Biblio

Filters: Author is Rak, M.  [Clear All Filters]
2018-04-04
Ficco, M., Venticinque, S., Rak, M..  2017.  Malware Detection for Secure Microgrids: CoSSMic Case Study. 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). :336–341.

Information and communication technologies are extensively used to monitor and control electric microgrids. Although, such innovation enhance self healing, resilience, and efficiency of the energy infrastructure, it brings emerging security threats to be a critical challenge. In the context of microgrid, the cyber vulnerabilities may be exploited by malicious users for manipulate system parameters, meter measurements and price information. In particular, malware may be used to acquire direct access to monitor and control devices in order to destabilize the microgrid ecosystem. In this paper, we exploit a sandbox to analyze security vulnerability to malware of involved embedded smart-devices, by monitoring at different abstraction levels potential malicious behaviors. In this direction, the CoSSMic project represents a relevant case study.

2017-03-08
Casola, V., Benedictis, A. D., Rak, M., Villano, U..  2015.  DoS Protection in the Cloud through the SPECS Services. 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC). :677–682.

Security in cloud environments is always considered an issue, due to the lack of control over leased resources. In this paper, we present a solution that offers security-as-a-service by relying on Security Service Level Agreements (Security SLAs) as a means to represent the security features to be granted. In particular, we focus on a security mechanism that is automatically configured and activated in an as-a-service fashion in order to protect cloud resources against DoS attacks. The activities reported in this paper are part of a wider work carried out in the FP7-ICT programme project SPECS, which aims at building a framework offering Security-as-a-Service using an SLA-based approach. The proposed approach founds on the adoption of SPECS Services to negotiate, to enforce and to monitor suitable security metrics, chosen by cloud customers, negotiated with the provider and included in a signed Security SLA.

Casola, V., Benedictis, A. D., Rak, M., Villano, U..  2015.  SLA-Based Secure Cloud Application Development: The SPECS Framework. 2015 17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC). :337–344.

The perception of lack of control over resources deployed in the cloud may represent one of the critical factors for an organization to decide to cloudify or not their own services. Furthermore, in spite of the idea of offering security-as-a-service, the development of secure cloud applications requires security skills that can slow down the adoption of the cloud for nonexpert users. In the recent years, the concept of Security Service Level Agreements (Security SLA) is assuming a key role in the provisioning of cloud resources. This paper presents the SPECS framework, which enables the development of secure cloud applications covered by a Security SLA. The SPECS framework offers APIs to manage the whole Security SLA life cycle and provides all the functionalities needed to automatize the enforcement of proper security mechanisms and to monitor userdefined security features. The development process of SPECS applications offering security-enhanced services is illustrated, presenting as a real-world case study the provisioning of a secure web server.