I am hiring!

Interested in doing research on System security, Internet of Things, trust technology or web security? Then please send me an e-mail. I am always looking for good candidates for PhD, junior or senior researcher and also as a professor.

Find more info about our new results on behavioural biometrics here.

Find more info about the CINI Cyber Security National Lab i am involved with, by clicking on its logo Cyber Security National Lab .

Applications to the CyberChallenge CTF 2024 are open.

News

  • Dec 2023
    Our paper OAuth 2.0 Redirect URI Validation Falls Short, Literally" has been presented at ACSAC 2023 by Elsevier.
  • July 2023
    Our paper AppBox: A Black-Box Application Sandboxing Technique for Mobile App Management Solutions" has been presented at IEEE ISCC 2023.
  • Feb. 2023
    Our paper "A Survey of Human-Computer Interaction (HCI) & Natural Habits-based Behavioural Biometric Modalities for User Recognition Schemes" has been accepted at Pattern Recognition Journal published by Elsevier.
  • Dec. 2022
    Our paper "AI-enabled IoT Penetration Testing: State-of-the-art and Research Challenges" has been accepted at Enterprise Information Systems Journal published by Taylor & Francis.
  • Secure Publishers/Subscribers Systems


    Project description
    The goal of this research project is to provide security mechanisms for content-based publish/subscribe systems. Publish/subscribe is an asynchronous communication paradigm where senders, known as publishers, and receivers, known as subscribers, are loosely coupled. The messages that publishers generate are called events. Events are forwarded from publishers to interested subscribers by a network of brokers. In order to receive events, subscribers must register a filter with a broker. Brokers perform content-based routing by checking if events match registered filters. In many scenarios such as a stock quote dissemination services and e-health applications it is necessary to control who can access the content of events and filters. Security mechanisms are needed to ensure that only authorized subscribers can read events and that the subscribers’ interests remain private. An attacker (A in the figure) that is able to corrupt a broker and read the messages that come in and out, should not be able to learn any useful information from them.
    There are still many open issues in designing security mechanisms for publish/subscribe systems because of the particularities of the communication model. Publishers and subscribers are loosely coupled, so they cannot share secret keys because that would limit the scalability and flexibility of the model. Moreover, brokers should be able to perform complex filtering operations efficiently, even if they do not have access to the content of events or filters. By combining attribute-based encryption techniques and encrypted search, we were able to design a novel encryption scheme for pub/subs systems that provides both event and filter confidentiality while not require publishers and subscribers to share secret keys. Moreover, although events and filters are encrypted, brokers can still perform event filtering without learning any information. Finally, our scheme allows subscribers to express filters that can define any monotonic and non-monotonic constraints on events. More details about the encryption scheme can be found in our publications.

    People: Mihaela Ion, Giovanni Russello, Bruno Crispo

    Publications:
    • M. Ion, G. Russello, and B. Crispo, "An Implementation of Event and Filter Confidentiality in Pub/Sub Systems and its Application to e-Health". Poster presented at the 17th ACM Conference on Computer and Communications Security (CCS 2010), Chicago, October 2010. pdf
    • M. Ion, G. Russello, and B. Crispo, "Supporting Publication and Subscription Condentiality in Pub/Sub Networks". In Proceedings of the 6th International ICST Conference on Security and Privacy in Communication Networks (SecureComm 2010), Singapore, September 2010. pdf
    • M. Ion, G. Russello, and B. Crispo, "Providing Confidentiality in Content-based Publish/Subscribe Systems". In Proceedings of the International Conference on Security and Cryptography (Secrypt 2010), Athens, July 2010. pdf