Alberto Trombetta

BPMN: An introduction to the standard

Abstract The Business Process Model and Notation (BPMN) is the de-facto standard for representing in a very expressive graphical way the processes occurring in virtually every kind of organization one can think of, from cuisine recipes to the Nobel Prize assignment process, incident management, e-mail voting systems, travel booking procedures, to name a few. In this work, we give an overview of BPMN and we present what are the links with other well-known machineries such as BPEL and XPDL. We give an assessment of how the OMGs BPMN standard is perceived and used by practitioners in everyday business process modeling chores.

Privacy-aware role based access control

A privacy-aware role-based access control model extends RBAC to express highly complex privacy-related policies, including consideration of such features as conditions and obligations. Because its based on the RBAC model, the full-fledged P-RBAC solution is easy to deploy in systems already adopting RBAC, thus allowing seamless integration of access control and privacy policies.

A framework for modeling and evaluating automatic semantic reconciliation

Abstract.The introduction of the Semantic Web vision and the shift toward machine understandable Web resources has unearthed the importance of automatic semantic reconciliation. Consequently, new tools for automating the process were proposed. In this work we present a formal model of semantic reconciliation and analyze in a systematic manner the properties of the process outcome, primarily the inherent uncertainty of the matching process and how it reflects on the resulting mappings. An important feature of this research is the identification and analysis of factors that impact the effectiveness of algorithms for automatic semantic reconciliation, leading, it is hoped, to the design of better algorithms by reducing the uncertainty of existing algorithms. Against this background we empirically study the aptitude of two algorithms to correctly match concepts. This research is both timely and practical in light of recent attempts to develop and utilize methods for automatic semantic reconciliation.

A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems

A relatively new trend in Critical Infrastructures (e.g., power plants, nuclear plants, energy grids, etc.) is the massive migration from the classic model of isolated systems, to a system-of-systems model, where these infrastructures are intensifying their interconnections through Information and Communications Technology (ICT) means. The ICT core of these industrial installations is known as Supervisory Control And Data Acquisition Systems (SCADA). Traditional ICT security countermeasures (e.g., classic firewalls, anti-viruses and IDSs) fail in providing a complete protection to these systems since their needs are different from those of traditional ICT. This paper presents an innovative approach to Intrusion Detection in SCADA systems based on the concept of Critical State Analysis and State Proximity. The theoretical framework is supported by tests conducted with an Intrusion Detection System prototype implementing the proposed detection approach.

Modbus/DNP3 State-Based Intrusion Detection System

The security of Industrial Critical Infrastructures is become a prominent problem with the advent of modern ICT technologies used to improve the performances and the features of the SCADA systems. In this paper we present an innovative approach to the design of Intrusion Detection Systems. The aim is to be able to detect complex attacks to SCADA systems, by monitoring its state evolution. By complex attack, we mean attacks composed of a set of commands that, while licit when considered in isolation on a single-packet basis, can disrupt the correct behavior of the system when executed in particular operating states. The proposed IDS detects these complex attacks thanks to an internal representation of the controlled SCADA system. We also present the corresponding rule language powerful enough to express the system’s critical states. Furthermore, we present a prototype of the proposed IDS, able to monitor systems using the ModBus and DNP3 communication protocols.

An experimental investigation of malware attacks on SCADA systems

Abstract Modern critical infrastructures are continually exposed to new threats due to the vulnerabilities and architectural weaknesses introduced by the extensive use of information and communications technologies (ICT). Of particular significance are the vulnerabilities in the communication protocols used in supervisory control and data acquisition (SCADA) systems that are commonly employed to control industrial processes. This paper presents the results of our research on the impact of traditional ICT malware on SCADA systems. In addition, it discusses the potential damaging effects of computer malware created for SCADA systems.

State-based network intrusion detection systems for SCADA protocols: a proof of concept

We present a novel Intrusion Detection System able to detect complex attacks to SCADA systems. By complex attack, we mean a set of commands (carried in Modbus packets) that, while licit when considered in isolation on a single-packet basis, interfere with the correct behavior of the system. The proposed IDS detects such attacks thanks to an internal representation of the controlled SCADA system and a corresponding rule language, powerful enough to express the systems critical states. Furthermore, we detail the implementation and provide experimental comparative results.

Design and Implementation of a Secure Modbus Protocol

The interconnectivity of modern and legacy supervisory control and data acquisition (SCADA) systems with corporate networks and the Internet has significantly increased the threats to critical infrastructure assets. Meanwhile, traditional IT security solutions such as firewalls, intrusion detection systems and antivirus software are relatively ineffective against attacks that specifically target vulnerabilities in SCADA protocols. This paper describes a secure version of the Modbus SCADA protocol that incorporates integrity, authentication, non-repudiation and anti-replay mechanisms. Experimental results using a power plant testbed indicate that the augmented protocol provides good security functionality without significant overhead.

Optimal comparison strategies in Ulam's searching game with two errors

Abstract Suppose x is an n-bit integer. By a comparison question we mean a question of the form “does x satisfy either condition a ⩽x ⩽b or c ⩽x ⩽d?”. We describe strategies to find x using the smallest possible number q(n) of comparison questions, and allowing up to two of the answers to be erroneous. As proved in this self-contained paper, with the exception of n = 2, q(n) is the smallest number q satisfying Berlekamps inequality 2 q ⩾2 n q 2 + q + 1 . This result would disappear if we only allowed questions of the form “does x satisfy the condition a⩽x⩽b?”. Since no strategy can find the unknown x ∈ {0,1,…,2n −1} with less than q(n) questions, our result provides extremely simple optimal searching strategies for Ulams game with two lies—the game of Twenty Questions where up to two of the answers may be erroneous.

Privacy-Preserving Updates to Anonymous and Confidential Databases

Suppose Alice owns a k-anonymous database and needs to determine whether her database, when inserted with a tuple owned by Bob, is still k-anonymous. Also, suppose that access to the database is strictly controlled, because for example data are used for certain experiments that need to be maintained confidential. Clearly, allowing Alice to directly read the contents of the tuple breaks the privacy of Bob (e.g., a patients medical record); on the other hand, the confidentiality of the database managed by Alice is violated once Bob has access to the contents of the database. Thus, the problem is to check whether the database inserted with the tuple is still k-anonymous, without letting Alice and Bob know the contents of the tuple and the database, respectively. In this paper, we propose two protocols solving this problem on suppression-based and generalization-based k-anonymous and confidential databases. The protocols rely on well-known cryptographic assumptions, and we provide theoretical analyses to proof their soundness and experimental results to illustrate their efficiency.