1,720,969 research outputs found
A Decentralized Architecture for Dynamic and Federated Access Control Facilitating Smart Tourism Services
No full textEdge computing and the Internet of Things (IoT) are inextricably linked, and much work has been devoted to strengthening their symbiotic relationship, providing better coverage and quality of service. These solutions are typically vertically tailored, provider-specific and bound to work within one administrative domain, as they presume direct deployment and ownership of the resources controlled in a centralised fashion. This model has effectively created a myriad of physically interconnected elements, logically broken down into separate domain-specific islands, each possibly applying different security/privacy policies, device and process control mechanisms, service access and provisioning schemes etc. To address this data and service balkanization phenomena, complex and time-consuming interactions between multiple providers are required to set up and operate federation of resources across domains and/or providers. Without loss of generality, we envision a scenario where stakeholders in a Smart Tourism ecosystem participate in resource federations to enrich their services and exploit complementarities. In this context, we present a decentralized architecture, relying on Distributed Ledger Technology (DLT), providing a flexible and effective federated access control mechanism to data and services
Toward automated threat modeling of edge computing systems
Full text linkEdge computing brings processing and storage capabilities closer to the data sources, to reduce network latency, save bandwidth, and preserve data locality. Despite the clear benefits, this paradigm brings unprecedented cyber risks due to the combination of the security issues and challenges typical of cloud and Internet of Things (IoT) worlds. Notwithstanding an increasing interest in edge security by academic and industrial communities, there is still no discernible industry consensus on edge computing security best practices, and activities like threat analysis and countermeasure selection are still not well established and are completely left to security experts.In order to cope with the need for a simplified yet effective threat modeling process, which is affordable in presence of limited security skills and economic resources, and viable in modern development approaches, in this paper, we propose an automated threat modeling and countermeasure selection strategy targeting edge computing systems. Our approach leverages a comprehensive system model able to describe the main involved architectural elements and the associated data flow, with a focus on the specific properties that may actually impact on the applicability of threats and of associated countermeasures
FRAMH: A Federated Learning Risk-Based Authorization Middleware for Healthcare
Full text linkModern healthcare systems operate in highly dy-
namic environments requiring adaptable access control mecha-
nisms. Access to sensitive data and medical equipment should
be granted or denied according to the current health situation
of the patient. To handle the need for adaptable access control
of healthcare scenarios, we propose a novel model that allows
dynamic access control decisions based on the context character-
izing the source, type of access request, patient, and estimated
risk corresponding to the conditions of the patient. Estimating
patient status risk requires analyzing vital physiological data
whose availability is growing thanks to the widespread diffusion
of the Internet of Medical Things (IoMT) devices. Inferring
the patient health status risk through Machine Learning (ML)
techniques is possible, but to achieve better accuracy, the training
phase requires the aggregation of vast amounts of data from
different sources. This aggregation could be difficult or even
impossible due to organization regulations and privacy laws.
To address these issues, this paper proposes a novel Federated
Learning Risk-based Authorization Middleware for Healthcare
(FRAMH) that supports risk-based access control to deal with
changing and unforeseen medical situations. Our solution infers
the risk of health status through a federated learning (FL)
approach enriched with blockchain to avoid the weaknesses
of centralized servers. The implemented prototype and a large
set of experimental results demonstrate the advantages of FL
in estimating the risk in healthcare scenarios. Through this
approach, even a medical institution with a limited dataset can
achieve a satisfying risk estimation and efficient access control
enforcement
Federated Unlearning: A Survey on Methods, Design Guidelines, and Evaluation Metrics
No full textFederated learning (FL) enables collaborative training of a machine learning (ML) model across multiple parties, facilitating the preservation of users' and institutions' privacy by maintaining data stored locally. Instead of centralizing raw data, FL exchanges locally refined model parameters to build a global model incrementally. While FL is more compliant with emerging regulations such as the European General Data Protection Regulation (GDPR), ensuring the right to be forgotten in this context - allowing FL participants to remove their data contributions from the learned model - remains unclear. In addition, it is recognized that malicious clients may inject backdoors into the global model through updates, e.g., to generate mispredictions on specially crafted data examples. Consequently, there is the need for mechanisms that can guarantee individuals the possibility to remove their data and erase malicious contributions even after aggregation, without compromising the already acquired 'good' knowledge. This highlights the necessity for novel federated unlearning (FU) algorithms, which can efficiently remove specific clients' contributions without full model retraining. This article provides background concepts, empirical evidence, and practical guidelines to design/implement efficient FU schemes. This study includes a detailed analysis of the metrics for evaluating unlearning in FL and presents an in-depth literature review categorizing state-of-the-art FU contributions under a novel taxonomy. Finally, we outline the most relevant and still open technical challenges, by identifying the most promising research directions in the field
EVOKE: Efficient Revocation of Verifiable Credentials in IoT Networks
No full textThe lack of trust is one of the major factors that hinder collaboration among Internet of Things (IoT) devices and harness the usage of the vast amount of data generated. Traditional methods rely on Public Key Infrastructure (PKI), managed by centralized certification authorities (CAs), which suffer from scalability issues, single points of failure, and limited interoperability. To address these concerns, Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) have been proposed by the World Wide Web Consortium (W3C) and the European Union as viable solutions for promoting decentralization and "electronic IDentification, Authentication, and trust Services" (eIDAS). Nevertheless, at the state-of-the-art, there are no efficient revocation mechanisms for VCs specifically tailored for IoT devices, which are characterized by limited connectivity, storage, and computational power. This paper presents EVOKE, an efficient revocation mechanism of VCs in IoT networks. EVOKE leverages an ECC-based accumulator to manage VCs with minimal computing and storage overhead while offering additional features like mass and offline revocation. We designed, implemented, and evaluated a prototype of EVOKE across various deployment scenarios. Our experiments on commodity IoT devices demonstrate that each device only requires minimal storage (i.e., approximately 1.5 KB) to maintain verification information, and most notably half the storage required by the most efficient PKI certificates. Moreover, our experiments on hybrid networks, representing typical IoT protocols (e.g., Zigbee), also show minimal latency in the order of milliseconds. Finally, our large-scale analysis demonstrates that even when 50% of devices missed updates, approximately 96% of devices in the entire network were updated within the first hour, proving the scalability of EVOKE in offline updates
Designing Secure and Resilient Cyber-Physical Systems: a Model-based Moving Target Defense Approach
Full text linkCyber-physical systems (CPSs) rely upon the deep integration of computation and physical processes/systems, enabled by Internet of Things (IoT), edge computing, and cloud technologies. Noticeably, cybersecurity is a major concern in CPSs, since attacks may exploit both cyber and physical vulnerabilities and damage significantly physical equipment, compromise operational safety, and impact negatively on product quality and performance. In this context, CPS design should take both security and resilience requirements into account, by identifying the needed measures not only to prevent but also to withstand, recover from, and adapt to adverse conditions and attacks. The approach proposed in this paper aims at improving the security and resilience of a CPS deployment through a model-based design methodology leveraging security-by-design principles and Moving Target Defense (MTD) techniques, consisting in continually shifting a system configuration to reduce the attack success probability and survive attacks. Our methodology, in particular, is meant to support the threat modeling process of a CPS and the identification, based on spotted threats and on the properties of involved assets and data, of the security controls to include within the design to mitigate existing threats and of the MTD techniques to integrate in order to increase resilience
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Tino di Camaino, Crocifissione
No full textScheda di catalogo della Crocifissione di Tino di Camaino nel monastero di Santa Chiara a Napoli
- …
