Giancarlo Ruffo

LotusNet: Tunable privacy for distributed online social network services

The evolution of the role of online social networks in the Web has led to a collision between private, public and commercial spheres that have been inevitably connected together in social networking services since their beginning. The growing awareness on the opaque data management operated by many providers reveals that a privacy-aware service that protects user information from privacy leaks would be very attractive for a consistent portion of users. In order to meet this need we propose LotusNet, a framework for the development of social network services relying on a peer-to-peer paradigm which supports strong user authentication. We tackle the trade-off problem between security, privacy and services in distributed social networks by providing the users the possibility to tune their privacy settings through a very flexible and fine-grained access control system. Moreover, our architecture is provided with a powerful suite of high-level services that greatly facilitates custom application development and mash up.

WALTy: a user behavior tailored tool for evaluating Web application performance

We present WALTy (Web application load-based testing tool), a set of tools that allows the performance analysis of Web applications by means of a scalable what-if analysis on the test bed. The proposed approach is based on a workload characterization generated from information extracted from log files. The workload is generated by using of customer behavior model graphs (CBMG), that are derived by extracting information from the Web application log files. In this manner the synthetic workload used to evaluate the Web application under test is representative of the real traffic that the Web application has to serve. One of the most common critics to this approach is that synthetic workload produced by Web stressing tools is far from being realistic. The use of the CBMGs might be useful to overcome this critic.

High dictionary compression for proactive password checking

The important problem of user password selection is addressed and a new proactive password-checking technique is presented. In a training phase, a decision tree is generated based on a given dictionary of weak passwords. Then, the decision tree is used to determine whether a user password should be accepted. Experimental results described here show that the method leads to a very high dictionary compression (up to 1000 to 1) with low error rates (of the order of 1%). A prototype implementation, called ProCheck, is made available online. We survey previous approaches to proactive password checking, and provide an in-depth comparison.

On the dynamics of human proximity for data diffusion in ad-hoc networks

We report on a data-driven investigation aimed at understanding the dynamics of message spreading in a real-world dynamical network of human proximity. We use data collected by means of a proximity-sensing network of wearable sensors that we deployed at three different social gatherings, simultaneously involving several hundred individuals. We simulate a message spreading process over the recorded proximity network, focusing on both the topological and the temporal properties. We show that by using an appropriate technique to deal with the temporal heterogeneity of proximity events, a universal statistical pattern emerges for the delivery times of messages, robust across all the data sets. Our results are useful to set constraints for generic processes of data dissemination, as well as to validate established models of human mobility and proximity that are frequently used to simulate realistic behaviors.

Keystroke analysis of different languages: a case study

Typing rhythms are one of the rawest form of data stemming from the interaction between humans and computers. When properly analyzed, they may allow to ascertain personal identity. In this paper we provide experimental evidence that the typing dynamics of free text can be used for user identification and authentication even when typing samples are written in different languages. As a consequence, we argue that keystroke analysis can be useful even when people may use different languages, in those areas where ascertaining personal identity is important or crucial, such as within Computer Security.

Figurative messages and affect in Twitter

The use of irony and sarcasm has been proven to be a pervasive phenomenon in social media posing a challenge to sentiment analysis systems. Such devices, in fact, can influence and twist the polarity of an utterance in different ways. A new dataset of over 10,000 tweets including a high variety of figurative language types, manually annotated with sentiment scores, has been released in the context of the task 11 of SemEval-2015. In this paper, we propose an analysis of the tweets in the dataset to investigate the open research issue of how separated figurative linguistic phenomena irony and sarcasm are, with a special focus on the role of features related to the multi-faceted affective information expressed in such texts. We considered for our analysis tweets tagged with #irony and #sarcasm, and also the tag #not, which has not been studied in depth before. A distribution and correlation analysis over a set of features, including a wide variety of psycholinguistic and emotional features, suggests arguments for the separation between irony and sarcasm. The outcome is a novel set of sentiment, structural and psycholinguistic features evaluated in binary classification experiments. We report about classification experiments carried out on a previously used corpus for #irony vs #sarcasm. We outperform in terms of F-measure the state-of-the-art results on this dataset. Overall, our results confirm the difficulty of the task, but introduce new data-driven arguments for the separation between #irony and #sarcasm. Interestingly, #not emerges as a distinct phenomenon.

A peer-to-peer recommender system based on spontaneous affinities

Network analysis has proved to be very useful in many social and natural sciences, and in particular Small World topologies have been exploited in many application fields. In this article, we focus on P2P file sharing applications, where spontaneous communities of users are studied and analyzed. We define a family of structures that we call “Affinity Networks” (or even Graphs) that show self-organized interest-based clusters. Empirical evidence proves that affinity networks are small worlds and shows scale-free features. The relevance of this finding is augmented with the introduction of a proactive recommendation scheme, namely DeHinter, that exploits this natural feature. The intuition behind this scheme is that a user would trust her network of “elective affinities” more than anonymous and generic suggestions made by impersonal entities. The accuracy of the recommendation is evaluated by way of a 10-fold cross validation, and a prototype has been implemented for further feedbacks from the users.

Proactive password checking with decision trees

The important problem of user password selection is addressed and a new proactive password checking technique is presented. In a training phase, a decision tree is generated based on a given dictionary of weak passwords. Then, the decision tree is used to determine whether a user password should be accepted. Experimental results described here show that the method leads to very high dictionary compression (from 100 to 3 in the average) with low error rates (of the order of 1%). We survey previous approaches to proactive password checking, and provide an in-depth comparison.

Secure and flexible framework for decentralized social network services

The rapid growth of the volume of user-generated contents in online social networks has raised many privacy concerns, mainly due to the data exploitation operated by providers. In order to address this problem, the idea of supporting social network services with open peer-to-peer systems has gained ground very recently. Nevertheless, the development of social network applications on decentralized layers involves several new security and design issues. In this paper we define an architectural model which embeds user identity management in a DHT overlay, providing a very robust and flexible support for any identity-based application. Important features for social applications like reputation management, modular expandability of the application suite and discretionary access control to shared resources can be easily implemented on our framework.

FairPeers: Efficient Profit Sharing in Fair Peer-to-Peer Market Places

The technical impact of the Peer-to-Peer (P2P) paradigm on content distribution applications has been proved successful and efficient, when participants cooperation is achieved. Conversely, the business model is not clear: given a copy-protected object, its owner must be paid back for each transaction taking place from a provider to a receiver. The P2P paradigm assumes that a receiver turns into a provider, but it is questionable why she/he should provide properly the content, if the owner wants to be reimbursed. Actual systems introduce fairness, giving incentives (e.g., a differential service, like in BitTorrent) to altruistic peers, with the consequence that the owner of an object is economically damaged everyday. Hence, music and film industry sees P2P techniques as a hostile framework for distributing copy protected content for free: today’s answer of the industry is investing in DRM-based solutions, that are not interoperable between different devices and players. In this paper, we present FairPeers, a P2P market framework, that joins a straightforward intellectual property protection and a fair economic model by maintaining the efficiency typical of P2P file sharing systems. The study is completed with an exhaustive security analysis, and the description of a prototype implementation that shows that the P2P paradigm is mature enough to present to the broadest community new revenue models, simply using available tools and state-of-the-art techniques.