![]() ; ; Lenzini, Gabriele ![]() in Computer and Security (2017), 67 Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam ... [more ▼] Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam scandals confirm, also invigilators and authorities may pose security threats. The introduction of computers into the different phases of an exam, such as candidate registration, brings new security issues that should be addressed with the care normally devoted to security protocols. This paper proposes a protocol that meets a wide set of security requirements and resists threats that may originate from candidates as well as from exam administrators. By relying on a combination of oblivious transfer and visual cryptography schemes, the protocol does not need to rely on any trusted third party. We analyse the protocol formally in ProVerif and prove that it verifies all the stated security requirements. [less ▲] Detailed reference viewed: 332 (8 UL)![]() ![]() ; Lenzini, Gabriele ![]() Scientific Conference (2015, July 13) Detailed reference viewed: 91 (2 UL)![]() ; Giustolisi, Rosario ![]() ![]() in ICT Systems Security and Privacy Protection. 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015 (2015) Detailed reference viewed: 350 (14 UL)![]() ; ; Lenzini, Gabriele ![]() in JOURNAL OF COMPUTER SECURITY (2015), 23(5), 563-585 The security and privacy of the data that users transmit, more or less deliberately, to modern services is an open problem. It is not solely limited to the actual Internet traversal, a sub-problem vastly ... [more ▼] The security and privacy of the data that users transmit, more or less deliberately, to modern services is an open problem. It is not solely limited to the actual Internet traversal, a sub-problem vastly tackled by consolidated research in security protocol design and analysis. By contrast, it entails much broader dimensions pertaining to how users approach technology and understand the risks for the data they enter. For example, users may express cautious or distracted personas depending on the service and the point in time; further, pre-established paths of practice may lead them to neglect the intrusive privacy policy offered by a service, or the outdated protections adopted by another. The approach that sees the service security and privacy problem as a socio-technical one needs consolidation. With this motivation, the article makes a threefold contribution. It reviews the existing literature on service security and privacy, especially from the socio-technical standpoint. Further, it outlines a general research methodology aimed at layering the problem appropriately, at suggesting how to position existing findings, and ultimately at indicating where a transdisciplinary task force may fit in. The article concludes with the description of the three challenge domains of services whose security and privacy we deem open socio-technical problems, not only due to their inherent facets but also to their huge number of users. [less ▲] Detailed reference viewed: 196 (7 UL)![]() ; Giustolisi, Rosario ![]() ![]() in Twelfth Annual International Conference on Privacy, Security and Trust (PST), Ryerson University, Toronto, July 23-24, 2014 (2014) Detailed reference viewed: 178 (8 UL)![]() ; ; Giustolisi, Rosario ![]() in IEEE 38th Annual International Computers, Software and Applications Conference Workshops, 27–29 July 2014, Västerås, Sweden (2014) Detailed reference viewed: 181 (5 UL)![]() ![]() ; Lenzini, Gabriele ![]() Scientific Conference (2014) Detailed reference viewed: 80 (1 UL)![]() Giustolisi, Rosario ![]() ![]() in 8th International Conference onRisk and Security of Internet and Systems (CRiSIS), 2013 (2013) Detailed reference viewed: 193 (9 UL)![]() ; Giustolisi, Rosario ![]() ![]() in Trust Management VII (2013) Detailed reference viewed: 202 (20 UL)![]() ; Giustolisi, Rosario ![]() ![]() in PST (2013) Detailed reference viewed: 3846 (21 UL)![]() Lenzini, Gabriele ![]() Book published by IEEE (2012) The last few years have consolidated our understanding that security and trust are a socio-technical matter. Hence a call for researchers from different disciplines, such as sociology, psychology and ... [more ▼] The last few years have consolidated our understanding that security and trust are a socio-technical matter. Hence a call for researchers from different disciplines, such as sociology, psychology and informatics, to construct a holistic vision of security and trust. STAST, the workshop on Socio-Technical Aspects in Security and Trust, is an international event to support such interdisciplinary research. It reaches its second edition in 2012. The first took place at the University of Milano (Milan, Italy), hosted by the International Conference on Network and System Security (NSS). The second edition was held at Harvard University (Cambridge, MA, USA), hosted by the Computer Security Foundation Symposium (CSF) — this volume gathers its post-proceedings. [less ▲] Detailed reference viewed: 90 (8 UL)![]() ; Giustolisi, Rosario ![]() in Computers and Security (2011), 30(8), 705-718 Detailed reference viewed: 147 (7 UL)![]() ; Lenzini, Gabriele ![]() ![]() Book published by IEEE (2011) Detailed reference viewed: 235 (11 UL) |
||