• Title: Distributed Enforcement of Access Control policies in Intelligent Transportation System (ITS) for Situation Awareness
• Author: Tahir Ahmad, Umberto Morelli, Silvio Ranise
• Abstract: Intelligent Transport Systems (ITS) are crucial to support Situation Awareness (SA), which aims to keep a safe and efficient driving experience. While promising, ITS use for SA brings several security challenges, including enforcing access control policies in distributed environments with stringent computational constraints in terms of availability, consistency, and latency. Consequently, traditional mechanisms used to enforce authorization policies cannot be reused off-the-shelf but need to be carefully adapted to the particular requirements and minimize the overhead of access control enforcement. In this paper, we propose a distributed architecture for access control enforcement for ITS capable of satisfying the requirements of SA scenarios based on the idea of dynamically compiling a high-level specification of access control policies (written in the Attribute-Based Access Control model) into a set of low-level Access Control Lists that are easier to enforce. We discuss how to realize it by reusing well-known techniques developed in the field of distributed systems. To evaluate the applicability of the proposed approach, we build a prototype that we use to conduct an experimental evaluation in the context of two practical use case scenarios.
• DOI: 10.1145/3538969.3543792

• Title: SoK: A Survey on Technological Trends for (pre)Notified eIDAS Electronic Identity Schemes
• Author: Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Silvio Ranise
• Abstract: The eIDAS Regulation aims to provide an interoperable European framework to enable EU citizens to authenticate and communicate with services of other Member States by using their national electronic identity. While a set of high-level requirements (e.g., related to privacy and security) are established to make interoperability among Member States possible, the eIDAS Regulation does not explicitly specify the technologies that can be adopted during the development phase to meet the requirements as mentioned earlier. This paper considers the technological trends of (pre)notified eIDAS electronic identity schemes used by Member States, and they satisfy the eIDAS regulation requirements. We do this by defining a set of research questions that allow us to investigate the correlations between different design dimensions such as security, privacy, and usability. Based on these findings, we provide a set of lessons learned that can be used by the security community to protect interoperable national digital identities more efficiently.
• DOI: 10.1145/3538969.3543817
• Complementary Material: Link

Involved People

Tahir Ahmad

Roberto Carbone

Umberto Morelli

Silvio Ranise

Matteo Ranzi

Giada Sciarretta

Amir Sharif