Search CORE

121,992 research outputs found

Formal analysis of BPMN via a translation into COWS

Author: Zannone N Nicola
Quaglia P.
Zannone N.; id_orcid
Zannone N.
Quaglia P
Prandi D
Prandi D.
Publication venue
Publication date: 01/01/2008
Field of study

A translation of the Business Process Modeling Notation into the process calculus COWS is presented. The stochastic extension of COWS is then exploited to address quantitative reasoning about the behaviour of business processes. An example of such reasoning is shown by running the PRISM probabilistic model checker on a case study

Archivio della ricerca - Fondazione Bruno Kessler

Pure OAI Repository

Preventing Information Inference in Access Control

Author: Zannone N.; id_orcid
Zannone N.
Paci Federica
Federica Paci
Paci F.
Zannone Nicola
Zannone Nicola
Nicola Zannone
Paci Federica
Publication venue
Publication date: 01/01/2015
Field of study

Technological innovations like social networks, personal devices and cloud computing, allow users to share and store online a huge amount of personal data. Sharing personal data online raises significant privacy concerns for users, who feel that they do not have full control over their data. A solution often proposed to alleviate users’ privacy concerns is to let them specify access control policies that reflect their privacy constraints. However, existing approaches to access control often produce policies which either are too restrictive or allow the leakage of sensitive information. In this paper, we present a novel access control model that reduces the risk of information leakage. The model relies on a data model which encodes the domain knowledge along with the semantic relations between data. We illustrate how the access control model and the reasoning over the data model can be automatically translated in XACML.We evaluate and compare our model with existing access control models with respect to its effectiveness in preventing leakage of sensitive information and efficiency in authoring policies. The evaluation shows that the proposed model allows the definition of effective access control policies that mitigate the risks of inference of sensitive data while reducing users’ effort in policy authoring compared to existing models

Crossref

ZENODO

Pure OAI Repository

Catalogo dei prodotti della ricerca Università degli Studi di Verona

Impact Analysis of Coordinated Cyber-Physical Attacks via Statistical Model Checking: A Case Study

Author: Zannone N.
Merro M.
Lanotte R.
Publication venue
Publication date: 01/01/2023
Field of study

Archivio istituzionale della ricerca - Università dell'Insubria

An Approach to Trade-off Privacy and Classification Accuracy in Machine Learning Processes

Author: Zannone N.
Desiato D.
Tortora G.
Caruccio L.
Polese G.
Publication venue
Publication date: 01/01/2023
Field of study

Machine learning techniques applied to large and distributed data archives might result in the disclosure of sensitive information. Data often contain sensitive identifiable information, and even if these are protected, the excessive processing capabilities of current machine learning techniques might facilitate the identification of individuals. This discussion paper presents a decision-support framework for data anonymization. The latter relies on a novel approach that exploits data correlations, expressed in terms of relaxed functional dependencies (rfds), to identify data anonymization strategies for providing suitable trade-offs between privacy and data utility. It also permits to generate anonymization strategies leveraging multiple data correlations simultaneously to increase the utility of anonymized datasets. In addition, our framework provides support in the selection of the anonymization strategies by enabling an understanding of the trade-offs between privacy and data utility offered by the obtained strategies. Experiments on real-life datasets show that our approach achieves promising results in data utility while guaranteeing the desired privacy level. Additionally, it allows data owners to select anonymization strategies balancing their privacy and data utility requirements

Archivio della Ricerca - Università di Salerno

An enhanced CFA for security policies

Author: Zannone N Nicola
Bodei C
Bodei C.
Zannone N.; id_orcid
Degano P.
Priami C
DEGANO PIERPAOLO
Priami C.
PRIAMI CORRADO
ZANNONE N.
BODEI CHIARA
Degano P
Publication venue
Publication date: 01/01/2003
Field of study

We introduce a Control Flow Analysis, improving the one in [6], that statically approximates the dynamic behaviour of mobile processes, expressed in (a variant of) the -calculus. Our analysis of a system is able to describe the behaviour of each sub-system, tracking where and between whom communications may occur. To identify each sub-system, we use a syntactic encoding of its position inside the abstract syntax tree

Pure OAI Repository

Archivio della Ricerca - Università di Pisa

Privacy-aware web service composition and ranking

Author: Zannone N Nicola
Zannone N.; id_orcid
Elisa Costante
Paci Federica
Zannone N.
Federica Paci
Costante E.
Paci F.
Costante E Elisa
Costante Elisa
Zannone Nicola
Nicola Zannone
Publication venue
Publication date: 01/01/2013
Field of study

Service selection is a key issue in the Future Internet, where applications are built by composing services and content offered by different service providers. Most existing service selection schemas only focus on QoS properties of services such as throughput, latency and response time, or on their trust and reputation level. By contrast, the risk of privacy breaches arising from the selection of component services whose privacy policy is not compliant with customers' privacy preferences is largely ignored. In this paper, we propose a novel privacy-preserving Web service composition and selection approach which (i) makes it possible to verify the compliance between users' privacy requirements and providers' privacy policies and (ii) ranks the composite Web services with respect to the privacy level they offer. We demonstrate our approach using a travel agency Web service as an example of service composition

Crossref

Pure OAI Repository

Catalogo dei prodotti della ricerca Università degli Studi di Verona

Engineering and verifying agent-oriented requirements augmented by business constraints with ${\mathcal{B}}$ -Tropos

Author: Mello P.
M. Montali
Zannone N.; id_orcid
Zannone N.
Torroni P.
MELLO PAOLA
Bryl Volha
Nicola Zannone
Paola Mello
Volha Bryl
V. Bryl
TORRONI PAOLO
N. Zannone
Marco Montali
Paolo Torroni
Bryl V.
Montali M.
Publication venue
Publication date: 01/01/2010
Field of study

We propose B-Tropos as a modeling framework to support agent-oriented systems engineering, from high-level requirements elicitation down to execution-level tasks. In particular, we show how B-Tropos extends the Tropos methodology by means of declarative business constraints, inspired by the ConDec graphical language. We demonstrate the functioning of B-Tropos using a running example inspired by a real-world industrial scenario, and we describe how B-Tropos models can be automatically formalized in computational logic, discussing formal properties of the resulting framework and its verification capabilities

Springer - Publisher Connector

Archivio della ricerca - Fondazione Bruno Kessler

Pure OAI Repository

Archivio istituzionale della ricerca - Alma Mater Studiorum Università di Bologna

Purpose control : did you process the data for the intended purpose?

Author: Petkovic M Milan
Zannone N Nicola
Zannone N.; id_orcid
Petković Milan
Milan Petković
Petkovic M.
Prandi D
Prandi Davide
Davide Prandi
Nicola Zannone
Zannone Nicola
Prandi D.
Publication venue
Publication date: 01/01/2011
Field of study

Data protection legislation requires personal data to be collected and processed only for lawful and legitimate purposes. Unfortunately, existing protection mechanisms are not appropriate for purpose control: they only prevent unauthorized actions from occurring and do not guarantee that the data are actually used for the intended purpose. In this paper, we present a flexible framework for purpose control, which connects the intended purpose of data to the business model of an organization and detects privacy infringements by determining whether the data have been processed only for the intended purpose

Crossref

Archivio della ricerca - Fondazione Bruno Kessler

Pure OAI Repository

Survey on access control for community-centered collaborative systems

Author: Zannone N Nicola
Zannone N.; id_orcid
Squicciarini Anna
Paci Federica
Zannone N.
Federica Paci
Paci F.
Squicciarinni Anna
Anna Squicciarini
Squicciarini A.
Zannone Nicola
Nicola Zannone
Publication venue
Publication date: 01/01/2018
Field of study

The last decades have seen a growing interest and demand for community-centered collaborative systems and platforms. These systems and platforms aim to provide an environment in which users can collaboratively create, share, and manage resources. While offering attractive opportunities for online collaboration and information sharing, they also open several security and privacy issues. This has attracted several research efforts toward the design and implementation of novel access control solutions that can handle the complexity introduced by collaboration. Despite these efforts, transition to practice has been hindered by the lack of maturity of the proposed solutions. The access control mechanisms typically adopted by commercial collaborative systems like online social network websites and collaborative editing platforms, are still rather rudimentary and do not provide users with a sufficient control over their resources. This survey examines the growing literature on access control for collaborative systems centered on communities, and identifies the main challenges to be addressed in order to facilitate the adoption of collaborative access control solutions in real-life settings. Based on the literature study, we delineate a roadmap for future research in the area of access control for community-centered collaborative systems

Southampton (e-Prints Soton)

Crossref

Pure OAI Repository

Catalogo dei prodotti della ricerca Università degli Studi di Verona

A decision-support framework for data anonymization with application to machine learning processes

Author: Polese Giuseppe
Tortora Genoveffa
Caruccio L
Desiato Domenico
Zannone Nicola; id_orcid
Desiato D
Tortora G
Polese G
Caruccio Loredana
Zannone Nicola
Zannone N
Publication venue
Publication date: 01/01/2022
Field of study

The application of machine learning techniques to large and distributed data archives might result in the disclosure of sensitive information about the data subjects. Data often contain sensitive identifiable information, and even if these are protected, the excessive processing capabilities of current machine learning techniques might facilitate the identification of individuals, raising privacy concerns. To this end, we propose a decision-support framework for data anonymization, which relies on a novel approach that exploits data correlations, expressed in terms of relaxed functional dependencies (RFDs) to identify data anonymization strategies providing suitable trade-offs between privacy and data utility. Moreover, we investigate how to generate anonymization strategies that leverage multiple data correlations simultaneously to increase the utility of anonymized datasets. In addition, our framework provides support in the selection of the anonymization strategy to apply by enabling an understanding of the trade-offs between privacy and data utility offered by the obtained strategies. Experiments on real-life datasets show that our approach achieves promising results in terms of data utility while guaranteeing the desired privacy level, and it allows data owners to select anonymization strategies balancing their privacy and data utility requirements

Pure OAI Repository

Archivio della Ricerca - Università di Salerno