References of "Lenzini, Gabriele 50002200"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailAn Agile Approach to Validate a Formal Representation of the GDPR
Bartolini, Cesare UL; Lenzini, Gabriele UL; Santos, Cristiana

in New Frontiers in Artificial Intelligence (in press)

Modelling in a knowledge base of logic formulæ the articles of the GDPR enables a semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the ... [more ▼]

Modelling in a knowledge base of logic formulæ the articles of the GDPR enables a semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the legal meaning of the Regulation's articles. But legal experts are usually not familiar with logic, and this calls for an interdisciplinary validation methodology that bridges the communication gap between formal modelers and legal evaluators. We devise such a validation methodology and exemplify it over a knowledge base of articles of the GDPR translated into Reified I/O (RIO) logic and encoded in LegalRuleML. A pivotal element of the methodology is a human-readable intermediate representation of the logic formulæ that preserves the formulæ's meaning, while rendering it in a readable way to non-experts. After being applied over a use case, we prove that it is possible to retrieve feedback from legal experts about the formal representation of Art. 5.1a and Art. 7.1. What emerges is an agile process to build logic knowledge bases of legal texts, and to support their public trust, which we intend to use for a logic model of the GDPR, called DAPRECO knowledge base. [less ▲]

Detailed reference viewed: 116 (20 UL)
Full Text
Peer Reviewed
See detailCase Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Sgandurra, Daniele

in 3rd Central European Cybersecurity Conference (in press)

Malware is one of the most popular cyber-attack methods in the digital world. According to the independent test company AV-TEST, 350,000 new malware samples are created every day. To analyze all samples ... [more ▼]

Malware is one of the most popular cyber-attack methods in the digital world. According to the independent test company AV-TEST, 350,000 new malware samples are created every day. To analyze all samples by hand to discover whether they are malware does not scale, so antivirus companies automate the process e.g., using sand- boxes where samples can be run, observed, and classified. Malware authors are aware of this fact, and try to evade detection. In this paper we describe one of such evasion technique: unprecedented, we discovered it while analyzing a ransomware sample. Analyzed in a Cuckoo Sandbox, the sample was able to avoid triggering malware indicators, thus scoring significantly below the minimum severity level. Here, we discuss what strategy the sample follows to evade the analysis, proposing practical defense methods to nullify, in our turn, the sample’s furtive strategy. [less ▲]

Detailed reference viewed: 32 (2 UL)
Peer Reviewed
See detailModelling of Railways Signalling System Requirements by Controlled Natural Languages: A Case Study
Lenzini, Gabriele UL; Petrocchi, Marinella

in From Software Engineering to Formal Methods and Tools, and Back (2019)

The railway sector has been a source of inspiration for generations of researchers challenged to develop models and tools to analyze safety and reliability. Threats were coming mainly from within, due to ... [more ▼]

The railway sector has been a source of inspiration for generations of researchers challenged to develop models and tools to analyze safety and reliability. Threats were coming mainly from within, due to occasionally faults in hardware components. With the advent of smart trains, the railway industry is venturing into cybersecurity and the railway sector will become more and more compelled to protect assets from threats against information & communication technology. We discuss this revolution at large, while speculating that instruments developed for security requirements engineering can then come in support of in the railway sector. And we explore the use of one of them: the Controlled Natural Language for Data Sharing Agreement (CNL4DSA). We use it to formalize a few exemplifying signal management system requirements. Since CNL4DSA enables the automatic generation of enforceable access control policies, our exercise is preparatory to implementing the security-by design principle in railway signalling management engineering. [less ▲]

Detailed reference viewed: 34 (0 UL)
Full Text
Peer Reviewed
See detailNoCry: No More Secure Encryption Keys for Cryptographic Ransomware
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL

in 2nd International Workshop on Emerging Technologies for Authorization and Authentication (2019, September 27)

Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific ... [more ▼]

Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific strategy they implement, and all have pros and cons. However, three requirements concern them all: their implementation must be secure, be effective, and be efficient. Recently, Genç et al. proposed to stop a specific class of ransomware, the cryptographically strong one, by blocking unauthorized calls to cryptographically secure pseudo-random number generators, which are required to build strong encryption keys. Here, in adherence to the requirements, we discuss an implementation of that solution that is more secure (with components that are not vulnerable to known attacks), more effective (with less false negatives in the class of ransomware addressed) and more efficient (with minimal false positive rate and negligible overhead) than the original, bringing its security and technological readiness to a higher level. [less ▲]

Detailed reference viewed: 39 (2 UL)
Full Text
Peer Reviewed
See detailA Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption Attack
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL et al

in Information Systems Security and Privacy (2019, July)

Password-based authentication is a widespread method to access into systems, thus password files are a valuable resource often target of attacks. To detect when a password file has been stolen, Juels and ... [more ▼]

Password-based authentication is a widespread method to access into systems, thus password files are a valuable resource often target of attacks. To detect when a password file has been stolen, Juels and Rivest introduced the Honeywords System in 2013. The core idea is to store the password with a list of decoy words that are ``indistinguishable'' from the password, called honeywords. An adversary that obtains the password file and, by dictionary attack, retrieves the honeywords can only guess the password when attempting to log in: but any incorrect guess will set off an alarm, warning that file has been compromised. In a recent conference paper, we studied the security of the Honeywords System in a scenario where the intruder also manages to corrupt the server's code (with certain limiting assumptions); we proposed an authentication protocol and proved it secure despite the corruption. In this extended journal version, we detail the analysis and we extend it, under the same attacker model, to the other two protocols of the original Honeywords System, the setup and change of password. We formally verify the security of both of them; further, we discuss that our design suggests a completely new approach that diverges from the original idea of the Honeywords System but indicates an alternative way to authenticate users which is robust to server's code-corruption. [less ▲]

Detailed reference viewed: 75 (4 UL)
Full Text
Peer Reviewed
See detailOn Deception-Based Protection Against Cryptographic Ransomware
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Sgandurra, Daniele

in 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (2019, June 19)

In order to detect malicious file system activity, some commercial and academic anti-ransomware solutions implement deception-based techniques, specifically by placing decoy files among user files. While ... [more ▼]

In order to detect malicious file system activity, some commercial and academic anti-ransomware solutions implement deception-based techniques, specifically by placing decoy files among user files. While this approach raises the bar against current ransomware, as any access to a decoy file is a sign of malicious activity, the robustness of decoy strategies has not been formally analyzed and fully tested. In this paper, we analyze existing decoy strategies and discuss how they are effective in countering current ransomware by defining a set of metrics to measure their robustness. To demonstrate how ransomware can identify existing deception-based detection strategies, we have implemented a proof-of-concept anti-decoy ransomware that successfully bypasses decoys by using a decision engine with few rules. Finally, we discuss existing issues in decoy-based strategies and propose practical solutions to mitigate them. [less ▲]

Detailed reference viewed: 21 (1 UL)
Full Text
Peer Reviewed
See detailAn Agile Approach to Validate a Formal Representation of the GDPR
Bartolini, Cesare UL; Lenzini, Gabriele UL; Santos, Cristiana

in International Symposium on Artificial Intelligence (2019), 11717

Modeling in a knowledge base of logic formulæ the articles of the GDPR enables semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the ... [more ▼]

Modeling in a knowledge base of logic formulæ the articles of the GDPR enables semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the legal meaning of the Regulation’s articles. But legal experts are usually not familiar with logic, and this calls for an interdisciplinary validation methodology that bridges the communication gap between formal modelers and legal evaluators. We devise such a validation methodology and exemplify it over a knowledge base of articles of the GDPR translated AQ2 into Reified I/O (RIO) logic and encoded in LegalRuleML. A pivotal element of the methodology is a human-readable intermediate representation of the logic formulæ that preserves the formulæ’s meaning while rendering it in a readable way to non-experts. After being applied over a use case, we prove that it is possible to retrieve feedback from legal experts about the formal representation of Art. 5.1a and Art. 7.1. What emerges is an agile process to build logic knowledge bases of legal texts, and to support their public trust, which we intend to use for a logic AQ3 model of the GDPR, called DAPRECO knowledge base. [less ▲]

Detailed reference viewed: 24 (3 UL)
Full Text
Peer Reviewed
See detailA Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email
Vazquez Sandoval, Itzel UL; Lenzini, Gabriele UL

in Emerging Technologies for Authorization and Authentication (2019)

To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome ... [more ▼]

To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome for the average user. To make more accessible the use of encrypted email, a secure email application named pEp automates the key management operations; pEp still requires the users to carry out the verification, however, the authentication process is simple: users have to compare familiar words instead of strings of random characters, then the application shows the users what level of trust they have achieved via colored visual indicators. Yet, users may not execute the authentication ceremony as intended, pEp's trust rating may be wrongly assigned, or both. To learn whether pEp's trust ratings (and the corresponding visual indicators) are assigned consistently, we present a formal security analysis of pEp's authentication ceremony. From the software implementation in C, we derive the specifications of an abstract protocol for public key distribution, encryption and trust establishment; then, we model the protocol in a variant of the applied pi calculus and later formally verify and validate specific privacy and authentication properties. We also discuss alternative research directions that could enrich the analysis. [less ▲]

Detailed reference viewed: 22 (2 UL)
Full Text
Peer Reviewed
See detailSistemi Medici e Conformità Legale
Bartolini, Cesare UL; Lenzini, Gabriele UL

in Rivista Italiana di Medicina Legale: Dottrina, Casistica, Ricerca Sperimentale, Giurisprudenza e Legislazione (2019), XLI(1/2019), 225-242

The present document addresses the topic of legal compliance of medical systems, that is, hardware and software devices medically used on people for clinical tests, diagnosis, study, and similar purposes ... [more ▼]

The present document addresses the topic of legal compliance of medical systems, that is, hardware and software devices medically used on people for clinical tests, diagnosis, study, and similar purposes, mainly with respect to EU law. The work briefly overviews the applicable laws and regulations and discusses the relevance on medical systems of concepts that General Data Protection Regulation (GDPR) covers in a wider scope, such as data protection and transparency. The document looks into the practical meaning of legal compliance in a medical system and in the software that defines its behavior. Granted that any lawfulness decision is a prerogative of the judicial authority, the document concludes by suggesting currently-available means, such as official conformity checks, standards, but also conformity guidelines during development, to build a reasonably compliant medical system, or to check for its conformity. [less ▲]

Detailed reference viewed: 24 (0 UL)
Full Text
Peer Reviewed
See detailDetecting misalignments between system security and user perceptions: a preliminary socio-technical analysis of an E2E email encryption system
Stojkovski, Borce UL; Vazquez Sandoval, Itzel UL; Lenzini, Gabriele UL

in 4th European Workshop on Usable Security - 2019 IEEE European Symposium on Security and Privacy Workshops (2019)

The set of impressions that a user has about distinct aspects of a system depends on the experience perceived while interacting with the system. Considering the effects of these interactions in a security ... [more ▼]

The set of impressions that a user has about distinct aspects of a system depends on the experience perceived while interacting with the system. Considering the effects of these interactions in a security analysis allows for a new class of security properties in terms of misalignments between the system’s technical guarantees and the user’s impressions of them. For instance, a property that we call “false sense of insecurity” identifies a situation in which a secure system injects uncertainty in users, thus improperly transmitting the degree of protection that it actually provides; another, which we call “false sense of security”, captures situations in which a system instills a false sense of security beyond what a technical analysis would justify. Both situations leave room for attacks. In this paper we propose a model to define and reason about such socio-technical misalignments. The model refers to and builds on the concept of security ceremonies, but relies on user experience notions and on security analysis techniques to put together the information needed to verify misalignment properties about user’s impressions and system’s security guarantees. We discuss the innovative insight of this pilot model for a holistic understanding of a system’s security. We also propose a formal model that can be used with existing model checkers for an automatic analysis of misalignments. We exemplify the approach by modelling one specific application for end-to-end email encryption within which we analyze a few instances of misalignment properties. [less ▲]

Detailed reference viewed: 99 (25 UL)
Full Text
Peer Reviewed
See detailAn Interdisciplinary Methodology to Validate Formal Representations of Legal Text Applied to the GDPR
Bartolini, Cesare UL; Lenzini, Gabriele UL; Santos, Cristiana

Scientific Conference (2018, November 12)

The modelling of a legal text into a machine-processable form, such as a list of logic formulæ, enables a semi-automatic reasoning about legal compliance but might entail some anticipation of legal ... [more ▼]

The modelling of a legal text into a machine-processable form, such as a list of logic formulæ, enables a semi-automatic reasoning about legal compliance but might entail some anticipation of legal interpretation in the modelling. The formulæ need therefore to be validated by legal experts, but it is unlikely that they are familiar with the formalism used. This calls for an interdisciplinary validation methodology to ensure that the model is legally coherent with the text it aims to represent but that could also close the communication gap between formal modellers and legal evaluators. This paper discusses such a methodology, providing an human-readable representation that preserves the formulæ's meaning but that presents them in a way that is usable by non-experts. We exemplify the methodology on a use case where Articles of the GDPR are translated in the Reified I/O logic encoded in LegalRuleML. [less ▲]

Detailed reference viewed: 81 (1 UL)
Full Text
Peer Reviewed
See detailA Protocol to Strengthen Password-Based Authentication
Vazquez Sandoval, Itzel UL; Lenzini, Gabriele UL; Stojkovski, Borce UL

in Emerging Technologies for Authorization and Authentication (2018, November)

We discuss a password-based authentication protocol that we argue to be robust against password-guessing and o -line dictionary attacks. The core idea is to hash the passwords with a seed that comes from ... [more ▼]

We discuss a password-based authentication protocol that we argue to be robust against password-guessing and o -line dictionary attacks. The core idea is to hash the passwords with a seed that comes from an OTP device, making the resulting identity token unpredictable for an adversary. We believe that the usability of this new protocol is the same as that of password-based methods with OTP, but has the advan- tage of not burdening users with having to choose strong passwords. [less ▲]

Detailed reference viewed: 138 (60 UL)
Full Text
Peer Reviewed
See detailExperience report: How to extract security protocols’ specifications from C libraries
Vazquez Sandoval, Itzel UL; Lenzini, Gabriele UL

in 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Volume 2 (2018, June)

Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code ... [more ▼]

Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code, and with little or no help from the developers to better understand it. Security protocols implementations frequently use services provided by libraries coded in the C programming language; automatic tools for codelevel reverse engineering offer good support to comprehend the behavior of code in object-oriented languages but are ineffective to deal with libraries in C. Here we propose a systematic, yet human-dependent approach, which combines the capabilities of state-of-the-art tools in order to help the analyst to retrieve, step by step, the security protocol specifications from a library in C. Those specifications can then be used to create the formal model needed to carry out the analysis. [less ▲]

Detailed reference viewed: 118 (29 UL)
Full Text
Peer Reviewed
See detailCholesteric Liquid Crystal Shells as Enabling Material for Information-Rich Design and Architecture.
Schwartz, Mathew; Lenzini, Gabriele UL; Geng, Yong UL et al

in Advanced Materials (2018)

The responsive and dynamic character of liquid crystals (LCs), arising from their ability to self-organize into long-range ordered structures while maintaining fluidity, has given them a role as key ... [more ▼]

The responsive and dynamic character of liquid crystals (LCs), arising from their ability to self-organize into long-range ordered structures while maintaining fluidity, has given them a role as key enabling materials in the information technology that surrounds us today. Ongoing research hints at future LC-based technologies of entirely different types, for instance by taking advantage of the peculiar behavior of cholesteric liquid crystals (CLCs) subject to curvature. Spherical shells of CLC reflect light omnidirectionally with specific polarization and wavelength, tunable from the UV to the infrared (IR) range, with complex patterns arising when many of them are brought together. Here, these properties are analyzed and explained, and future application opportunities from an inter- disciplinary standpoint are discussed. By incorporating arrangements of CLC shells in smart facades or vehicle coatings, or in objects of high value subject to counterfeiting, game-changing future uses might arise in fields spanning infor- mation security, design, and architecture. The focus here is on the challenges of a digitized and information-rich future society where humans increasingly rely on technology and share their space with autonomous vehicles, drones, and robots. [less ▲]

Detailed reference viewed: 201 (6 UL)
Full Text
Peer Reviewed
See detailNo Random, No Ransom: A Key to Stop Cryptographic Ransomware
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL

in Giuffrida, Cristiano; Bardin, Sébastien; Blanc, Gregory (Eds.) Proceedings of the 15th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2018) (2018)

To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo ... [more ▼]

To be effective, ransomware has to implement strong encryption, and strong encryption in turn requires a good source of random numbers. Without access to true randomness, ransomware relies on the pseudo random number generators that modern Operating Systems make available to applications. With this insight, we propose a strategy to mitigate ransomware attacks that considers pseudo random number generator functions as critical resources, controls accesses on their APIs and stops unauthorized applications that call them. Our strategy, tested against 524 active real-world ransomware samples, stops 94% of them, including WannaCry, Locky, CryptoLocker and CryptoWall. Remarkably, it also nullifies NotPetya, the latest offspring of the family which so far has eluded all defenses. [less ▲]

Detailed reference viewed: 414 (24 UL)
Full Text
Peer Reviewed
See detailSecurity Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL

in Advances in Cybersecurity 2018 (2018)

To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to ... [more ▼]

To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to accomplish the latter. Understanding the advantages and disadvantages of each method is essential to develop robust defense strategies. In this paper we explain the techniques used by ransomware to derive encryption keys and analyze the security of each approach. We argue that recovery of data might be possible if the ransomware cannot access high entropy randomness sources. As an evidence to support our theoretical results, we provide a decryptor program for a previously undefeated ransomware. [less ▲]

Detailed reference viewed: 142 (12 UL)
Full Text
Peer Reviewed
See detailA Security Analysis, and a Fix, of a Code-Corrupted Honeywords System
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL et al

in Proceedings of the 4th International Conference on Information Systems Security and Privacy (2018)

In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together ... [more ▼]

In 2013 Juels and Rivest introduced the Honeywords System, a password-based authentication system designed to detect when a password file has been stolen. A Honeywords System stores passwords together with indistinguishable decoy words so when an intruder steals the file, retrieves the words, and tries to log-in, he does not know which one is the password. By guessing one from the decoy words, he may not be lucky and reveal the leak. Juels and Rivest left a problem open: how to make the system secure even when the intruder corrupted the login server’s code. In this paper we study and solve the problem. However, since “code corruption” is a powerful attack, we first define rigorously the threat and set a few assumptions under which the problem is still solvable, before showing meaningful attacks against the original Honeywords System. Then we elicit a fundamental security requirement, implementing which, we are able to restore the honeywords System’s security despite a corrupted login service. We verify the new protocol’s security formally, using ProVerif for this task. We also implement the protocol and test its performance. Finally, at the light of our findings, we discuss whether it is still worth using a fixed honeywords-based system against such a powerful threat, or whether it is better, in order to be resilient against code corruption attacks, to design afresh a completely different password-based authentication solution. [less ▲]

Detailed reference viewed: 310 (44 UL)
Full Text
Peer Reviewed
See detailNext Generation Cryptographic Ransomware
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL

in Secure IT Systems: 23rd Nordic Conference, NordSec 2018, Oslo, Norway, November 28-30, 2018, Proceedings (2018)

We are assisting at an evolution in the ecosystem of cryptoware - the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by ... [more ▼]

We are assisting at an evolution in the ecosystem of cryptoware - the malware that encrypts files and makes them unavailable unless the victim pays up. New variants are taking the place once dominated by older versions; incident reports suggest that forthcoming ransomware will be more sophisticated, disruptive, and targeted. Can we anticipate how such future generations of ransomware will work in order to start planning on how to stop them? We argue that among them there will be some which will try to defeat current anti-ransomware; thus, we can speculate over their working principle by studying the weak points in the strategies that seven of the most advanced anti-ransomware are currently implementing. We support our speculations with experiments, proving at the same time that those weak points are in fact vulnerabilities and that the future ransomware that we have imagined can be effective. [less ▲]

Detailed reference viewed: 105 (10 UL)
Full Text
Peer Reviewed
See detailLaw and the software development life cycle
Bartolini, Cesare UL; Lenzini, Gabriele UL

Scientific Conference (2017, November 25)

The increasing demand of reliable software services and the dependability that our daily personal and professional life have on them is bringing significant changes in the domain of software service ... [more ▼]

The increasing demand of reliable software services and the dependability that our daily personal and professional life have on them is bringing significant changes in the domain of software service engineering. One of the most revolutionary is the introduction of regulations, repeating what in the past has concerned the product market. Regulations need to find a balance between the interests of several roles and reduce the inevitable tensions that would otherwise arise among them, as well as to defend the right of the weakest parties (normally the end users). There are multiple interests to balance: the interests of end users, the protection of intellectual property, a fair competition against other enterprises, just to name a few. While some of these requirements concern the structure and organization of the enterprise, some of them are fit to penetrate into the software development life cycle. This would serve multiple purposes: allow the enterprise to design services which already take the legal requirements into account; visually represent the requirements and their interaction with the functionality of the system; develop the software components using tools and methodologies that are able to deal with those requirements; define metrics to measure the degree to which such requirements are met; measure the impact of the requirements on the functionality of the service and on other parameters of the service (such as performance or storage occupation); verify and monitor whether the legal requirements are met; and, last but not least, to have an argument to be used in case of a complaint in a court or at a competent authority. Before being considered in the software service life cycle, legal requirements must undergo a preprocessing phase in which they are translated into some form which is compatible with the tools and methodologies proper of the software engineering, for instance being modelled into a formalism that makes them processable by a machine. There is a significant amount of interdisciplinary topics that need to be combined together to reach an integration between regulation and software life cycle. In particular, at least from three complementary perspectives are needed. One perspective requires the analysis of the provisions of the law, the extraction of the legal requirements classified according to the stakeholders affected, and the translation of those requirements into some formal model that can be processed using appropriate software tools. A second perspective requires a study of the legal requirements from the point of view of requirements engineering techniques, also defining metrics to measure them. The third concerns the models used in the various stages of software engineering (design, modeling, development, validation and testing), which need to be extended to accommodate the legal requirements in their formal representation. Only by putting together these perspectives a comprehensive approach to deal with legal requirements in software engineering is possible. [less ▲]

Detailed reference viewed: 192 (3 UL)
Full Text
Peer Reviewed
See detailSecurity in the Shell : An Optical Physical Unclonable Function made of Shells of Cholesteric Liquid Crystals
Lenzini, Gabriele UL; Samir, Ouchani; Roenne, Peter UL et al

in Proc. of the 9th IEEE Workshop on Information Forensics and Security (2017, October 02)

We describe the application in security of shells of Cholesteric Liquid Crystals (ChLCs). Such shells have a diameter in the microns range and can be gathered in hundreds in a surface area as small as a ... [more ▼]

We describe the application in security of shells of Cholesteric Liquid Crystals (ChLCs). Such shells have a diameter in the microns range and can be gathered in hundreds in a surface area as small as a nail’s head. Because of their structural properties, a bundle of them reflects light, creating colorful patterns that we argue to be unique and computationally hard to predict. We argue also that the bundle itself is unclonable. These are typical properties of Physically Unclonable Functions, a family to which shells of ChLCs belong too. Herein we discuss their physical and security properties and their potential use in object authentication. [less ▲]

Detailed reference viewed: 264 (32 UL)