Marco Benini

Risk assessment in practice: A real case study

The aim of this work is to evaluate the risk of an external attack to the network of our Department in the University. Thus, this work wants to complement the results in [M. Benini, S. Sicari, A mathematical framework for risk assessment, in: H. Labiod, M. Badra (Eds.), New Technologies, Mobility and Security, Signals and Communication, Springer-Verlag, May 2007, pp. 459-469] where a mathematical framework justifying our risk assessment method has been presented. Hence, this article describes a detailed account of our experience where the instruments, the techniques and the results are described and evaluated.

A Mathematical Framework for Risk Assessment

Risk assessment is an important step in the development of a secure system: its goal is to identify the possible threats to a system, their impact and, henceforth, to evaluate the connected risks. Although several systematic approaches have been developed to perform a risk assessment task, the current methodologies rely on the quantitative evaluations of experts in a substantial way. This paper addresses the problem of detaching the methodology results from the subjective judgements of experts, by formalising a risk assessment methodology in an appropriate mathematical framework that reduces the subjective aspects in experts’ evaluations

Virtuose, a VIRTual community open source engine for integrating civic networks and digital cities

This paper outlines the development of digital cities in Italy from 1994 to the present and then shows how this became the basis for the design principles of Virtuose. Virtuose may be termed communityware. It was conceived specifically for managing (local) virtual communities and drew inspiration from social as well as technological design concepts, using an open-environment philosophy. Virtuoses basic requirements and its essential design and implementation choices are presented, and a pragmatic example of its application is given. The paper also provides a specific description of how the messaging structure supports both publication and dialog.

Towards more secure systems: how to combine expert evaluations

In previous works [2, 4] we have introduced a formal risk assessment method and we have shown its mathematical properties. The method allows to model a system as a structured set of vulnerabilities, each one potentially depending on the others: the goal of the method is to consider the influence of the dependencies and, thus, to provide a global risk assessment. A crucial point is the use of order-based metrics to measure the exploitability of a threat: order-based metrics reduce the subjective aspects in the risk evaluation process. This work extends the previous ones by showing how to combine the risk evaluations performed by different experts whose degree of expertise may vary.

Algorithms and Their Explanations

By analysing the explanation of the classical heapsort algorithm via the method of levels of abstraction mainly due to Floridi, we give a concrete and precise example of how to deal with algorithmic knowledge. To do so, we introduce a concept already implicit in the method, the ‘gradient of explanations’. Analogously to the gradient of abstractions, a gradient of explanations is a sequence of discrete levels of explanation each one refining the previous, varying formalisation, and thus providing progressive evidence for hidden information. Because of this sequential and coherent uncovering of the information that explains a level of abstraction—the heapsort algorithm in our guiding example—the notion of gradient of explanations allows to precisely classify purposes in writing software according to the informal criterion of depth’, and to give a precise meaning to the notion of ‘concreteness’.

Representing Object Code

In this paper, a logical representation of object code programs is presented. The coding is particularly well-suited for mechanization, and it enjoys interesting properties with respect to some relevant approaches to program synthesis, program derivation and formal verification [FD93, LO94, KLO96, FLO97a, LO98]. The paper describes both the representation with its properties, and a tool which permits to translate object programs for the MC68000 microprocessor into the formalism of the ISABELLE logical framework.