mint. - ## 2023 - id: ARES2023 id_iris: 338827 @@ -2018,4 +2008,18 @@ doi: 10.5220/0012084000003555 urlNews: /news/2023-04-24-paper-accepted-at-secrypt/ +- id: TDSC2022 + title: "An Automated Multi-Layered Methodology to Assist the Secure and Risk-Aware Design of Multi-Factor Authentication Protocols" + authors: + - MarcoPernpruner + - RobertoCarbone + - GiadaSciarretta + - SilvioRanise + abstract: > + Authentication protocols represent the entry point to online services, so they must be sturdily designed in order to allow only authorized users to access the underlying data. However, designing authentication protocols is a complex process: security designers should carefully select the technologies to involve and integrate them properly in order to prevent potential vulnerabilities. In addition, these choices are usually restricted by further factors, such as the requirements associated with the scenario, the regulatory framework, the dimensions to balance (e.g., security vs. usability), and the standards to rely on. We come to the rescue by presenting an automated multi-layered methodology we have developed to assist security designers in this phase: by repeatedly evaluating their protocols, they can select the security mitigations to consider until they reach the desired security level, thus enabling a security-by-design approach. For concreteness, we also show how we have applied our methodology to a real use case scenario in the context of a collaboration with the Italian Government Printing Office and Mint. + destination: TDSC + year: 2023 + doi: 10.1109/TDSC.2023.3296210 + urlNews: /news/2023/07/17/paper-accepted-at-tdsc/ + # PLEASE KEEP ALPHABETICAL ORDER BY ID WITHIN YEARS diff --git a/_news/2023-07-17-paper-accepted-at-tdsc.md b/_news/2023-07-17-paper-accepted-at-tdsc.md new file mode 100644 index 00000000..0509a004 --- /dev/null +++ b/_news/2023-07-17-paper-accepted-at-tdsc.md @@ -0,0 +1,11 @@ +--- +title: Paper accepted at TDSC +papers: + - TDSC2022 + +people: + - MarcoPernpruner + - GiadaSciarretta + - RobertoCarbone + - SilvioRanise +--- diff --git a/_topics/IdentityManagement.md b/_topics/IdentityManagement.md index c0e1257d..20ab2160 100644 --- a/_topics/IdentityManagement.md +++ b/_topics/IdentityManagement.md @@ -28,6 +28,7 @@ publications: - DBSEC2022 - FPS2019 - STM2019 + - TDSC2022 theses: - DamianoSartori_B