References of "Lenzini, Gabriele 50002200"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailWhich Properties has an Icon? A Critical Discussion on Evaluation Methods for Standardised Data Protection Iconography
Rossi, Arianna UL; Lenzini, Gabriele UL

in Proceedings of the 8th Workshop on Socio-Technical Aspects in Security and Trust (STAST) (in press)

Following GDPR's Article12.7's proposal to use standardized icons to inform data subject in "an easily visible, intelligible and clearly legible manner," several icon sets have been developed. In this ... [more ▼]

Following GDPR's Article12.7's proposal to use standardized icons to inform data subject in "an easily visible, intelligible and clearly legible manner," several icon sets have been developed. In this paper, we firstly critically review some of those proposals. We then examine the properties that icons and icon sets should arguably fulfill according to Art.12's transparency provisions. Lastly, we discuss metrics and evaluation procedures to measure compliance with the Article. [less ▲]

Detailed reference viewed: 82 (9 UL)
Full Text
Peer Reviewed
See detailAn Agile Approach to Validate a Formal Representation of the GDPR
Bartolini, Cesare UL; Lenzini, Gabriele UL; Santos, Cristiana

in New Frontiers in Artificial Intelligence (in press)

Modelling in a knowledge base of logic formulæ the articles of the GDPR enables a semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the ... [more ▼]

Modelling in a knowledge base of logic formulæ the articles of the GDPR enables a semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the legal meaning of the Regulation's articles. But legal experts are usually not familiar with logic, and this calls for an interdisciplinary validation methodology that bridges the communication gap between formal modelers and legal evaluators. We devise such a validation methodology and exemplify it over a knowledge base of articles of the GDPR translated into Reified I/O (RIO) logic and encoded in LegalRuleML. A pivotal element of the methodology is a human-readable intermediate representation of the logic formulæ that preserves the formulæ's meaning, while rendering it in a readable way to non-experts. After being applied over a use case, we prove that it is possible to retrieve feedback from legal experts about the formal representation of Art. 5.1a and Art. 7.1. What emerges is an agile process to build logic knowledge bases of legal texts, and to support their public trust, which we intend to use for a logic model of the GDPR, called DAPRECO knowledge base. [less ▲]

Detailed reference viewed: 204 (24 UL)
Full Text
Peer Reviewed
See detailTransparency by Design in Data-Informed Research: a Collection of Information Design Patterns
Rossi, Arianna UL; Lenzini, Gabriele UL

in Computer Law and Security Report (in press)

Oftentimes information disclosures describing personal data-gathering research activities are so poorly designed that participants fail to be informed and blindly agree to the terms, without grasping the ... [more ▼]

Oftentimes information disclosures describing personal data-gathering research activities are so poorly designed that participants fail to be informed and blindly agree to the terms, without grasping the rights they can exercise and the risks derived from their cooperation. To respond to the challenge, this article presents a series of operational strategies for transparent communication in line with legal-ethical requirements. These "transparency-enhancing design patterns" can be implemented by data controllers/researchers to maximize the clarity, navigability, and noticeability of the information provided and ultimately empower data subjects/research subjects to appreciate and determine the permissible use of their data. [less ▲]

Detailed reference viewed: 73 (3 UL)
Full Text
Peer Reviewed
See detailMaking the Case for Evidence-based Standardization of Data Privacy and Data Protection Visual Indicators
Rossi, Arianna UL; Lenzini, Gabriele UL

in Journal of Open Access to Law (JOAL) (2020), 8(1),

Lately, icons have witnessed a growing wave of interest in the view of enhancing transparency and clarity of data processing practices in mandated disclosures. Although benefits in terms of ... [more ▼]

Lately, icons have witnessed a growing wave of interest in the view of enhancing transparency and clarity of data processing practices in mandated disclosures. Although benefits in terms of comprehensibility, noticeability, navigability of the information and user’s attention and memorization can be expected, they should also be supported by decisive empirical evidence about the efficacy of the icons in specific contexts. Misrepresentation, oversimplification, and improper salience of certain aspects over others are omnipresent risks that can drive data subjects to wrong conclusions. Cross-domain and international standardization of visual means also poses a serious challenge: if on the one hand developing standards is necessary to ensure widespread recognition and comprehension, each domain and application presents unique features that can be hardly established, and imposed, in a top-down manner. This article critically discusses the above issues and identifies relevant open questions for scientific research. It also provides concrete examples and practical suggestions for researchers and practitioners that aim to implement transparency-enhancing icons in the spirit of the General Data Protection Regulation (GDPR). [less ▲]

Detailed reference viewed: 66 (7 UL)
Full Text
Peer Reviewed
See detailSystematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instant messaging
Symeonidis, Iraklis UL; Lenzini, Gabriele UL

in International Conference on Information Systems Security and Privacy, Malta 25-27 February 2020 (2020, February)

Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar ... [more ▼]

Modern email and instant messaging applications often offer private communications. In doing so, they share common concerns about how security and privacy can be compromised, how they should face similar threats, and how to comply with comparable system requirements. Assuming a scenario where servers may not be trusted, we review and analyze a list of threats specifically against message delivering, archiving, and contact synchronization. We also describe a list of requirements intended for whom undertakes the task of implementing secure and private messaging. The cryptographic solutions available to mitigate the threats and to comply with the requirements may differ, as the two applications are built on different assumptions and technologies. [less ▲]

Detailed reference viewed: 66 (12 UL)
Full Text
Peer Reviewed
See detailEvaluating ambiguity of privacy indicators in a secure email app
Stojkovski, Borce UL; Lenzini, Gabriele UL

in Loreti, Michele; Spalazzi, Luca (Eds.) Proceedings of the Fourth Italian Conference on Cyber Security, Ancona Italy, February 4th to 7th, 2020 (2020)

Informing laymen of security situations is a notoriously hard problem. Users are usually not cognoscenti of all the various secure and insecure situations that may arise, and this can be further worsened ... [more ▼]

Informing laymen of security situations is a notoriously hard problem. Users are usually not cognoscenti of all the various secure and insecure situations that may arise, and this can be further worsened by certain visual indicators that instead of helping users, fail to convey clear and unambiguous messages. Even in well-established and studied applications, like email clients providing end-to-end encryption, the problem seems far from being solved. Motivated to verify this claim, we studied the communication qualities of four privacy icons (in the form of coloured shapes) in conveying specific security messages, relevant for a particular secure emailing system called p≡p. We questioned 42 users in three different sessions, where we showed them 10 privacy ratings, along with their explanations, and asked them to match the rating and explanation with the four privacy icons. We compared the participants’ associations to those made by the p≡p developers. The results, still preliminary, are not encouraging. Except for the two most extreme cases, Secure and trusted and Under attack, users almost entirely missed to get the indicators’ intended messages. In particular, they did not grasp certain concepts such as Unsecure email and Secure email, which in turn were fundamental for the engineers. Our work has certain limitations and further investigation is required, but already at this stage our research calls for a closer collaboration between app engineers and icon designers. In the context of p≡p, our work has triggered a deeper discussion on the icon design choices and a potential revamp is on the way. [less ▲]

Detailed reference viewed: 25 (2 UL)
Full Text
Peer Reviewed
See detailQualifying and Measuring Transparency: A Medical Data System Case Study
Spagnuelo, Dayana; Bartolini, Cesare UL; Lenzini, Gabriele UL

in Computers and Security (2020)

Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides ... [more ▼]

Transparency is a data processing principle enforced by the GDPR but purposely left open to interpretation. As such, the means to adhere to it are left unspecified. Article 29 Working Party provides practical guidance on how to interpret transparency, however there are no defined requirements nor ways to verify the quality of the implementation of transparency. We address this problem. We discuss and define applicable metrics for transparency, propose how measurement can be conducted in an operative system, and suggest a practical way in which these metrics can be interpreted in order to increase confidence that transparency is realised in a system. [less ▲]

Detailed reference viewed: 30 (1 UL)
Full Text
Peer Reviewed
See detailDual-Use Research In Ransomware Attacks: A Discussion on Ransomware Defence Intelligence
Genç, Ziya Alper UL; Lenzini, Gabriele UL

in Proceedings of the 6th International Conference on Information Systems Security and Privacy (2020)

Previous research has shown that developers rely on public platforms and repositories to produce functional but insecure code. We looked into the matter for ransomware, enquiring whether also ransomware ... [more ▼]

Previous research has shown that developers rely on public platforms and repositories to produce functional but insecure code. We looked into the matter for ransomware, enquiring whether also ransomware engineers re-use the work of others and produce insecure code. By methodically reverse-engineering 128 malware executables, we have found that, out of 21 ransomware samples, 9 contain copy-paste code from public resources. Thanks to this finding, we managed to retrieve the decryption keys with which to nullify the ransomware attacks. From this fact, we recall critical cases of code disclosure in the recent history of ransomware and, arguing that ransomware are components in cyber-weapons, reflect on the dual-use nature of this research. We further discuss benefits and limits of using cyber-intelligence and counter-intelligence strategies that could be used against this threat. [less ▲]

Detailed reference viewed: 58 (3 UL)
Full Text
Peer Reviewed
See detailThe DAta Protection REgulation COmpliance Model
Bartolini, Cesare UL; Lenzini, Gabriele UL; Robaldo, Livio UL

in IEEE Security and Privacy (2019), 17(6), 37-45

Understanding whether certain technical measures comply with the General Data Protection Regulation’s (GDPR’s) principles is complex legal work. This article describes a model of the GDPR that allows for ... [more ▼]

Understanding whether certain technical measures comply with the General Data Protection Regulation’s (GDPR’s) principles is complex legal work. This article describes a model of the GDPR that allows for semiautomatic processing of legal text and the leveraging of state-of-the-art legal informatics approaches, which are useful for legal reasoning, software design, information retrieval, or compliance checking. [less ▲]

Detailed reference viewed: 127 (15 UL)
Peer Reviewed
See detailModelling of Railways Signalling System Requirements by Controlled Natural Languages: A Case Study
Lenzini, Gabriele UL; Petrocchi, Marinella

in From Software Engineering to Formal Methods and Tools, and Back (2019)

The railway sector has been a source of inspiration for generations of researchers challenged to develop models and tools to analyze safety and reliability. Threats were coming mainly from within, due to ... [more ▼]

The railway sector has been a source of inspiration for generations of researchers challenged to develop models and tools to analyze safety and reliability. Threats were coming mainly from within, due to occasionally faults in hardware components. With the advent of smart trains, the railway industry is venturing into cybersecurity and the railway sector will become more and more compelled to protect assets from threats against information & communication technology. We discuss this revolution at large, while speculating that instruments developed for security requirements engineering can then come in support of in the railway sector. And we explore the use of one of them: the Controlled Natural Language for Data Sharing Agreement (CNL4DSA). We use it to formalize a few exemplifying signal management system requirements. Since CNL4DSA enables the automatic generation of enforceable access control policies, our exercise is preparatory to implementing the security-by design principle in railway signalling management engineering. [less ▲]

Detailed reference viewed: 65 (4 UL)
Full Text
Peer Reviewed
See detailA Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption Attack
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL et al

in Information Systems Security and Privacy (2019, July)

Password-based authentication is a widespread method to access into systems, thus password files are a valuable resource often target of attacks. To detect when a password file has been stolen, Juels and ... [more ▼]

Password-based authentication is a widespread method to access into systems, thus password files are a valuable resource often target of attacks. To detect when a password file has been stolen, Juels and Rivest introduced the Honeywords System in 2013. The core idea is to store the password with a list of decoy words that are ``indistinguishable'' from the password, called honeywords. An adversary that obtains the password file and, by dictionary attack, retrieves the honeywords can only guess the password when attempting to log in: but any incorrect guess will set off an alarm, warning that file has been compromised. In a recent conference paper, we studied the security of the Honeywords System in a scenario where the intruder also manages to corrupt the server's code (with certain limiting assumptions); we proposed an authentication protocol and proved it secure despite the corruption. In this extended journal version, we detail the analysis and we extend it, under the same attacker model, to the other two protocols of the original Honeywords System, the setup and change of password. We formally verify the security of both of them; further, we discuss that our design suggests a completely new approach that diverges from the original idea of the Honeywords System but indicates an alternative way to authenticate users which is robust to server's code-corruption. [less ▲]

Detailed reference viewed: 121 (6 UL)
Full Text
Peer Reviewed
See detailDark Patterns: Deception or Simply Bad Design?
Rossi, Arianna UL; Lenzini, Gabriele UL; Koenig, Vincent UL et al

Poster (2019)

Lately, researchers, journalists, and regulators are devoting attention to dark patterns, defined as "design choices that benefit an online service by coercing, steering or deceiving users into making ... [more ▼]

Lately, researchers, journalists, and regulators are devoting attention to dark patterns, defined as "design choices that benefit an online service by coercing, steering or deceiving users into making decisions that, if fully informed and capable of selecting alternatives, they would not make". Those patterns that have the purpose" or the "substantial effect of obscuring, subverting, or impairing user autonomy, decision-making, or choice" have also been qualified as dark. These definitions are dense: they contain concepts like coercion, nudging, and deception that all alone would deserve an entire work to be discussed. [less ▲]

Detailed reference viewed: 42 (9 UL)
Full Text
Peer Reviewed
See detailCase Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Sgandurra, Daniele

in Proceedings of the Third Central European Cybersecurity Conference (2019)

Malware is one of the most popular cyber-attack methods in the digital world. According to the independent test company AV-TEST, 350,000 new malware samples are created every day. To analyze all samples ... [more ▼]

Malware is one of the most popular cyber-attack methods in the digital world. According to the independent test company AV-TEST, 350,000 new malware samples are created every day. To analyze all samples by hand to discover whether they are malware does not scale, so antivirus companies automate the process e.g., using sand- boxes where samples can be run, observed, and classified. Malware authors are aware of this fact, and try to evade detection. In this paper we describe one of such evasion technique: unprecedented, we discovered it while analyzing a ransomware sample. Analyzed in a Cuckoo Sandbox, the sample was able to avoid triggering malware indicators, thus scoring significantly below the minimum severity level. Here, we discuss what strategy the sample follows to evade the analysis, proposing practical defense methods to nullify, in our turn, the sample’s furtive strategy. [less ▲]

Detailed reference viewed: 70 (12 UL)
Full Text
Peer Reviewed
See detailA Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email
Vazquez Sandoval, Itzel UL; Lenzini, Gabriele UL

in Emerging Technologies for Authorization and Authentication (2019)

To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome ... [more ▼]

To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome for the average user. To make more accessible the use of encrypted email, a secure email application named pEp automates the key management operations; pEp still requires the users to carry out the verification, however, the authentication process is simple: users have to compare familiar words instead of strings of random characters, then the application shows the users what level of trust they have achieved via colored visual indicators. Yet, users may not execute the authentication ceremony as intended, pEp's trust rating may be wrongly assigned, or both. To learn whether pEp's trust ratings (and the corresponding visual indicators) are assigned consistently, we present a formal security analysis of pEp's authentication ceremony. From the software implementation in C, we derive the specifications of an abstract protocol for public key distribution, encryption and trust establishment; then, we model the protocol in a variant of the applied pi calculus and later formally verify and validate specific privacy and authentication properties. We also discuss alternative research directions that could enrich the analysis. [less ▲]

Detailed reference viewed: 70 (10 UL)
Full Text
Peer Reviewed
See detailA Game of "Cut and Mouse": Bypassing Antivirus by Simulating User Inputs
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Sgandurra, Daniele

in Proceedings of the 35th Annual Computer Security Applications Conference (2019)

To protect their digital assets from malware attacks, most users and companies rely on anti-virus (AV) software. But AVs' protection is a full-time task and AVs are engaged in a cat-and-mouse game where ... [more ▼]

To protect their digital assets from malware attacks, most users and companies rely on anti-virus (AV) software. But AVs' protection is a full-time task and AVs are engaged in a cat-and-mouse game where malware, e.g., through obfuscation and polymorphism, denial of service attacks and malformed packets and parameters, try to circumvent AV defences or make them crash. On the other hand, AVs react by complementing signature-based with anomaly or behavioral detection, and by using OS protection, standard code, and binary protection techniques. Further, malware counter-act, for instance by using adversarial inputs to avoid detection, et cetera. This paper investigates two novel moves for the malware side. The first one consists in simulating mouse events to control AVs, namely to send them mouse "clicks" to deactivate their protection. We prove that many AVs can be disabled in this way, and we call this class of attacks Ghost Control. The second one consists in controlling high-integrity white-listed applications, such as Notepad, by sending them keyboard events (such as "copy-and-paste") to perform malicious operations on behalf of the malware. We prove that the anti-ransomware protection feature of some AVs can be bypassed if we use Notepad as a "puppet" to rewrite the content of protected files as a ransomware would do. Playing with the words, and recalling the cat-and-mouse game, we call this class of attacks Cut-and-Mouse. [less ▲]

Detailed reference viewed: 19 (2 UL)
Full Text
Peer Reviewed
See detailNoCry: No More Secure Encryption Keys for Cryptographic Ransomware
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Ryan, Peter UL

in Proceedings of the Second International Workshop on Emerging Technologies for Authorization and Authentication (2019)

Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific ... [more ▼]

Since the appearance of ransomware in the cyber crime scene, researchers and anti-malware companies have been offering solutions to mitigate the threat. Anti-malware solutions differ on the specific strategy they implement, and all have pros and cons. However, three requirements concern them all: their implementation must be secure, be effective, and be efficient. Recently, Genç et al. proposed to stop a specific class of ransomware, the cryptographically strong one, by blocking unauthorized calls to cryptographically secure pseudo-random number generators, which are required to build strong encryption keys. Here, in adherence to the requirements, we discuss an implementation of that solution that is more secure (with components that are not vulnerable to known attacks), more effective (with less false negatives in the class of ransomware addressed) and more efficient (with minimal false positive rate and negligible overhead) than the original, bringing its security and technological readiness to a higher level. [less ▲]

Detailed reference viewed: 107 (7 UL)
Full Text
Peer Reviewed
See detailSistemi Medici e Conformità Legale
Bartolini, Cesare UL; Lenzini, Gabriele UL

in Rivista Italiana di Medicina Legale: Dottrina, Casistica, Ricerca Sperimentale, Giurisprudenza e Legislazione (2019), XLI(1/2019), 225-242

The present document addresses the topic of legal compliance of medical systems, that is, hardware and software devices medically used on people for clinical tests, diagnosis, study, and similar purposes ... [more ▼]

The present document addresses the topic of legal compliance of medical systems, that is, hardware and software devices medically used on people for clinical tests, diagnosis, study, and similar purposes, mainly with respect to EU law. The work briefly overviews the applicable laws and regulations and discusses the relevance on medical systems of concepts that General Data Protection Regulation (GDPR) covers in a wider scope, such as data protection and transparency. The document looks into the practical meaning of legal compliance in a medical system and in the software that defines its behavior. Granted that any lawfulness decision is a prerogative of the judicial authority, the document concludes by suggesting currently-available means, such as official conformity checks, standards, but also conformity guidelines during development, to build a reasonably compliant medical system, or to check for its conformity. [less ▲]

Detailed reference viewed: 65 (4 UL)
Full Text
Peer Reviewed
See detailOn Deception-Based Protection Against Cryptographic Ransomware
Genç, Ziya Alper UL; Lenzini, Gabriele UL; Sgandurra, Daniele

in Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (2019)

In order to detect malicious file system activity, some commercial and academic anti-ransomware solutions implement deception-based techniques, specifically by placing decoy files among user files. While ... [more ▼]

In order to detect malicious file system activity, some commercial and academic anti-ransomware solutions implement deception-based techniques, specifically by placing decoy files among user files. While this approach raises the bar against current ransomware, as any access to a decoy file is a sign of malicious activity, the robustness of decoy strategies has not been formally analyzed and fully tested. In this paper, we analyze existing decoy strategies and discuss how they are effective in countering current ransomware by defining a set of metrics to measure their robustness. To demonstrate how ransomware can identify existing deception-based detection strategies, we have implemented a proof-of-concept anti-decoy ransomware that successfully bypasses decoys by using a decision engine with few rules. Finally, we discuss existing issues in decoy-based strategies and propose practical solutions to mitigate them. [less ▲]

Detailed reference viewed: 79 (4 UL)
Full Text
Peer Reviewed
See detailAn Agile Approach to Validate a Formal Representation of the GDPR
Bartolini, Cesare UL; Lenzini, Gabriele UL; Santos, Cristiana

in International Symposium on Artificial Intelligence (2019), 11717

Modeling in a knowledge base of logic formulæ the articles of the GDPR enables semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the ... [more ▼]

Modeling in a knowledge base of logic formulæ the articles of the GDPR enables semi-automatic reasoning of the Regulation. To be legally substantiated, it requires that the formulæ express validly the legal meaning of the Regulation’s articles. But legal experts are usually not familiar with logic, and this calls for an interdisciplinary validation methodology that bridges the communication gap between formal modelers and legal evaluators. We devise such a validation methodology and exemplify it over a knowledge base of articles of the GDPR translated AQ2 into Reified I/O (RIO) logic and encoded in LegalRuleML. A pivotal element of the methodology is a human-readable intermediate representation of the logic formulæ that preserves the formulæ’s meaning while rendering it in a readable way to non-experts. After being applied over a use case, we prove that it is possible to retrieve feedback from legal experts about the formal representation of Art. 5.1a and Art. 7.1. What emerges is an agile process to build logic knowledge bases of legal texts, and to support their public trust, which we intend to use for a logic AQ3 model of the GDPR, called DAPRECO knowledge base. [less ▲]

Detailed reference viewed: 75 (8 UL)
Full Text
Peer Reviewed
See detailFormalizing GDPR provisions in reified I/O logic: the DAPRECO knowledge base
Robaldo, Livio UL; Bartolini, Cesare UL; Lenzini, Gabriele UL et al

in Journal of Logic, Language and Information (2019)

Detailed reference viewed: 48 (17 UL)