Visible to the public Biblio

Filters: Author is Giaretta, Alberto  [Clear All Filters]
2020-01-20
Giaretta, Alberto, Dragoni, Nicola, Massacci, Fabio.  2019.  Protecting the Internet of Things with Security-by-Contract and Fog Computing. 2019 IEEE 5th World Forum on Internet of Things (WF-IoT). :1–6.

Nowadays, the Internet of Things (IoT) is a consolidated reality. Smart homes are equipped with a growing number of IoT devices that capture more and more information about human beings lives. However, manufacturers paid little or no attention to security, so that various challenges are still in place. In this paper, we propose a novel approach to secure IoT systems that combines the concept of Security-by-Contract (S×C) with the Fog computing distributed paradigm. We define the pillars of our approach, namely the notions of IoT device contract, Fog node policy and contract-policy matching, the respective life-cycles, and the resulting S×C workflow. To better understand all the concepts of the S×C framework, and highlight its practical feasibility, we use a running case study based on a context-aware system deployed in a real smart home.

2019-05-08
Giaretta, Alberto, De Donno, Michele, Dragoni, Nicola.  2018.  Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot. Proceedings of the 13th International Conference on Availability, Reliability and Security. :22:1–22:8.
The rise of connectivity, digitalization, robotics, and artificial intelligence (AI) is rapidly changing our society and shaping its future development. During this technological and societal revolution, security has been persistently neglected, yet a hacked robot can act as an insider threat in organizations, industries, public spaces, and private homes. In this paper, we perform a structured security assessment of Pepper, a commercial humanoid robot. Our analysis, composed by an automated and a manual part, points out a relevant number of security flaws that can be used to take over and command the robot. Furthermore, we suggest how these issues could be fixed, thus, avoided in the future. The very final aim of this work is to push the rise of the security level of IoT products before they are sold on the public market.