Nino Vincenzo Verde

Review: Security in wireless ad-hoc networks - A survey

Pervasive mobile and low-end wireless technologies, such as radio-frequency identification (RFID), wireless sensor networks and the impending vehicular ad-hoc networks (VANETs), make the wireless scenario exciting and in full transformation. For all the above (and similar) technologies to fully unleash their potential in the industry and society, there are two pillars that cannot be overlooked: security and privacy. Both properties are especially relevant if we focus on ad-hoc wireless networks, where devices are required to cooperate - e.g. from routing to the application layer - to attain their goals. In this paper, we survey emerging and established wireless ad-hoc technologies and we highlight their security/privacy features and deficiencies. We also identify open research issues and technology challenges for each surveyed technology.

Analyzing Android Encrypted Network Traffic to Identify User Actions

Mobile devices can be maliciously exploited to violate the privacy of people. In most attack scenarios, the adversary takes the local or remote control of the mobile device, by leveraging a vulnerability of the system, hence sending back the collected information to some remote web service. In this paper, we consider a different adversary, who does not interact actively with the mobile device, but he is able to eavesdrop the network traffic of the device from the network side (e.g., controlling a Wi-Fi access point). The fact that the network traffic is often encrypted makes the attack even more challenging. In this paper, we investigate to what extent such an external attacker can identify the specific actions that a user is performing on her mobile apps. We design a system that achieves this goal using advanced machine learning techniques. We built a complete implementation of this system, and we also run a thorough set of experiments, which show that our attack can achieve accuracy and precision higher than 95%, for most of the considered actions. We compared our solution with the three state-of-the-art algorithms, and confirming that our system outperforms all these direct competitors.

Taming role mining complexity in RBAC

In this paper we address the problem of reducing the role mining complexity in RBAC systems. To this aim, we propose a three steps methodology: first, we associate a weight to roles; second, we identify user-permission assignments that cannot belong to roles with a weight exceeding a given threshold; and third, we restrict the role-finding problem to user-permission assignments identified in the second step. We formally show-the proofs of our results are rooted in graph theory-that this methodology allows role engineers for the elicitation of stable candidate roles, by contextually simplifying the role selection task. Efficient algorithms to implement our strategy are also described. Further, we discuss practical applications of our approach. Finally, we tested our methodology on real dataset. Results achieved confirm both the viability of our proposal and the analytical findings.

A new role mining framework to elicit business roles and to mitigate enterprise risk

Role-based access control (RBAC) allows to effectively manage the risk derived from granting access to resources, provided that designed roles are business-driven. Role mining represents an essential tool for role engineers, but existing techniques are not able to elicit roles with an associated clear business meaning. Hence, it is difficult to mitigate risk, to simplify business governance, and to ensure compliance throughout the enterprise. To elicit meaningful roles, we propose a methodology where data to analyze are decomposed into smaller subsets according to the provided business information. We introduce two indices, minability and similarity, that drive the decomposition process by providing the expected complexity to find roles with business meaning. The proposed methodology is rooted on a sound theoretical framework. Moreover, experiments on real enterprise data support its effectiveness.

Visual Role Mining: A Picture Is Worth a Thousand Roles

This paper offers a new role engineering approach to Role-Based Access Control (RBAC), referred to as visual role mining. The key idea is to graphically represent user-permission assignments to enable quick analysis and elicitation of meaningful roles. First, we formally define the problem by introducing a metric for the quality of the visualization. Then, we prove that finding the best representation according to the defined metric is a NP-hard problem. In turn, we propose two algorithms: ADVISER and EXTRACT. The former is a heuristic used to best represent the user-permission assignments of a given set of roles. The latter is a fast probabilistic algorithm that, when used in conjunction with ADVISER, allows for a visual elicitation of roles even in absence of predefined roles. Besides being rooted in sound theory, our proposal is supported by extensive simulations run over real data. Results confirm the quality of the proposal and demonstrate its viability in supporting role engineering decisions.

Epidemic data survivability in unattended wireless sensor networks

A recent research thread focused on Unattended Wireless Sensor Networks (UWSNs), that are characterized by the intermittent presence of the sink. An adversary can take advantage of this behavior trying to erase a piece of information sensed by the network before the sink collects it. Therefore, without a mechanism in place to assure data availability, the sink will not ever know that a datum has been compromised. In this paper, we adopt data replication to assure data survivability in UWSNs. In particular, we revisit an epidemic model and show that, even if the data replication process can be modelled as the spreading of a disease in a finite population, new problems that have not been discovered before arise: optimal parameters choice for the model do not assure the intended data survivability. The problem is complicated by the fact that it is driven by two conflicting parameters: On the one hand the flooding of the datum has to be avoided---due to the sensor resource constraints---, while on the other hand data survivability depends on the data replication rate. Using advanced probabilistic tools we achieve a theoretically sound result that assures at the same time: Data survivability, an optimal usage of sensors resources, and a fast and predictable collecting time. These results have been achieved in both the full visibility and the geometrical model. Finally, extensive simulation results support our findings.

Mining Stable Roles in RBAC

In this paper we address the problem of generating a candidate role-set for an RBAC configuration that enjoys the following two key features: it minimizes the administration cost; and, it is a stable candidate role-set. To achieve these goals, we implement a three steps methodology: first, we associate a weight to roles; second, we identify and remove the user-permission assignments that cannot belong to a role that have a weight exceeding a given threshold; third, we restrict the problem of finding a candidate role-set for the given system configuration using only the user-permission assignments that have not been removed in the second step—that is, user-permission assignments that belong to roles with a weight exceeding the given threshold. We formally show—proof of our results are rooted in graph theory—that this methodology achieves the intended goals. Finally, we discuss practical applications of our approach to the role mining problem.

ABBA: adaptive bicluster-based approach to impute missing values in binary matrices

Missing values frequently pose problems in binary matrices analysis since they can hinder downstream analysis of the datasets. Despite the presence of many imputation methods that have been developed to substitute missing values with estimated values, these available techniques have some common disadvantages: they need to fix some parameters (e.g., number of patterns, number of rows to consider) to estimate missing values---with little theoretical support to determine these parameters---; and, missing values need to be recomputed from scratch as parameters change. In this paper we propose a novel algorithm (ABBA: Adaptive Bicluster-Based Approach) that does not have the above limitations. Further, a formal framework that justifies the rationales behind ABBA is detailed. Finally, experimental results over both synthetic and real data confirm the viability of our approach and the quality of the results, that overcomes the ones achieved by the main competing algorithm (KNN).

A Probabilistic Bound on the Basic Role Mining Problem and Its Applications

The aim of this paper is to describe a new probabilistic approach to the role engineering process for RBAC. We address the issue of minimizing the number of roles, problem known in literature as the Basic Role Mining Problem (basicRMP). We leverage the equivalence of the above issue with the vertex coloring problem. Our main result is to prove that the minimum number of roles is sharply concentrated around its expected value. A further contribution is to show how this result can be applied as a stop condition when striving to find out an approximation for the basicRMP. The proposal can be also used to decide whether it is advisable to undertake the efforts to renew a RBAC state. Both these applications can result in a substantial saving of resources. A thorough analysis using advanced probabilistic tools supports our results. Finally, further relevant research directions are highlighted.

Role engineering: from theory to practice

Role Based Access Control (RBAC) is the de facto standard in access control models, and is widely used in many applications and organizations of all sizes. However, the task of finding an appropriate set of roles, called role engineering, remains the most challenging roadblock to effective deployment. In recent years, this problem has attracted a lot of attention, with several bottom-up approaches being proposed, under the field of role mining. However, most of these theoretical approaches cannot be directly applied to large scale datasets, which is where they are most necessary. Therefore, in this paper, we look at how to make role mining practical and usable for actual deployment. We propose a six steps methodology that makes role mining scalable without sacrificing on utility and is agnostic to the actual role mining technique used. The experimental evaluation validates the viability of our approach.