Below you can find a list of my publications. Most of them are open access (green at least), accessible at the PDF link. The AIR link points to the paper entry in my university institutional repository.
The cloud computing has deeply changed how distributed systems are engineered, leading to the proliferation of ever-evolving and complex environments, where legacy systems, microservices, and nanoservices coexist. These services can severely impact on individuals’ security and safety, introducing the need of solutions that properly assess and verify their correct behavior. Security assurance stands out as the way to address such pressing needs, with certification techniques being used to certify that a given service holds some non-functional properties. However, existing techniques build their evaluation on software artifacts only, falling short in providing a thorough evaluation of the non-functional properties under certification. In this paper, we present a multi-dimensional certification scheme where additional dimensions model relevant aspects (e.g., programming languages and development processes) that significantly contribute to the quality of the certification results. Our multi-dimensional certification enables a new generation of service selection approaches capable to handle a variety of user’s requirements on the full system life cycle, from system development to its operation and maintenance. The performance and the quality of our approach are thoroughly evaluated in several experiments.
@article{AAB.TSC2023,author={Anisetti, Marco and Ardagna, Claudio A. and Bena, Nicola},journal={IEEE Transactions on Services Computing},title={Multi-Dimensional Certification of Modern Distributed Systems},year={2023},volume={16},number={3}}
Explainable Data Poison Attacks on Human Emotion Evaluation Systems Based on EEG Signals
Zhang, Zhibo,
Umar, Sani,
Hammadi, Ahmed Y. Al,
Yoon, Sangyoung,
Damiani, Ernesto,
Ardagna, Claudio A.,
Bena, Nicola,
and Yeun, Chan Yeob
The major aim of this paper is to explain the data poisoning attacks using label-flipping during the training stage of the electroencephalogram (EEG) signal-based human emotion evaluation systems deploying Machine Learning models from the attackers’ perspective. Human emotion evaluation using EEG signals has consistently attracted a lot of research attention. The identification of human emotional states based on EEG signals is effective to detect potential internal threats caused by insider individuals. Nevertheless, EEG signal-based human emotion evaluation systems have shown several vulnerabilities to data poison attacks. Besides, due to the instability and complexity of the EEG signals, it is challenging to explain and analyze how data poison attacks influence the decision process of EEG signal-based human emotion evaluation systems. In this paper, from the attackers’ side, data poison attacks occurring in the training phases of six different Machine Learning models including Random Forest, Adaptive Boosting (AdaBoost), Extra Trees, XGBoost, Multilayer Perceptron (MLP), and K-Nearest Neighbors (KNN) intrude on the EEG signal-based human emotion evaluation systems using these Machine Learning models. This seeks to reduce the performance of the aforementioned Machine Learning models with regard to the classification task of 4 different human emotions using EEG signals. The findings of the experiments demonstrate that the suggested data poison assaults are model-independently successful, although various models exhibit varying levels of resilience to the attacks. In addition, the data poison attacks on the EEG signal-based human emotion evaluation systems are explained with several Explainable Artificial Intelligence (XAI) methods including Shapley Additive Explanation (SHAP) values, Local Interpretable Model-agnostic Explanations (LIME), and Generated Decision Trees. And the codes of this paper are publicly available on GitHub.
@article{ZUHYDABY.ACCESS2023,author={Zhang, Zhibo and Umar, Sani and Hammadi, Ahmed Y. Al and Yoon, Sangyoung and Damiani, Ernesto and Ardagna, Claudio A. and Bena, Nicola and Yeun, Chan Yeob},journal={IEEE Access},title={Explainable Data Poison Attacks on Human Emotion Evaluation Systems Based on EEG Signals},year={2023},volume={11}}
Big Data Assurance: An Approach Based on Service-Level Agreements
Ardagna, Claudio A.,
Bena, Nicola,
Hebert, Cedric,
Krotsiani, Maria,
Kloukinas, Christos,
and Spanoudakis, George
Big data management is a key enabling factor for enterprises that want to compete in the global market. Data coming from enterprise production processes, if properly analyzed, can provide a boost in the enterprise management and optimization, guaranteeing faster processes, better customer management, and lower overheads/costs. Guaranteeing a proper big data pipeline is the holy grail of big data, often opposed by the difficulty of evaluating the correctness of the big data pipeline results. This problem is even worse when big data pipelines are provided as a service in the cloud, and must comply with both laws and users’ requirements. To this aim, assurance techniques can complete big data pipelines, providing the means to guarantee that they behave correctly, toward the deployment of big data pipelines fully compliant with laws and users’ requirements. In this article, we define an assurance solution for big data based on service-level agreements, where a semiautomatic approach supports users from the definition of the requirements to the negotiation of the terms regulating the provisioned services, and the continuous refinement thereof.
@article{ABHKKS.BD2023,author={Ardagna, Claudio A. and Bena, Nicola and Hebert, Cedric and Krotsiani, Maria and Kloukinas, Christos and Spanoudakis, George},title={Big Data Assurance: An Approach Based on Service-Level Agreements},journal={Big Data},year={2023},issue={3},volume={11}}
Rethinking Certification for Trustworthy Machine-Learning-Based Applications
Anisetti, Marco,
Ardagna, Claudio A.,
Bena, Nicola,
and Damiani, Ernesto
Machine learning (ML) is increasingly used to implement advanced applications with nondeterministic behavior, which operate on the cloud-edge continuum. The pervasive adoption of ML is urgently calling for assurance solutions to assess applications’ nonfunctional properties (e.g., fairness, robustness, and privacy) with the aim of improving their trustworthiness. Certification has been clearly identified by policy makers, regulators, and industrial stakeholders as the preferred assurance technique to address this pressing need. Unfortunately, existing certification schemes are not immediately applicable to nondeterministic applications built on ML models. This article analyzes the challenges and deficiencies of current certification schemes, discusses open research issues, and proposes a first certification scheme for ML-based applications.
@article{AABD.IC2023,author={Anisetti, Marco and Ardagna, Claudio A. and Bena, Nicola and Damiani, Ernesto},journal={IEEE Internet Computing},number={6},title={Rethinking Certification for Trustworthy Machine-Learning-Based Applications},volume={27},year={2023}}
On the Robustness of Random Forest Against Untargeted Data Poisoning: An Ensemble-Based Approach
Anisetti, Marco,
Ardagna, Claudio A.,
Balestrucci, Alessandro,
Bena, Nicola,
Damiani, Ernesto,
and Yeun, Chan Yeob
Machine learning is becoming ubiquitous. From finance to medicine, machine learning models are boosting decision/making processes and even outperforming humans in some tasks. This huge progress in terms of prediction quality does not however find a counterpart in the security of such models and corresponding predictions, where perturbations of fractions of the training set (poisoning) can seriously undermine the model accuracy. Research on poisoning attacks and defenses received increasing attention in the last decade, leading to several promising solutions aiming to increase the robustness of machine learning. Among them, ensemble-based defenses, where different models are trained on portions of the training set and their predictions are then aggregated, provide strong theoretical guarantees at the price of a linear overhead. Surprisingly, ensemble-based defenses, which do not pose any restrictions on the base model, have not been applied to increase the robustness of random forest models. The work in this paper aims to fill in this gap by designing and implementing a novel hash-based ensemble approach that protects random forest against untargeted, random poisoning attacks. An extensive experimental evaluation measures the performance of our approach against a variety of attacks, as well as its sustainability in terms of resource consumption and performance, and compares it with a traditional monolithic model based on random forest. A final discussion presents our main findings and compares our approach with existing poisoning defenses targeting random forests.
@article{AABBDY.TSUSC2023,author={Anisetti, Marco and Ardagna, Claudio A. and Balestrucci, Alessandro and Bena, Nicola and Damiani, Ernesto and Yeun, Chan Yeob},journal={IEEE Transactions on Sustainable Computing},title={On the Robustness of Random Forest Against Untargeted Data Poisoning: An Ensemble-Based Approach},year={2023},volume={8},number={4}}
International Conferences
Non-Functional Certification of Modern Distributed Systems: A Research Manifesto
Ardagna, Claudio A.,
and Bena, Nicola
In Proc. of IEEE SSE 2023,
Chicago, IL, USA,
Jul.
2023
The huge progress of ICT is radically changing distributed systems at their roots, modifying their operation and engineering practices and introducing new non-functional (e.g., security and safety) risks. These risks are amplified by the crucial role played by machine learning, on one side, and by the pervasive involvement of users in the system operation, on the other side. Certification techniques have been largely adopted to reduce the above risks, though the recent evolution of distributed systems towards cloud-edge, IoT, 5G, and machine learning severely hindered certification diffusion and quality. The need of new certification techniques that prove compliance of distributed systems against non-functional requirements arises and is often pushed by strict laws and regulations. In this paper, we envision a research manifesto for non-functional certification of modern distributed systems that paves the way for the wide adoption of certification in the real world, also in those domains where certification is not mandatory. Its ultimate goal is to lead to a trustworthy and adaptive ecosystem based on a cost-effective, non-functional certification, where modern system development, assessment, and management are not only ruled by functional requirements. The manifesto discusses the research challenges, a roadmap built on 6 research directions, and a concrete implementation timeline for the roadmap.
@inproceedings{AB.SSE2023,author={Ardagna, Claudio A. and Bena, Nicola},booktitle={Proc. of IEEE SSE 2023},title={Non-Functional Certification of Modern Distributed Systems: A Research Manifesto},year={2023},address={Chicago, IL, USA},month=jul}
Lightweight Behavior-Based Malware Detection
Anisetti, Marco,
Ardagna, Claudio A.,
Bena, Nicola,
Giandomenico, Vincenzo,
and Gianini, Gabriele
In Proc. of MEDES 2023,
Heraklion, Greece,
May.
2023
Modern malware detection tools rely on special permissions to collect data that can reveal the presence of suspicious software within a machine. Typical data that they collect for this task are the set of system calls, the content of network traffic, file system changes, and API calls. However, giving access to these data to an externally created program means granting the company that created that software complete control over the host machine. This is undesirable for many reasons. In this work, we propose an alternative approach for this task, which relies on easily accessible data, information about system performances (CPU, RAM, disk, and network usage), and does not need high-level permissions to be collected. To investigate the effectiveness of this approach, we collected these data in the form of a multivalued time series and ran a number of malware programs in a suitably devised sandbox. Then - to address the fact that deep learning models need large training sets - we augmented the dataset using a deep learning generative model (a Generative Adversarial Network). Finally, we trained an LSTM (Long Short Term Memory) network to capture the malware behavioral patterns. Our investigation found that this approach, based on easy-to-collect information, is very effective (we achieved 0.99 accuracy), despite the fact that the data used for training the detector are substantially different from the ones specifically targeted for this purpose. The real and synthetic datasets, as well as corresponding source code, are publicly available.
@inproceedings{AABGG.MEDES2023,author={Anisetti, Marco and Ardagna, Claudio A. and Bena, Nicola and Giandomenico, Vincenzo and Gianini, Gabriele},booktitle={Proc. of MEDES 2023},title={Lightweight Behavior-Based Malware Detection},year={2023},month=may,address={Heraklion, Greece},note={To appear}}
Continuous Certification of Non-Functional Properties Across System Changes
Anisetti, Marco,
Ardagna, Claudio A.,
and Bena, Nicola
Existing certification schemes implement continuous verification techniques aiming to prove non-functional (e.g., security) properties of software systems over time. These schemes provide different re-certification techniques for managing the certificate life cycle, though their strong assumptions make them ineffective against modern service-based distributed systems. Re-certification techniques are in fact built on static system models, which do not properly represent the system evolution, and on static detection of system changes, which results in an inaccurate planning of re-certification activities. In this paper, we propose a continuous certification scheme that departs from a static certificate life cycle management and provides a dynamic approach built on the modeling of the system behavior that reduces the amount of unnecessary re-certification. The quality of the proposed scheme is experimentally evaluated using an ad hoc dataset built on publicly-available datasets.
@inproceedings{AAB.ICSOC2023,author={Anisetti, Marco and Ardagna, Claudio A. and Bena, Nicola},booktitle={Proc. of ICSOC 2023},title={Continuous Certification of Non-Functional Properties Across System Changes},year={2023},date={2023-11/2023-12}}
Bridging the Gap Between Certification and Software Development
Ardagna, Claudio A.,
Bena, Nicola,
and Pozuelo, Ramon Martín
While certification is widely recognized as a means to increase system trustworthiness and reduce uncertainty in decision making, it faces severe challenges preventing a wider adoption thereof. Certification is not adequately planned and integrated within the development process, leading to suboptimal scenarios where certification introduces the need to further modify the developed system with high costs. We propose a methodology that bridges the gap between software development and certification processes. Our methodology automatically produces the certification requirements driving all steps of the development process, and maximizes the strength of certificates while taking costs under control. We formalize the above problem as a multi-objective mathematical program and solve it through a genetic algorithm. The proposed approach is tested in a real-world, cloud-based financial scenario at CaixaBank and its performance and quality is evaluated in a simulated scenario.
@inproceedings{ABP.ARES2022,author={Ardagna, Claudio A. and Bena, Nicola and de Pozuelo, Ramon Martín},booktitle={Proc. of ARES 2022},title={Bridging the Gap Between Certification and Software Development},year={2022},month=aug,address={Vienna, Austria}}
A DevSecOps-based Assurance Process for Big Data Analytics
Anisetti, Marco,
Bena, Nicola,
Berto, Filippo,
and Jeon, Gwanggil
In Proc. of IEEE ICWS 2022,
Barcelona, Spain,
Jul.
2022
Today big data pipelines are increasingly adopted by service applications representing a key enabler for enterprises to compete in the global market. However, the management of non-functional aspects of the big data pipeline (e.g., security, privacy) is still in its infancy. As a consequence, while functionally appealing, the big data pipeline does not provide a transparent environment, impairing the users’ ability to evaluate its behavior. In this paper, we propose a security assurance methodology for big data pipelines grounded on the DevSecOps development paradigm to increase trustworthiness allowing reliable security and privacy by design. Our methodology models and annotates big data pipelines with non-functional requirements verified by assurance checks ensuring requirements to hold along with the pipeline lifecycle. The performance and quality of our methodology are evaluated in a real walkthrough analytics scenario.
@inproceedings{ABBJ.ICWS2022,author={Anisetti, Marco and Bena, Nicola and Berto, Filippo and Jeon, Gwanggil},booktitle={Proc. of IEEE ICWS 2022},year={2022},title={A DevSecOps-based Assurance Process for Big Data Analytics},month=jul,address={Barcelona, Spain}}
Security Assurance in Modern IoT Systems
Bena, Nicola,
Bondaruc, Ruslan,
and Polimeno, Antongiacomo
In Proc. of IEEE VTC 2022-Spring,
Helsinki, Finland,
Jun.
2022
Modern distributed systems consist of a multi-layer architecture of IoT, edge, and cloud nodes. Together, they are revolutionizing our lives, bringing intelligence to existing processes (e.g., smart grids) and enabling novel, efficient and effective processes (e.g., remote surgery). This transition however does not come without drawbacks, due to the ever-increasing reliance on devices whose security and safety are, at least, questionable. In this context, research is in its infancy, struggling to adapt successful practices applied, for instance, in cloud systems. Security of modern IoT systems still relies on old-fashioned approaches, mostly static assessments considering only very specific parts of the target system, rather than assessing the system as a whole. In this paper, we put forward the idea of security assurance for IoT, as a higher-level assurance process evaluating the target system at different layers and different moments of its lifecycle, then implemented by a flexible assurance framework. The quality of our approach is evaluated in a real-world smart lighting system.
@inproceedings{BBP.VTC2022S,author={Bena, Nicola and Bondaruc, Ruslan and Polimeno, Antongiacomo},booktitle={Proc. of IEEE VTC 2022-Spring},title={{Security Assurance in Modern IoT Systems}},year={2022},month=jun,address={Helsinki, Finland}}
Towards an Assurance Framework for Edge and IoT Systems
Anisetti, Marco,
Ardagna, Claudio A.,
Bena, Nicola,
and Bondaruc, Ruslan
In Proc. of IEEE EDGE 2021,
Guangzhou, China,
Dec.
2021
Current distributed systems increasingly rely on hybrid architectures built on top of IoT, edge, and cloud, backed by dynamically configurable networking technologies like 5G. In this complex environment, traditional security governance solutions cannot provide the holistic view that is needed to manage these systems in an effective and efficient way. In this paper, we propose a security assurance framework for edge and IoT systems based on an advanced architecture capable to deal with 5G-native applications.
@inproceedings{AABB.EDGE2021,author={Anisetti, Marco and Ardagna, Claudio A. and Bena, Nicola and Bondaruc, Ruslan},booktitle={Proc. of IEEE EDGE 2021},title={Towards an Assurance Framework for Edge and IoT Systems},year={2021},month=dec,address={Guangzhou, China}}
An Assurance-Based Risk Management Framework for Distributed Systems
Anisetti, Marco,
Ardagna, Claudio A.,
Bena, Nicola,
and Foppiani, Andrea
In Proc. of IEEE ICWS 2021,
Chicago, IL, USA,
Sep.
2021
The advent of cloud computing and Internet of Things (IoT) has deeply changed the design and operation of IT systems, affecting mature concepts like trust, security, and privacy. The benefits in terms of new services and applications come at a price of new fundamental risks, and the need of adapting risk management frameworks to properly understand and address them. While research on risk management is an established practice that dates back to the 90s, many of the existing frameworks do not even come close to address the intrinsic complexity and heterogeneity of modern systems. They rather target static environments and monolithic systems thus undermining their usefulness in real-world use cases. In this paper, we present an assurance-based risk management framework that addresses the requirements of risk management in modern distributed systems. The proposed framework implements a risk management process integrated with assurance techniques. Assurance techniques monitor the correct behavior of the target system, that is, the correct working of the mechanisms implemented by the organization to mitigate the risk. Flow networks compute risk mitigation and retrieve the residual risk for the organization. The performance and quality of the framework are evaluated in a simulated industry 4.0 scenario.
@inproceedings{AABF.ICWS2021,title={An Assurance-Based Risk Management Framework for Distributed Systems},author={Anisetti, Marco and Ardagna, Claudio A. and Bena, Nicola and Foppiani, Andrea},booktitle={Proc. of IEEE ICWS 2021},year={2021},month=sep,address={Chicago, IL, USA}}
An Assurance Framework and Process for Hybrid Systems
Anisetti, Marco,
Ardagna, Claudio A.,
Bena, Nicola,
and Damiani, Ernesto
Security assurance is a discipline aiming to demonstrate that a target system holds some non/functional properties and behaves as expected. These techniques have been recently applied to the cloud, facing some critical issues especially when integrated within existing security processes and executed in a programmatic way. Furthermore, they pose significant costs when hybrid systems, mixing public and private infrastructures, are considered. In this paper, we present an assurance framework that implements an assurance process evaluating the trustworthiness of hybrid systems. The framework builds on a standard API-based interface supporting full and programmatic access to the functionalities of the framework. The process provides a transparent, non-invasive and automatic solution that does not interfere with the working of the target system. It builds on a Virtual Private Network (VPN)-based solution, to provide a smooth integration with target systems, in particular those mixing public and private clouds and corporate networks. A detailed walkthrough of the process along with a performance evaluation of the framework in a simulated scenario are presented.
@inproceedings{AABD.ICETE2020,author={Anisetti, Marco and Ardagna, Claudio A. and Bena, Nicola and Damiani, Ernesto},title={An Assurance Framework and Process for Hybrid Systems},booktitle={E-Business and Telecommunications},year={2021}}
Stay Thrifty, Stay Secure: A VPN-based Assurance Framework for Hybrid Systems
Anisetti, Marco,
Ardagna, Claudio,
Bena, Nicola,
and Damiani, Ernesto
In Proc. of SECRYPT 2020,
Lieusaint - Paris, France,
Jul.
2020
Security assurance provides a wealth of techniques to demonstrate that a target system holds some nonfunctional properties and behaves as expected. These techniques have been recently applied to the cloud ecosystem, while encountering some critical issues that reduced their benefit when hybrid systems, mixing public and private infrastructures, are considered. In this paper, we present a new assurance framework that evaluates the trustworthiness of hybrid systems, from traditional private networks to public clouds. It implements an assurance process that relies on a Virtual Private Network (VPN)-based solution to smoothly integrate with the target systems. The assurance process provides a transparent and non-invasive solution that does not interfere with the working of the target system. The performance of the framework have been experimentally evaluated in a simulated scenario.
@inproceedings{AABD.SECRYPT2020,author={Anisetti, Marco and Ardagna, Claudio and Bena, Nicola and Damiani, Ernesto},title={Stay Thrifty, Stay Secure: A VPN-based Assurance Framework for Hybrid Systems},booktitle={Proc. of SECRYPT 2020},year={2020},month=jul,address={Lieusaint - Paris, France}}
Other Publications
Location Information (Privacy of)
Ardagna, Claudio A.,
and Bena, Nicola
In Encyclopedia of Cryptography, Security and Privacy,
Jajodia, Sushil and Samarati, Pierangela and Yung, Moti (eds.),
2021
@inbook{AB.ECSP2021.LIP,author={Ardagna, Claudio A. and Bena, Nicola},editor={Jajodia, Sushil and Samarati, Pierangela and Yung, Moti},publisher={Springer Berlin Heidelberg},booktitle={Encyclopedia of Cryptography, Security and Privacy},title={Location Information (Privacy of)},year={2021}}
XML-Based Access Control Languages
Ardagna, Claudio A.,
and Bena, Nicola
In Encyclopedia of Cryptography, Security and Privacy,
Jajodia, Sushil and Samarati, Pierangela and Yung, Moti (eds.),
2021
@inbook{AB.ECSP2021.LIQ,author={Ardagna, Claudio A. and Bena, Nicola},editor={Jajodia, Sushil and Samarati, Pierangela and Yung, Moti},publisher={Springer Berlin Heidelberg},booktitle={Encyclopedia of Cryptography, Security and Privacy},title={XML-Based Access Control Languages},year={2021}}
Privacy-Aware Languages
Ardagna, Claudio A.,
and Bena, Nicola
In Encyclopedia of Cryptography, Security and Privacy,
Jajodia, Sushil and Samarati, Pierangela and Yung, Moti (eds.),
2021
@inbook{AB.ECSP2021.LIR,author={Ardagna, Claudio A. and Bena, Nicola},editor={Jajodia, Sushil and Samarati, Pierangela and Yung, Moti},publisher={Springer Berlin Heidelberg},booktitle={Encyclopedia of Cryptography, Security and Privacy},title={Privacy-Aware Languages},year={2021}}
