Papers by Fabrizio Baiardi
ARIS2, Apr 15, 2024
The Multilevel Database Decomposition Framework is a cybersecurity strategy to enhance system rob... more The Multilevel Database Decomposition Framework is a cybersecurity strategy to enhance system robustness and minimize the impact of data breaches with a focus on healthcare systems. With respect to more conventional normalization methods, the framework prioritizes robustness against cyber threats over mere data redundancy reduction. The key strategy of the framework is the decomposition of a database into smaller databases to restrict user access and mitigate the impact of successful intrusions by satisfying the least privilege principle in a more complete way. For this purpose, each database the decomposition produces is uniquely associated with a set of users and the decomposition ensures that each user can access all and only the data his/her operations need. This limits the potential impact of threat agents impersonating users to the information a compromised user can access. To prevent the propagation of an intrusion across the databases it produces, the framework can apply alternative allocation strategies by distributing the databases to distinct virtual or physical entities according to the security requirement of the original application. This flexibility in allocation management ultimately reinforces defenses against evolving cyber threats and it is the main advantage of the deposition. As a counterpart of better robustness, some tables will be replicated across the databases the decomposition returns and updates of these tables should be properly replicated to prevent inconsistencies among copies of the same table in distinct databases. The paper includes a performance analysis to evaluate the overheads associated with the alternative allocations. This offers insights into the framework implementation and adaptability to distinct security needs and to evaluate the framework effectiveness for healthcare data systems.
Risk management is a process that includes several steps, from vulnerability analysis to the form... more Risk management is a process that includes several steps, from vulnerability analysis to the formulation of a risk mitigation plan that selects countermeasures to be adopted. With reference to an information infrastructure, we present a risk management strategy that considers a sequence of hierarchical models, each describing dependencies among infrastructure components. A dependency exists any time a security related attribute of a component depends upon the attributes of other components. We discuss how this notion supports the formal definition of risk mitigation plan and the evaluation of the infrastructure robustness. A hierarchical relation exists among models that are analyzed because each model increases the level of details of some components in a previous one. Since components and dependencies are modeled through a hypergraph, to increase the model detail level, some hypergraph nodes are replaced by more and more detailed hypergraphs. We show how critical information for the assessment can be automatically deduced from the hypergraph and define conditions that determine cases where a hierarchical decomposition simplifies the assessment. In these cases, the assessment has to analyze the hypergraph that replaces the component rather than applying again all the analyses to a more detailed, and hence larger, hypergraph. We also show how the proposed framework supports the definition of a risk mitigation plan and discuss some indicators of the overall infrastructure robustness. Lastly, the development of tools to support the assessment is discussed.
IEEE Security & Privacy, 2019
IFAC Proceedings Volumes, Oct 1, 1985
Implementation of atomic actions by means of constructs is discussed. It is shown that several tr... more Implementation of atomic actions by means of constructs is discussed. It is shown that several trade-offs reliability may be obtained when an atomic action is defined of constructs and not as an elementary one. concurrent programming between performance and through the composition Several alternative implementations are then discussed with reference to the ECSP concurrent language. Emphasis is placed on process structuring, parallel activation and termination.
2023 IEEE 12th International Conference on Communication Systems and Network Technologies (CSNT)
Advanced Information Networking and Applications, 2020
Trust and risk issue in distributed environments represent today an important research topic. Acc... more Trust and risk issue in distributed environments represent today an important research topic. Access Control Systems are mainly used in security to control access to resources. Access control policies are used to express the rights of users to access resources. In this paper, the Blockchain is used as a tool for location-aware Role-based access control system to provide dynamic and auditable access control policies. In the proposed approach, user-role relationships are publicly visible on the Blockchain. On the other hand, the resource owners send transactions to the Blockchain to manage the relationship between roles and permissions. The location server is associated with an Ethereum account which monitors the location information of the users and dynamically changes the active role of the user by sending transaction to the LRBAC smart contract. The proposed approach achieves auditability, preventing the data provider or third parties from falsely denying the access rights granted by RBAC policies. We deployed the RBAC smart contract on the Ethereum Rinkeby testnet and the experimental results show that the proposed approach is feasible.
Proceedings of the Future Technologies Conference (FTC) 2021, Volume 1, 2021
International Conference on Critical Infrastructure Protection, 2009
Journal of Parallel and Distributed Computing, 2020
Online Social Networks (OSNs) represent today a big communication channel where users spend a lot... more Online Social Networks (OSNs) represent today a big communication channel where users spend a lot of time to share personal data. Unfortunately, the big popularity of OSNs can be compared with their big privacy issues. Indeed, several recent scandals have demonstrated their vulnerability. Decentralized Online Social Networks (DOSNs) have been proposed as an alternative solution to the current centralized OSNs. DOSNs do not have a service provider that acts as central authority and users have more control over their information. Several DOSNs have been proposed during the last years. However, the decentralization of the social services requires efficient distributed solutions for protecting the privacy of users. During the last years the blockchain technology has been applied to Social Networks in order to overcome the privacy issues and to offer a real solution to the privacy issues in a decentralized system. However, in these platforms the blockchain is usually used as a storage, and content are public. In this paper, we propose a manageable and auditable access control framework for DOSNs using blockchain technology for the definition of privacy policies. The resource owner uses the public key of the subject to define auditable access control policies using Access Control List (ACL), while the private key associated with the subject's Ethereum account is used to decrypt the private data once access permission is validated on the blockchain. We provide an evaluation of our approach by exploiting the Rinkeby Ethereum testnet to deploy the smart contracts. Experimental results clearly show that our proposed ACL-based access control outperforms the Attribute-based access control (ABAC) in terms of gas cost. Indeed, a simple ABAC evaluation function requires 280,000 gas, instead our scheme requires 61,648 gas to evaluate ACL rules.
Springer eBooks, 2006
Radiosity is a method to compute the global illumination of a scene characterized by high computa... more Radiosity is a method to compute the global illumination of a scene characterized by high computational requirements. To reduce this complexity, hierarchical radiosity decomposes the scene into a hierarchy of patches and computes the light exchange at different levels, according to the distance between patches and/or to the amount of light emitted by the patches. A distributed memory implementation of this hierarchical method has been developed through PIT, a problem independent library. PIT functions are defined in term of a distributed version of the tree representing the hierarchical decomposition. Experimental results confirm the effectiveness of this approach.
Uploads
Papers by Fabrizio Baiardi