Current Projects
The European Network for Cyber Security (NECS) addresses the training and development of a European talent pool to help implement and support the European Cyber-security strategy2 as highlighted in the EC’s Digital Agenda. Today there is a strongest need than ever to grow researchers that combine a strong academic foundation with practical experiences, technological expertise with awareness of the socio-economic and legal context and conviction to furthering research with an entrepreneurial spirit. The 4-year NECS project for a cyber-security research and training network makes a significant contribution towards meeting the increased demand of human expertise in this critical field. NECS fosters a multi-sector/multi-disciplinary approach that is absolutely necessary for tackling coherently all cyber-security needs as recognized by the Network and Information Security (NIS) platform that has been established by the EU in order to develop a public/private cooperation strategy.
Funding: 515KEuro
More info about this project »
The “Internet of Things” (IoT) is expected to continue to grow exponentially in the foreseeable future. An important recent trend is that the connection between the Internet and elements of the physical world (such as machines, robots, cars, production facilities, and so forth) is getting stronger and stronger. Moreover, these systems are integrating more and more with and within our human bodies; currently we observe this trend for wellness and medical applications and one can expect that this will result in growing processing of information in and around the human body. The hardware and software infrastructure that supports this global network of systems is one of the most impressive technological achievements of mankind. But unfortunately, as many incidents over the past years have shown, it is not without security flaws. The main objective of this research project is to develop technology that supports the construction of secure cyber-physical systems and a secure Internet of Things.
More info about this project »
Past Projects
International Projects
- MASTER: Managing Assurance, Security and Trust for Services
The business of the future will be characterized by highly dynamic service-oriented architectures where outsourcing and distributed management constitute the norm rather than the exception with an increasing complexity in security and trust requirements from regulations and business standards. Best-effort security will no longer be accepted and business entities will have to provide certified assurance services to customers and expect assured services from contractors in order to manage the associated business and technology risk. MASTER aims at providing methodologies and infrastructures that facilitate the monitoring, enforcement, and audit of quantifiable indicators on the security of a business process, and that provide manageable assurance of the security levels, trust levels and regulatory compliance of highly dynamic service- oriented architecture in centralized, distributed (multi-domain), and outsourcing contexts. To this extents MASTER will identify new innovation components in terms of key assurance indicators, key security indicators, protection and regulatory models and security model transformations coupled with the methodological and verification tools for the analysis and assessment of business processes. It will further define an overall infrastructure for the monitoring, enforcement, reaction, diagnosis and assessment of these indicators centralized, distributed (multi-domain), and outsourcing contexts. It will show a proof-of-concept implementation in the challenging realms of Banking/Insurance and in the e-Health IT systems. MASTER is a NESSI strategic project
Funding: 920KEuro
More info about this project »
- NESSoS: Network of Excellence on Engineering Secure Future Internet Software Services and Systems
aims at constituting and integrating a long lasting research community on engineering secure software and services. NESSoS will integrate the research labs involved; it will re-address, integrate, harmonize and foster the research activities in the necessary areas, and will increase and spread the research excellence.
Funding: 320KEuro
More info about this project »
National Projects
- TENACE
TENACE was 3-year project financed by the Italian Ministry of Education, University and Research (MIUR) under the PRIN programme. TENACE project investigated the protection of national critical infrastructures from cyber threats following a collaborative approach whenever appropriate. TENACE addressed three scenarios: financial infrastructures, power grid and transportation systems that represent three widely different settings with distinct interdepencies, threats, vulnerabilities and possible countermeasures. TENACE had the objective of defining collaborative technical and organizational methodologies to raise the protection of such CIs with the specific target of looking at the common steps in order to develop a unifying metodology and understanding the underground economics fuelling an attacker. The study of specific CI vulnerabilities and related attacks will drive the development of algorithms, models, architectures and tools as the means to enable the effective protection of critical infrastructures enhancing their degree of security and dependability by considering a continuously evolving adversary. TENACE addressed cyber attacks, combination of cyber and physical attacks and cyber fraudes in the context of power grids, transportation and financial inrastructures respectively. TENACE integrated results developed by specific research groups in order to generate solutions addressing complex attacks in each specific CI scenario. Such solutions have been validated against real data sets.
More info about this project »
- Autonomic Security
was a 2-year project financed by the Italian Ministry of Education, University and Research (MIUR) under the PRIN 2008 programme. The goal of this project is to develop innovative algorithms and frameworks for the construction of large-scale, decentralized autonomic distributed systems. We understand that this goal is overly ambitious for a 2-year project, so we focus on two tasks:
- Task 1: we will perform foundational research on self-* properties on decentralized distributed systems, with three subgoals: investigating the notion of "self", trying to making self-* properties emerge from the local interactions of a large number of nodes; studying predictive models for large-scale distributed systems, based on (potentially on-line) distributed data mining algorithms.
- Task 2: we will apply the results of our research to one specific aspect, namely self-protection against botnets.
Funding: 30KEuro
Internal Projects
- xESB: Security Enhanced Enterprise Service Bus
xESB provides a group of security mechanisms into the enterprise messaging backbone, so that it can monitor and enforce intra and inter-domain usage control policies onto messsages, service invocations and service results.
Active Members: Bruno Crispo, Gabriela Gheorghe
More info about this project
- RelBAC: Relation Based Access Control
The key idea, which differentiates RelBAC from the state of the art, e.g., Role Based Access Control (RBAC), is that permissions are modeled as relations between users and data, while access control rules are their instantiations on specific sets of users and objects. As consequence RelBAC can easily model problem difficult to express using RBAC.
Active Members: Bruno Crispo, Fausto Giunchiglia
More info about this project
- Secure Pub/Sub Systems
The goal of this research project is to provide security mechanisms for content-based publish/subscribe systems.
Active Members: Bruno Crispo, Mihaela Ion, Giovanni Russello
More info about this project
- FloodGate: A Micropayment Incentivized P2P Content Delivery Network
Floodgate is a research peer-to-peer architecture that aims at providing a scalable Content Delivery Network-like system by incentivising the peers to share their resources for monetary benefits.
Active Members Muhammad Rizwan Asghar, Bruno Crispo, Srijith Nair
More info about this project
The business of the future will be characterized by highly dynamic service-oriented architectures where outsourcing and distributed management constitute the norm rather than the exception with an increasing complexity in security and trust requirements from regulations and business standards. Best-effort security will no longer be accepted and business entities will have to provide certified assurance services to customers and expect assured services from contractors in order to manage the associated business and technology risk. MASTER aims at providing methodologies and infrastructures that facilitate the monitoring, enforcement, and audit of quantifiable indicators on the security of a business process, and that provide manageable assurance of the security levels, trust levels and regulatory compliance of highly dynamic service- oriented architecture in centralized, distributed (multi-domain), and outsourcing contexts. To this extents MASTER will identify new innovation components in terms of key assurance indicators, key security indicators, protection and regulatory models and security model transformations coupled with the methodological and verification tools for the analysis and assessment of business processes. It will further define an overall infrastructure for the monitoring, enforcement, reaction, diagnosis and assessment of these indicators centralized, distributed (multi-domain), and outsourcing contexts. It will show a proof-of-concept implementation in the challenging realms of Banking/Insurance and in the e-Health IT systems. MASTER is a NESSI strategic project
Funding: 920KEuro
More info about this project »
aims at constituting and integrating a long lasting research community on engineering secure software and services. NESSoS will integrate the research labs involved; it will re-address, integrate, harmonize and foster the research activities in the necessary areas, and will increase and spread the research excellence.
Funding: 320KEuro
More info about this project »
TENACE was 3-year project financed by the Italian Ministry of Education, University and Research (MIUR) under the PRIN programme. TENACE project investigated the protection of national critical infrastructures from cyber threats following a collaborative approach whenever appropriate. TENACE addressed three scenarios: financial infrastructures, power grid and transportation systems that represent three widely different settings with distinct interdepencies, threats, vulnerabilities and possible countermeasures. TENACE had the objective of defining collaborative technical and organizational methodologies to raise the protection of such CIs with the specific target of looking at the common steps in order to develop a unifying metodology and understanding the underground economics fuelling an attacker. The study of specific CI vulnerabilities and related attacks will drive the development of algorithms, models, architectures and tools as the means to enable the effective protection of critical infrastructures enhancing their degree of security and dependability by considering a continuously evolving adversary. TENACE addressed cyber attacks, combination of cyber and physical attacks and cyber fraudes in the context of power grids, transportation and financial inrastructures respectively. TENACE integrated results developed by specific research groups in order to generate solutions addressing complex attacks in each specific CI scenario. Such solutions have been validated against real data sets. More info about this project »
was a 2-year project financed by the Italian Ministry of Education, University and Research (MIUR) under the PRIN 2008 programme. The goal of this project is to develop innovative algorithms and frameworks for the construction of large-scale, decentralized autonomic distributed systems. We understand that this goal is overly ambitious for a 2-year project, so we focus on two tasks:
- Task 1: we will perform foundational research on self-* properties on decentralized distributed systems, with three subgoals: investigating the notion of "self", trying to making self-* properties emerge from the local interactions of a large number of nodes; studying predictive models for large-scale distributed systems, based on (potentially on-line) distributed data mining algorithms.
- Task 2: we will apply the results of our research to one specific aspect, namely self-protection against botnets.
xESB provides a group of security mechanisms into the enterprise messaging backbone, so that it can monitor and enforce intra and inter-domain usage control policies onto messsages, service invocations and service results.
Active Members: Bruno Crispo, Gabriela Gheorghe
More info about this project
The key idea, which differentiates RelBAC from the state of the art, e.g., Role Based Access Control (RBAC), is that permissions are modeled as relations between users and data, while access control rules are their instantiations on specific sets of users and objects. As consequence RelBAC can easily model problem difficult to express using RBAC.
Active Members: Bruno Crispo, Fausto Giunchiglia
More info about this project
The goal of this research project is to provide security mechanisms for content-based publish/subscribe systems.
Active Members: Bruno Crispo, Mihaela Ion, Giovanni Russello
More info about this project
Floodgate is a research peer-to-peer architecture that aims at providing a scalable Content Delivery Network-like system by incentivising the peers to share their resources for monetary benefits.
Active Members Muhammad Rizwan Asghar, Bruno Crispo, Srijith Nair
More info about this project