oru.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Publications (10 of 13) Show all publications
Sigurdsson, G., Giaretta, A. & Dragoni, N. (2020). Vulnerabilities and Security Breaches in Cryptocurrencies. In: Ciancarini, P.; Mazzara, M.; Messina, A.; Sillitti, A.; Succi, G. (Ed.), Proceedings of 6th International Conference in Software Engineering for Defence Applications: . Paper presented at 6th International Conference in Software Engineering for Defence Applications (SEDA 2018), Rome, Italy, June 7-8, 2018. Springer
Open this publication in new window or tab >>Vulnerabilities and Security Breaches in Cryptocurrencies
2020 (English)In: Proceedings of 6th International Conference in Software Engineering for Defence Applications / [ed] Ciancarini, P.; Mazzara, M.; Messina, A.; Sillitti, A.; Succi, G., Springer, 2020Conference paper, Published paper (Refereed)
Place, publisher, year, edition, pages
Springer, 2020
Series
Advances in Intelligent Systems and Computing, ISSN 2194-5357 ; 925
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:oru:diva-71864 (URN)978-3-030-14686-3 (ISBN)978-3-030-14687-0 (ISBN)
Conference
6th International Conference in Software Engineering for Defence Applications (SEDA 2018), Rome, Italy, June 7-8, 2018
Available from: 2019-01-28 Created: 2019-01-28 Last updated: 2019-02-01Bibliographically approved
De Donno, M., Giaretta, A., Dragoni, N., Bucchiarone, A. & Mazzara, M. (2019). Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era. Future Internet, 11(6), Article ID 127.
Open this publication in new window or tab >>Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era
Show others...
2019 (English)In: Future Internet, ISSN 1999-5903, E-ISSN 1999-5903, Vol. 11, no 6, article id 127Article in journal (Refereed) Published
Abstract [en]

The Internet of Things (IoT) is rapidly changing our society to a world where every thing is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on the security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds.

Place, publisher, year, edition, pages
MDPI, 2019
Keywords
security, Internet of Things, Cloud computing
National Category
Computer Sciences
Identifiers
urn:nbn:se:oru:diva-75237 (URN)10.3390/fi11060127 (DOI)000473805800007 ()2-s2.0-85067464961 (Scopus ID)
Available from: 2019-07-25 Created: 2019-07-25 Last updated: 2019-07-25Bibliographically approved
Giaretta, A., Dragoni, N. & Massacci, F. (2019). IoT Security Configurability with Security-by-Contract. Sensors, 19(19), Article ID E4121.
Open this publication in new window or tab >>IoT Security Configurability with Security-by-Contract
2019 (English)In: Sensors, ISSN 1424-8220, E-ISSN 1424-8220, Vol. 19, no 19, article id E4121Article in journal (Refereed) Published
Abstract [en]

Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.

Place, publisher, year, edition, pages
MDPI, 2019
Keywords
Fog computing, IoT, configurability, security, security-by-contract
National Category
Computer Systems
Identifiers
urn:nbn:se:oru:diva-76829 (URN)10.3390/s19194121 (DOI)000494823200065 ()31548501 (PubMedID)2-s2.0-85072578077 (Scopus ID)
Available from: 2019-09-30 Created: 2019-09-30 Last updated: 2019-11-22Bibliographically approved
Giaretta, A., Dragoni, N. & Massacci, F. (2019). Protecting the Internet of Things with Security-by-Contract and Fog Computing. In: 2019 IEEE 5th World Forum on Internet of Things (WF-IoT): . Paper presented at 5th IEEE World Forum on Internet of Things (WF-IoT 2019), Limerick, Ireland, April 15-18, 2019. IEEE
Open this publication in new window or tab >>Protecting the Internet of Things with Security-by-Contract and Fog Computing
2019 (English)In: 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), IEEE , 2019Conference paper, Published paper (Refereed)
Abstract [en]

Nowadays, the Internet of Things (IoT) is a consolidated reality. Smart homes are equipped with a growing number of IoT devices that capture more and more information about human beings lives. However, manufacturers paid little or no attention to security, so that various challenges are still in place. In this paper, we propose a novel approach to secure IoT systems that combines the concept of Security-by-Contract (SxC) with the Fog computing distributed paradigm. We define the pillars of our approach, namely the notions of IoT device contract, Fog node policy and contract-policy matching, the respective life-cycles, and the resulting SxC workflow. To better understand all the concepts of the SxC framework, and highlight its practical feasibility, we use a running case study based on a context-aware system deployed in a real smart home.

Place, publisher, year, edition, pages
IEEE, 2019
Keywords
security-by-contract, Fog computing, IoT
National Category
Computer Sciences
Identifiers
urn:nbn:se:oru:diva-78009 (URN)10.1109/WF-IoT.2019.8767243 (DOI)000492865800001 ()2-s2.0-85073699472 (Scopus ID)978-1-5386-4980-0 (ISBN)
Conference
5th IEEE World Forum on Internet of Things (WF-IoT 2019), Limerick, Ireland, April 15-18, 2019
Available from: 2019-11-22 Created: 2019-11-22 Last updated: 2019-11-22Bibliographically approved
Giaretta, A., De Donno, M. & Dragoni, N. (2018). Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot. In: Proceedings of the 13th International Conference on Availability, Reliability and Security: . Paper presented at 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany, August 27-30, 2018. ACM, Article ID 22.
Open this publication in new window or tab >>Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot
2018 (English)In: Proceedings of the 13th International Conference on Availability, Reliability and Security, ACM , 2018, article id 22Conference paper, Published paper (Refereed)
Abstract [en]

The rise of connectivity, digitalization, robotics, and artificial intelligence (AI) is rapidly changing our society and shaping its future development. During this technological and societal revolution, security has been persistently neglected, yet a hacked robot can act as an insider threat in organizations, industries, public spaces, and private homes. In this paper, we perform a structured security assessment of Pepper, a commercial humanoid robot. Our analysis, composed by an automated and a manual part, points out a relevant number of security flaws that can be used to take over and command the robot. Furthermore, we suggest how these issues could be fixed, thus, avoided in the future. The very final aim of this work is to push the rise of the security level of IoT products before they are sold on the public market.

Place, publisher, year, edition, pages
ACM, 2018
Series
ACM International Conference Proceeding Series
Keywords
Internet of Things (IoT), Penetration Testing, Pepper, Robot, Security
National Category
Computer and Information Sciences Robotics
Identifiers
urn:nbn:se:oru:diva-71106 (URN)10.1145/3230833.3232807 (DOI)000477981800043 ()2-s2.0-85055287152 (Scopus ID)978-1-4503-6448-5 (ISBN)
Conference
13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany, August 27-30, 2018
Available from: 2019-01-04 Created: 2019-01-04 Last updated: 2019-08-16Bibliographically approved
De Donno, M., Dragoni, N., Giaretta, A. & Mazzara, M. (2018). AntibIoTic: Protecting IoT Devices Against DDoS Attacks. In: Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G. (Ed.), Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016. Paper presented at 5th International Conference in Software Engineering for Defence Applications, Rome, Italy, May 10, 2016 (pp. 59-72). Cham: Springer
Open this publication in new window or tab >>AntibIoTic: Protecting IoT Devices Against DDoS Attacks
2018 (English)In: Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016 / [ed] Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G., Cham: Springer, 2018, p. 59-72Conference paper, Published paper (Refereed)
Abstract [en]

The 2016 is remembered as the year that showed to the world how dangerous Distributed Denial of Service attacks can be. Gauge of the disruptiveness of DDoS attacks is the number of bots involved: the bigger the botnet, the more powerful the attack. This character, along with the increasing availability of connected and insecure IoT devices, makes DDoS and IoT the perfect pair for the malware industry. In this paper we present the main idea behind AntibIoTic, a palliative solution to prevent DDoS attacks perpetrated through IoT devices.

Place, publisher, year, edition, pages
Cham: Springer, 2018
Series
Advances in Intelligent Systems and Computing (AISC), ISSN 2194-5357, E-ISSN 2194-5365 ; 717
National Category
Computer Sciences
Identifiers
urn:nbn:se:oru:diva-64665 (URN)10.1007/978-3-319-70578-1_7 (DOI)000434086000007 ()2-s2.0-85041797799 (Scopus ID)978-3-319-70577-4 (ISBN)978-3-319-70578-1 (ISBN)
Conference
5th International Conference in Software Engineering for Defence Applications, Rome, Italy, May 10, 2016
Available from: 2018-01-30 Created: 2018-01-30 Last updated: 2018-06-20Bibliographically approved
Giaretta, A. & Dragoni, N. (2018). Community Targeted Phishing: A Middle Ground Between Massive and Spear Phishing through Natural Language Generation. In: : . Paper presented at 6th International Conference in Software Engineering for Defence Applications (SEDA 2018), Rome, Italy, June 7-8, 2018.
Open this publication in new window or tab >>Community Targeted Phishing: A Middle Ground Between Massive and Spear Phishing through Natural Language Generation
2018 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Looking at today spam and phishing panorama, we are able to identify two diametrically opposed approaches. On the one hand we have general spam, which targets as much as people as possible with generic and pre-formed texts; on the other hand we have very specific emails, handcrafted to target high-value targets. While nowadays these two worlds don't intersect at all, we envision a future where Natural Language Generation (NLG) techniques will enable attackers to target populous communities with machine-tailored emails. In this paper, we introduce what we call Community Targeted Spam (CTS), alongside with some workflows that exhibit how this all could be implemented. Furthermore, we suggest some preliminary directions that scientific community should consider to take, in order to address our concerns.

National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:oru:diva-71862 (URN)
Conference
6th International Conference in Software Engineering for Defence Applications (SEDA 2018), Rome, Italy, June 7-8, 2018
Available from: 2019-01-28 Created: 2019-01-28 Last updated: 2019-02-01Bibliographically approved
De Donno, M., Dragoni, N., Giaretta, A. & Spognardi, A. (2018). DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation. Security and Communication Networks, Article ID 7178164.
Open this publication in new window or tab >>DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation
2018 (English)In: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122, article id 7178164Article in journal (Refereed) Published
Abstract [en]

The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far.

Place, publisher, year, edition, pages
Hindawi Publishing Corporation, 2018
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:oru:diva-65665 (URN)10.1155/2018/7178164 (DOI)000426639800001 ()2-s2.0-85043390832 (Scopus ID)
Available from: 2018-03-12 Created: 2018-03-12 Last updated: 2018-03-27Bibliographically approved
Giaretta, A., Dragoni, N. & Mazzara, M. (2018). Joining Jolie to Docker: Orchestration of Microservices on a Containers-as-a-Service Layer. In: Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G. (Ed.), Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016. Paper presented at 5th International Conference in Software Engineering for Defence Applications, Rome, Italy, May 10, 2016 (pp. 167-175). Cham: Springer
Open this publication in new window or tab >>Joining Jolie to Docker: Orchestration of Microservices on a Containers-as-a-Service Layer
2018 (English)In: Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016 / [ed] Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G., Cham: Springer, 2018, p. 167-175Conference paper, Published paper (Refereed)
Abstract [en]

Cloud computing is steadily growing and, as IaaS vendors have started to offer pay-as-you-go billing policies, it is fundamental to achieve as much elasticity as possible, avoiding over-provisioning that would imply higher costs. In this paper, we briefly analyse the orchestration characteristics of PaaSSOA, a proposed architecture already implemented for Jolie microservices, and Kubernetes, one of the various orchestration plugins for Docker; then, we outline similarities and differences of the two approaches, with respect to their own domain of application. Furthermore, we investigate some ideas to achieve a federation of the two technologies, proposing an architectural composition of Jolie microservices on Docker Container-as-a-Service layer.

Place, publisher, year, edition, pages
Cham: Springer, 2018
Series
Advances in Intelligent Systems and Computing (AISC), ISSN 2194-5357, E-ISSN 2194-5365 ; 717
National Category
Computer Sciences
Identifiers
urn:nbn:se:oru:diva-64667 (URN)10.1007/978-3-319-70578-1_16 (DOI)000434086000016 ()2-s2.0-85041811300 (Scopus ID)978-3-319-70577-4 (ISBN)978-3-319-70578-1 (ISBN)
Conference
5th International Conference in Software Engineering for Defence Applications, Rome, Italy, May 10, 2016
Available from: 2018-01-30 Created: 2018-01-30 Last updated: 2018-06-20Bibliographically approved
Mazzara, M., Dragoni, N., Bucchiarone, A., Giaretta, A., Larsen, S. T. & Dustdar, S. (2018). Microservices: Migration of a Mission Critical System. IEEE Transactions on Services Computing, 1-1
Open this publication in new window or tab >>Microservices: Migration of a Mission Critical System
Show others...
2018 (English)In: IEEE Transactions on Services Computing, ISSN 1939-1374, E-ISSN 1939-1374, p. 1-1Article in journal (Refereed) Epub ahead of print
Abstract [en]

An increasing interest is growing around the idea of microservices and the promise of improving scalability when compared to monolithic systems. Several companies are evaluating pros and cons of a complex migration. In particular, financial institutions are positioned in a difficult situation due to the economic climate and the appearance of agile competitors that can navigate in a more flexible legal framework and started their business since day one with more agile architectures and without being bounded to outdated technological standard. In this paper, we present a real world case study in order to demonstrate how scalability is positively affected by re-implementing a monolithic architecture (MA) into a microservices architecture (MSA). The case study is based on the FX Core system, a mission critical system of Danske Bank, the largest bank in Denmark and one of the leading financial institutions in Northern Europe. The technical problem that has been addressed and solved in this paper is the identification of a repeatable migration process that can be used to convert a real world Monolithic architecture into a Microservices architecture in the specific setting of financial domain, typically characterized by legacy systems and batch-based processing on heterogeneous data sources.

Place, publisher, year, edition, pages
IEEE Press, 2018
Keywords
Scalability, Computer architecture, Service-oriented architecture, Tools, Mission critical systems, Automation, Service Computing, Software Architecture, Scalability, Microservices
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:oru:diva-71108 (URN)10.1109/TSC.2018.2889087 (DOI)
Available from: 2019-01-26 Created: 2019-01-26 Last updated: 2019-01-29Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-9293-7711

Search in DiVA

Show all publications