2017 SPRITZ-CLUSIT Workshop on Future Systems Security and Privacy
The SPRITZ Security and Privacy Research Group at the University of Padua, in collaboration with Clusit (The Italian Association for Computer Security) organizes the "2017 SPRITZ Workshop on Future Systems Security and Privacy". This event is sponsored by a European commision (EU) project called TagItSmart (Smart Tags driven service platform for enabling ecosystems of connected objects), and it is organized within the framework of the European Cyber Security Month (ECSM).
Date: October 25, 2017
Schedule: From 14:30 to 17:00
Address: University of Padua, Department of Mathematics, Via Trieste, 63 - Padova, Italy
Room: Meeting room at 7th floor (stairs B) of Torre Archimede
Event recording: Click here
Post-Doc at University of Padova, Italy
Talk title: TagItSmart! (Smart Tags driven service platform for enabling ecosystems of connected objects)
Abstract: The overall objective of TagItSmart! is to create a set of tools and enabling technologies integrated into a platform with open interfaces enabling users across the value chain to fully exploit the power of condition-dependent FunCodes to connect mass-market products with the digital world across multiple application sectors. The goal is to connect What is still out of reach due to technological limitations and the cost of deployment are mass-market products: a carton of milk, a package of steak, a basket of apples, a book, a CD etc. Today, these products are identified by printed tags (barcodes, QR codes). These codes relate to the product they tag, not to the unique unit/object that holds the tag. Once attached to an object, tags are usually static and the information they provide does not change, regardless of the state or events happening in the immediate environment of that product.
Our main emphasis is leveraging the feature of functional codes to dynamically change according to the context changes of each tagged product together with wide availability of smart phones that can capture/record/transmit these codes we can create context sensors for mass-market products and convert mass-market products into connected mass-market products with unique identity. Functional ink + optical tags + crowd sourced smart phones + cloud = IoT for mass-market domain across application sectors.
Post-Doc at Università Ca' Foscari Venezia, Italy
Talk title: CCSP: Controlled relaxation of content security policies by runtime policy composition
Abstract: Content Security Policy (CSP) is a W3C standard designed to prevent and mitigate the impact of content injection vulnerabilities on websites by means of browser-enforced security policies. Though CSP is gaining a lot of popularity in the wild, previous research questioned one of its key design choices, namely the use of static white-lists to define legitimate content inclusions. In this talk, we present Compositional CSP (CCSP), an extension of CSP based on runtime policy composition. CCSP is designed to overcome the limitations arising from the use of static white-lists while avoiding a major overhaul of CSP and the logic underlying policy writing. We perform an extensive evaluation of the design of CCSP by focusing on the general security guarantees it provides, its backward compatibility and its deployment cost. We then assess the potential impact of CCSP on the web, and we implement a prototype of our proposal, which we test on major websites. In the end, we conclude that the deployment of CCSP can be done with limited efforts and would lead to significant benefits for the large majority of the websites.
Post-Doc at University of Padova, Italy
Talk title: Can machine learning be secure?
Abstract: Machine learning models are currently used in several applications, ranging from computer vision, spam filtering, malware detection and other security domains. Conventional machine learning system is designed with a knowledge that the training and test set have the same distribution. These systems are subjected to carefully crafted attacks either by poisoning the input or modifying the classifier parameters. Adversarial examples enable adversaries to subvert the expected system behavior leading to undesired consequences and could pose serious security risk when deployed in real time.
In this talk we discuss vulnerabilities associated with learning based system, approaches for creating adversarial examples and countermeasures to improve machine learning system against the considered attacks.
CNIT Senior Researcher at the University of Rome, Tor Vergata
Talk title: Lifetime-aware, Fault-aware and Energy-aware SDN and CDC: Optimal Formulation and Solutions
Abstract: Commodity HardWare (CHW) is currently used in the Cloud data centers (CDCs) to deploy large data centers or small computing nodes. Moreover, CHW will be also used to deploy future telecommunication networks, e.g., software-defined network (SDN) and Network functions virtualization (NFV), thanks to the adoption of the forthcoming network softwarization paradigm. In this presentation, we aim to address three problems: 1) we perform a measurement campaign of a CHW machine subject to power state changes introduced by SM.Our results show that the temperature change due to power state transitions is not negligible, and that the abrupt stopping of the fans on hot components (such as the CPU) tends to spread the heat over the other components of the CHW machine; and, 2) We target the problem of managing the power states of the servers in a CDC to jointly minimize the electricity consumption and the maintenance costs derived from the variation of power (and consequently of temperature) on the servers. Moreover, we employ a material-based fatigue model to compute the maintenance costs needed to repair the servers, as a consequence of the variation over time of their power states; and 3)we model a fault-aware SDN reconfiguration and present secure optimal and heuristic algorithms to preserve fault-aware end-to-end switching failure in SDNs.