Trust, Security and Privacy RESEARCH UNIT
Trust, Security and Privacy RESEARCH UNIT
Trust, Security and Privacy RESEARCH UNIT
Spoke 1
DISE – Digital Sovereignty
Digital sovereignty entails capability of citizens, organizations and states to control their data, the usage of such data, the computations performed on them, and ensure that are compliant with business rules, laws, social norms, usability, privacy and/or other human, social, and legal (HSL) aspects.
DISE studies methods to extract knowledge and rules from data and then translate those into data sharing and computation usage policies, and to verify these policies and also assess their compliance. DISE designs mechanisms for data usage control enforcement for several scenarios such as iot, big data, cloud, etc. DISE studies economic aspects as understanding costs and incentives for data sharing, and the value of data sovereignty and interactions and conflict management between laws and market. DISE investigates data sovereignty and trust models by providing proper data sharing approaches and corresponding policies on derived data/algorithms.
Data are also instrumental to full situation awareness for threats to digital services. We need specific technologies for ensuring data sovereignty of cyber threat intelligence (CTI), providing data credibility and integrity, mandatory data routing and compliant data flow control
A main focus is on confidentiality and compliance of computations that should be done in agreement with laws, norms and standards, in particular for secure analytics: i) we research in privacy preserving computation, social behavior analysis, and analytics for malware/ransomware; ii) we research on full spectrum awareness of cyber and physical threats through proper data sharing and analysis; iii) we develop advanced testing approaches for access and usage control policies.
We plan Lab validation of methodologies/tools in at least ones of the possible scenarios as smart grids, social communities, transport or e-health.
Spoke 2
Humane: Holistic Support to Information Disorder
Partners: UniRoma1 (PI), CNR (M. Petrocchi, M. Fazzolari), UniVE, UniMI, IMT Lucca
The problem of information pollution on social and traditional media has reached a global scale and its impact is challenging to quantify. Information Disorder is a new term that holistically considers all the possible ways in which information can be manipulated (not only to harm).
The goal of HUMANE is to design, develop and test a publicly available toolkit to comprehensively tackle the problem of information disorder. HUMANE will be based on three pillars: 1) Analyze, 2) Detect, and 3) React. “Analyze” pillar aims to understand the causes and reveal the mechanisms with which the information gets polluted. Success will be the effective mapping of the phenomena and building an understanding of the main effects on Society. “Detect” pillar aims at developing, using AI technologies, a set of tools to automate the discovery of potential problems and threats. We will build fact-checking and verification tools, and also “authenticity engines”, to increase the awareness and trust on the information people see online. Success will be measured by analyzing the performance of AI algorithms on a set of data collected and explicitly labeled in this pillar. “React” will be responsible for finding mitigation strategies by minimizing the impact of echo chambers: feed and search custom algorithms, diversify exposure to different people and views, and allow users to consume information privately. The success of this pillar will be evaluated by measuring the effect of these mitigation strategies on controlled communities on social media platforms.
HUMANE users will be able to shed light on the causes and mechanisms that lead to information pollution; they will benefit from a non-polarized information ecosystem; they will benefit from tested solutions to mitigate information disorder phenomena.
The research areas involved in this project will be Social and Web Analytics, Cybersecurity, Complex Systems, Data Science, AI, IR, NLP, Human Computation, and Social and Political Sciences.
Spoke 5
STRIDE: Secure and TRaceable Identities in Distributed Environments
The distributed nature of cyberspace requires secure remote interactions between entities. One of the main goals to reach is to support the secure, protected, and accountable identification of entities and actions. The focus of this project is then entity and action identification in the most general meaning, thus ranging from objects to humans, across physical and virtual domains. In this scenario, many security mechanisms, technologies, and services are involved, depending on the nature of the distributed environment, the type of entities, the domains where interactions are executed (from the physical world to the virtual environments), and the aimed goals (e.g., verifiability degree, capability of secure association with other attributes, traceability, anonymity degree, etc.). Concerning mechanisms, the project will focus on cryptographic mechanisms, with a specific attention toward post-quantum cryptography. Regarding technologies, STRIDE will focus also on distributed ledger technologies (DLT), blockchain and smart contracts. Concerning services, evolutionary changes and challenges for secure and traceable digital identity will be considered such as anonymous identity, identity protection in distributed environments, self-sovereign identity, process tracing, etc.
Spoke 7
SCAR- Securing the third millennium’s cyber-CARs (PI)
The Supercar managed by KITT and driven by Michael Knight is increasingly real. Our cars are connected (to make payments, receive live traffic info, use SW apps), intelligent (driving style tips, routes and fuel consumption optimization) and configurable to the driver’s personal data (account data and seat preferences, climate control, infotainment). While Supercar was unique, all modern cars are connected to the Internet, to each other and to a series of dedicated nodes, thus exposing a large attack surface to diverse and insidious threats.
SCAR’s concept is to manage and solve these threats through the definition and prototyping of innovative and intelligent enabling technologies for the security of modern cars in their ecosystem, in compliance with automotive standards, such as, ISO/SAE 21434-24089, UNECE WP29 R155, R156, and with driver’s right to privacy on the data generated within the driver experience (GDPR).
SCAR aims at prototyping, verifying and validating innovative and intelligent technologies for both Hardware and Software security of modern cars in their ecosystem, while respecting current standards, privacy rights and legal aspects.