Security & Trust

Complex Systems

The unit develops cutting-edge security solutions for Complex and Heterogeneous systems. These include authentication and authorization mechanisms for Mobile, Application Programming Interface, Cloud/Edge computing, Internet of Things, and Distributed Ledger Technology.

Our focus: Design and tool development for

  • Access control policies in the cloud
  • Controlled information sharing (NATO: declarative Attribute-Based Access Control (ABAC) policy specification, model, and enforcement)
  • Securing MQTT-based environments

Related Publications

  • Tahir Ahmad, Umberto Morelli, Silvio Ranise
    Distributed Enforcement of Access Control policies in Intelligent Transportation System (ITS) for Situation Awareness
    In: 17th International Workshop on Frontiers in Availability, Reliability and Security (FARES2022) (DOI, news)
  • Stefano Berlato, Roberto Carbone, Umberto Morelli, Silvio Ranise
    End-to-End Protection of IoT Communications Through Cryptographic Enforcement of Access Control Policies
    In: Proceedings of the 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2022) (DOI, complementary material)
  • Umberto Morelli, Ivan Vaccari, Silvio Ranise, Enrico Cambiaso
    DoS Attacks in Available MQTT Implementations: Investigating the Impact on Brokers and Devices, and supported Anti-DoS Protections.
    In: The 5th International Workshop on Security and Forensics of IoT (IoT-SECFOR 2021) (complementary material, news)
  • Stefano Berlato, Marco Centenaro, Silvio Ranise
    Smart Card-Based Identity Management Protocols for V2V and V2I Communications in CCAM: a Systematic Literature Review
    In: IEEE Transactions on Intelligent Transportation Systems (T-ITS) (DOI, news)
  • Stefano Berlato, Roberto Carbone, Silvio Ranise
    Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment
    In: 18th International Conference on Security and Cryptography (SECRYPT 2021) (complementary material, news)
  • Tahir Ahmad, Umberto Morelli, Silvio Ranise
    Deploying Access Control Enforcement for IoT in the Cloud-Edge Continuum with the help of the CAP Theorem
    In: 25th ACM Symposium on Access Control Models And Technologies (SACMAT 2020) (news)
  • Marco Centenaro, Stefano Berlato, Roberto Carbone, Gianfranco Burzio, Giuseppe Faranda Cordella, Silvio Ranise, Roberto Riggio
    Security Considerations on 5G-Enabled Back-Situation Awareness for CCAM
    In: 3rd IEEE 5G World Forum (5GWF20) (news)
  • Stefano Berlato, Mariano Ceccato
    A Large-Scale Study on the Adoption of Anti-Debugging and Anti-Tampering Protections in Android Apps
    In: Journal of Information Security and Applications (JISA) (DOI, news)
  • Stefano Berlato, Roberto Carbone, Adam J. Lee, Silvio Ranise
    Exploring Architectures for Cryptographic Access Control Enforcement in the Cloud for Fun and Optimization
    In: 15th ACM ASIA Conference on Computer and Communications Security (ASIACCS 2020) (DOI, complementary material, news)
  • Andrea Palmieri, Paolo Prem, Silvio Ranise, Umberto Morelli, Tahir Ahmad
    MQTTSA: A Tool for Automatically Assisting the Secure Deployments of MQTT brokers
    In: IEEE SERVICES Workshop on Cyber Security & Resilience in the Internet of Things (IEEE SERVICES CSRIoT 2019) (DOI, news)
  • Tahir Ahmad, Silvio Ranise
    Validating Requirements of Access Control for Cloud-Edge IoT Solutions
    In: 11th International Symposium on Foundations & Practice of Security (FPS 2018) (DOI, news)
  • Tahir Ahmad, Umberto Morelli, Silvio Ranise, Nicola Zannone
    A Lazy Approach to Access Control as a Service (ACaaS) for IoT: An AWS Case Study
    In: 23rd ACM Symposium on Access Control Models And Technologies (SACMAT 2018) (DOI, news)
  • Umberto Morelli, Silvio Ranise
    Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud
    In: 32nd International Conference on ICT Systems Security and Privacy Protection (IFIPSEC 2017) (DOI, news)

Related Theses

  • Stefano Da Roit (Bachelor's Thesis, University of Trento, 2022)
    Automated Detection of DoS Attacks in MQTT 5.0 Brokers
    Supervisor: Silvio Ranise | Co-supervisor: Umberto Morelli
  • Alessandro Colombo (Bachelor's Thesis, University of Trento, 2022)
    Attribute Based Encryption for Advanced Data Protection in IoT with MQTT
    Supervisor: Silvio Ranise | Co-supervisors: Stefano Berlato, Roberto Carbone
  • Veronica Cristiano (Master's Thesis, University of Trento, 2021)
    Key Management for Cryptographic Enforcement of Access Control Policies in the Cloud: The CryptoAC use case
    Supervisor: Silvio Ranise | Co-supervisors: Roberto Carbone, Stefano Berlato
  • Lorenzo Bellesso (Postgraduate Thesis, University of Genoa, 2021)
    Implementazione di una soluzione di generazione e rilascio credenziali in ambito IoT fondata sull'uso della Carta d'Identità Elettronica (CIE)
    Supervisor: Silvio Ranise | Co-supervisor: Umberto Morelli
  • Tahir Ahmad (PhD Thesis, University of Genoa, 2020)
    Access Control for IoT: Problems and Solutions in the Smart Home (link)
    Supervisors: Alessandro Armando, Silvio Ranise
  • Carlotta Tagliaro (Bachelor's Thesis, University of Trento, 2019)
    Security and Performance tradeoffs in the Internet of Things
    Supervisor: Silvio Ranise | Co-supervisor: Umberto Morelli
    Awards: 4th place at thesis award "Innovare la sicurezza delle informazioni 2020", sponsored by CLUSIT
  • Stefano Berlato (Master's Thesis, University of Trento, 2019)
    A Pragmatic Approach to Handle "Honest But Curious" Cloud Service Providers: Cryptographic Enforcement of Dynamic Access Control Policies
    Supervisor: Silvio Ranise | Co-supervisor: Roberto Carbone
    Awards: 3rd place at thesis award "Innovare la sicurezza delle informazioni 2020", sponsored by CLUSIT
  • Enrico Donatoni (Bachelor's Thesis, University of Trento, 2018)
    Blockchain in Finance: a comparison of Ripple, Quorum and Corda
    Supervisor: Silvio Ranise | Co-supervisors: Umberto Morelli, Alessandro Tomasi
  • Damiano Sartori (Bachelor's Thesis, University of Trento, 2018)
    Attribute Based Access Control over a Hyperledger Fabric Network: An application for Electronic Health Records
    Supervisor: Silvio Ranise | Co-supervisors: Umberto Morelli, Alessandro Tomasi
  • Alessio Coletta (PhD Thesis, University of Trento, 2018)
    Specification-based Predictive Continuous Monitoring for Cyber Physical Systems with Unobservables (link)
    Supervisor: Alessandro Armando
  • Mirko Schicchi (Bachelor's Thesis, 2018)
    IOTA and the Internet of Things: A possible solution for autonomous driving vehicles
    Supervisor: Silvio Ranise | Co-supervisors: Umberto Morelli, Alessandro Tomasi