Visible to the public Biblio

Filters: Author is Zannone, Nicola  [Clear All Filters]
2023-02-03
Kersten, Leon, Burda, Pavlo, Allodi, Luca, Zannone, Nicola.  2022.  Investigating the Effect of Phishing Believability on Phishing Reporting. 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). :117–128.
Phishing emails are becoming more and more sophisticated, making current detection techniques ineffective. The reporting of phishing emails from users is, thus, crucial for organizations to detect phishing attacks and mitigate their effect. Despite extensive research on how the believability of a phishing email affects detection rates, there is little to no research about the relationship between the believability of a phishing email and the associated reporting rate. In this work, we present a controlled experiment with 446 subjects to evaluate how the reporting rate of a phishing email is linked to its believability and detection rate. Our results show that the reporting rate decreases as the believability of the email increases and that around half of the subjects who detect the mail as phishing, have an intention to report the email. However, the group intending to report an email is not a subset of the group detecting the mail as phishing, suggesting that reporting is still a concept misunderstood by many.
ISSN: 2768-0657
2017-08-02
den Hartog, Jerry, Zannone, Nicola.  2016.  A Policy Framework for Data Fusion and Derived Data Control. Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control. :47–57.

Recent years have seen an exponential growth of the collection and processing of data from heterogeneous sources for a variety of purposes. Several methods and techniques have been proposed to transform and fuse data into "useful" information. However, the security aspects concerning the fusion of sensitive data are often overlooked. This paper investigates the problem of data fusion and derived data control. In particular, we identify the requirements for regulating the fusion process and eliciting restrictions on the access and usage of derived data. Based on these requirements, we propose an attribute-based policy framework to control the fusion of data from different information sources and under the control of different authorities. The framework comprises two types of policies: access control policies, which define the authorizations governing the resources used in the fusion process, and fusion policies, which define constraints on allowed fusion processes. We also discuss how such policies can be obtained for derived data.

2017-04-20
Egner, Alexandru Ionut, Luu, Duc, den Hartog, Jerry, Zannone, Nicola.  2016.  An Authorization Service for Collaborative Situation Awareness. Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy. :136–138.

In international military coalitions, situation awareness is achieved by gathering critical intel from different authorities. Authorities want to retain control over their data, as they are sensitive by nature, and, thus, usually employ their own authorization solutions to regulate access to them. In this paper, we highlight that harmonizing authorization solutions at the coalition level raises many challenges. We demonstrate how we address authorization challenges in the context of a scenario defined by military experts using a prototype implementation of SAFAX, an XACML-based architectural framework tailored to the development of authorization services for distributed systems.