oru.sePublications
Change search
Refine search result
1 - 13 of 13
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    De Donno, Michele
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Mazzara, Manuel
    Innopolis University, Innopolis, Russian Federation.
    AntibIoTic: Protecting IoT Devices Against DDoS Attacks2018In: Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016 / [ed] Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G., Cham: Springer, 2018, p. 59-72Conference paper (Refereed)
    Abstract [en]

    The 2016 is remembered as the year that showed to the world how dangerous Distributed Denial of Service attacks can be. Gauge of the disruptiveness of DDoS attacks is the number of bots involved: the bigger the botnet, the more powerful the attack. This character, along with the increasing availability of connected and insecure IoT devices, makes DDoS and IoT the perfect pair for the malware industry. In this paper we present the main idea behind AntibIoTic, a palliative solution to prevent DDoS attacks perpetrated through IoT devices.

  • 2.
    De Donno, Michele
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Spognardi, Angelo
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Analysis of DDoS-Capable IoT Malwares2017In: Proceedings of the 2017 Federated Conference on Computer Science and Information Systems / [ed] M. Ganzha, L. Maciaszek, M. Paprzycki, Institute of Electrical and Electronics Engineers (IEEE), 2017, p. 807-816Conference paper (Refereed)
    Abstract [en]

    The Internet of Things (IoT) revolution promises to make our lives easier by providing cheap and always connected smart embedded devices, which can interact on the Internet and create added values for human needs. But all that glitters is not gold. Indeed, the other side of the coin is that, from a security perspective, this IoT revolution represents a potential disaster. This plethora of IoT devices that flooded the market were very badly protected, thus an easy prey for several families of malwares that can enslave and incorporate them in very large botnets. This, eventually, brought back to the top Distributed Denial of Service (DDoS) attacks, making them more powerful and easier to achieve than ever. This paper aims at provide an up-to-date picture of DDoS attacks in the specific subject of the IoT, studying how these attacks work and considering the most common families in the IoT context, in terms of their nature and evolution through the years. It also explores the additional offensive capabilities that this arsenal of IoT malwares has available, to mine the security of Internet users and systems. We think that this up-to-date picture will be a valuable reference to the scientific community in order to take a first crucial step to tackle this urgent security issue.

  • 3.
    De Donno, Michele
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Spognardi, Angelo
    Computer Science Department, Sapienza University of Rome, Rome, Italy.
    DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation2018In: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122, article id 7178164Article in journal (Refereed)
    Abstract [en]

    The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far.

  • 4.
    De Donno, Michele
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Bucchiarone, Antonio
    Fondazione Bruno Kessler, Trento, Italy.
    Mazzara, Manuel
    Institute of Software Development and Engineering, Innopolis University, Innopolis, Russian Federation.
    Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era2019In: Future Internet, ISSN 1999-5903, E-ISSN 1999-5903, Vol. 11, no 6, article id 127Article in journal (Refereed)
    Abstract [en]

    The Internet of Things (IoT) is rapidly changing our society to a world where every thing is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on the security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds.

  • 5.
    De Donno, Michele
    et al.
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology.
    Spognardi, Angelo
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark; Dipartimento Informatica, Sapienza Università di Roma, Rome, Italy.
    A Taxonomy of Distributed Denial of Service Attacks2017In: i-Society 2017: Proceedings / [ed] Charles A. Shoniregun, Galyna A. Akmayeva, Infonomics Society, 2017, p. 99-106Conference paper (Refereed)
  • 6.
    Dragoni, Nicola
    et al.
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Mazzara, Manuel
    Innopolis University, Innopolis, Russian Federation.
    The Internet of Hackable Things2018In: Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016 / [ed] Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G., Cham: Springer, 2018, p. 129-140Conference paper (Refereed)
    Abstract [en]

    The Internet of Things makes possible to connect each everyday object to the Internet, making computing pervasive like never before. From a security and privacy perspective, this tsunami of connectivity represents a disaster, which makes each object remotely hackable. We claim that, in order to tackle this issue, we need to address a new challenge in security: education.

  • 7.
    Giaretta, Alberto
    et al.
    Department of Mathematics, University of Padua, Padua, Italy.
    Balasubramaniam, Sasitharan
    Department of Electronic and Communication EngineeringNano Communication Centre, Tampere University of Technology, Tampere, Finland.
    Conti, Mauro
    Department of Mathematics, University of Padua, Padua, Italy.
    Security Vulnerabilities and Countermeasures for Target Localization in Bio-NanoThings Communication Networks2016In: IEEE Transactions on Information Forensics and Security, ISSN 1556-6013, E-ISSN 1556-6021, Vol. 11, no 4, p. 665-676Article in journal (Refereed)
    Abstract [en]

    The emergence of molecular communication has provided an avenue for developing biological nanonetworks. Synthetic biology is a platform that enables reprogramming cells, which we refer to as Bio-NanoThings, that can be assembled to create nanonetworks. In this paper, we focus on specific Bio-NanoThings, i.e, bacteria, where engineering their ability to emit or sense molecules can result in functionalities, such as cooperative target localization. Although this opens opportunities, e.g., for novel healthcare applications of the future, this can also lead to new problems, such as a new form of bioterrorism. In this paper, we investigate the disruptions that malicious Bio-NanoThings (M-BNTs) can create for molecular nanonetworks. In particular, we introduce two types of attacks: blackhole and sentry attacks. In blackhole attack M-BNTs emit attractant chemicals to draw-in the legitimate Bio-NanoThings (L-BNTs) from searching for their target, while in the sentry attack, the M-BNTs emit repellents to disperse the L-BNTs from reaching their target. We also present a countermeasure that L-BNTs can take to be resilient to the attacks, where we consider two forms of decision processes that includes Bayes' rule as well as a simple threshold approach. We run a thorough set of simulations to assess the effectiveness of the proposed attacks as well as the proposed countermeasure. Our results show that the attacks can significantly hinder the regular behavior of Bio-NanoThings, while the countermeasures are effective for protecting against such attacks.

  • 8.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    De Donno, Michele
    DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot2018In: Proceedings of the 13th International Conference on Availability, Reliability and Security, ACM , 2018, article id 22Conference paper (Refereed)
    Abstract [en]

    The rise of connectivity, digitalization, robotics, and artificial intelligence (AI) is rapidly changing our society and shaping its future development. During this technological and societal revolution, security has been persistently neglected, yet a hacked robot can act as an insider threat in organizations, industries, public spaces, and private homes. In this paper, we perform a structured security assessment of Pepper, a commercial humanoid robot. Our analysis, composed by an automated and a manual part, points out a relevant number of security flaws that can be used to take over and command the robot. Furthermore, we suggest how these issues could be fixed, thus, avoided in the future. The very final aim of this work is to push the rise of the security level of IoT products before they are sold on the public market.

  • 9.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
    Community Targeted Phishing: A Middle Ground Between Massive and Spear Phishing through Natural Language Generation2018Conference paper (Refereed)
    Abstract [en]

    Looking at today spam and phishing panorama, we are able to identify two diametrically opposed approaches. On the one hand we have general spam, which targets as much as people as possible with generic and pre-formed texts; on the other hand we have very specific emails, handcrafted to target high-value targets. While nowadays these two worlds don't intersect at all, we envision a future where Natural Language Generation (NLG) techniques will enable attackers to target populous communities with machine-tailored emails. In this paper, we introduce what we call Community Targeted Spam (CTS), alongside with some workflows that exhibit how this all could be implemented. Furthermore, we suggest some preliminary directions that scientific community should consider to take, in order to address our concerns.

  • 10.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Lyngby, Denmark.
    Massacci, Fabio
    Department of Information Science and Engineering, University of Trento, Trento, Italy.
    IoT Security Configurability with Security-by-Contract2019In: Sensors, ISSN 1424-8220, E-ISSN 1424-8220, Vol. 19, no 19, article id E4121Article in journal (Refereed)
    Abstract [en]

    Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.

  • 11.
    Giaretta, Alberto
    et al.
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Lyngby, Denmark.
    Mazzara, Manuel
    Innopolis University, Innopolis, Russian Federation.
    Joining Jolie to Docker: Orchestration of Microservices on a Containers-as-a-Service Layer2018In: Proceedings of 5th International Conference in Software Engineering for Defence Applications: SEDA 2016 / [ed] Ciancarini, P.; Litvinov, S.; Messina, A.; Sillitti, A.; Succi, G., Cham: Springer, 2018, p. 167-175Conference paper (Refereed)
    Abstract [en]

    Cloud computing is steadily growing and, as IaaS vendors have started to offer pay-as-you-go billing policies, it is fundamental to achieve as much elasticity as possible, avoiding over-provisioning that would imply higher costs. In this paper, we briefly analyse the orchestration characteristics of PaaSSOA, a proposed architecture already implemented for Jolie microservices, and Kubernetes, one of the various orchestration plugins for Docker; then, we outline similarities and differences of the two approaches, with respect to their own domain of application. Furthermore, we investigate some ideas to achieve a federation of the two technologies, proposing an architectural composition of Jolie microservices on Docker Container-as-a-Service layer.

  • 12.
    Mazzara, Manuel
    et al.
    Innopolis University, Innopolis University, Innopolis, Russia.
    Dragoni, Nicola
    Örebro University, School of Science and Technology.
    Bucchiarone, Antonio
    DAS Research Unit, FBK-IRST, Trento, Italy.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Larsen, Stephan T.
    Danske Bank A/S, Copenhagen, Denmark.
    Dustdar, Schahram
    Distributed Systems Group (DSG), Information Systems Institute, Vienna University of Technology, Vienna, Austria.
    Microservices: Migration of a Mission Critical System2018In: IEEE Transactions on Services Computing, ISSN 1939-1374, E-ISSN 1939-1374, p. 1-1Article in journal (Refereed)
    Abstract [en]

    An increasing interest is growing around the idea of microservices and the promise of improving scalability when compared to monolithic systems. Several companies are evaluating pros and cons of a complex migration. In particular, financial institutions are positioned in a difficult situation due to the economic climate and the appearance of agile competitors that can navigate in a more flexible legal framework and started their business since day one with more agile architectures and without being bounded to outdated technological standard. In this paper, we present a real world case study in order to demonstrate how scalability is positively affected by re-implementing a monolithic architecture (MA) into a microservices architecture (MSA). The case study is based on the FX Core system, a mission critical system of Danske Bank, the largest bank in Denmark and one of the leading financial institutions in Northern Europe. The technical problem that has been addressed and solved in this paper is the identification of a repeatable migration process that can be used to convert a real world Monolithic architecture into a Microservices architecture in the specific setting of financial domain, typically characterized by legacy systems and batch-based processing on heterogeneous data sources.

  • 13. Sigurdsson, Gudmundur
    et al.
    Giaretta, Alberto
    Örebro University, School of Science and Technology.
    Dragoni, Nicola
    Örebro University, School of Science and Technology.
    Vulnerabilities and Security Breaches in Cryptocurrencies2020In: Proceedings of 6th International Conference in Software Engineering for Defence Applications / [ed] Ciancarini, P.; Mazzara, M.; Messina, A.; Sillitti, A.; Succi, G., Springer, 2020Conference paper (Refereed)
1 - 13 of 13
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf