23/04/2014 – Talk by V-T. Hoang and M. Hussain

Title: Performance evaluation of TCP congestion control mechanisms ECN/RED and SAP-LAW in presence of UDP traffic
Time: 13:00
Location: Meeting room
Type: Research Result
Speaker: V-T. Hoang and M. Hussain
Abstract:

Internetworking often requires a large amount of users to share a common gateway to obtain the connectivity to the Internet. Congestion avoidance mechanisms are used to prevent the saturation of the gateway which represents a bottleneck of the system. The most popular congestion avoidance mechanisms are the Explicit Congestion Notification (ECN) and the Random Early Detection (ECN). Recently, a new method for the congestion avoidance has been proposed: the Smart Access Point with Limited Advertised Window (SAPLAW). The main idea is to hijack at the gateway the acknowledge packets in the TCP connections in order to artificially reduce the advertised destination window according to some bandwidth allocation policy. Therefore, the flux control mechanism is artificially exploited to control the congestion at the bottleneck. The advantage of this approach is that it does not drop any packet and does not require any modification in the TCP implementations at the clients. In this paper we propose stochastic models for the ECN/RED and SAP-LAW mechanisms in order to compare their performances under different scenarios. The models are studied in mean field regime, i.e., under a great number of TCP connections and UDP based transmissions while considering TCP greedy and temporary connection. in this paper we consider the presence of UDP traffic with bursts, and the case of not greedy TCP connections. The models for SAP-LAW are totally new. The comparison is performed in terms of different performance indices including average queue length, system throughput, expected waiting time.

 

 

16/04/2014 – Talk by Silvia Signorato

Title:  Le indagini informatiche nel procedimento penale: analisi, valutazioni, prospettive.
Time: 13:00
Location: Meeting room
Type: Research Result
Speaker: Silvia Signorato
Abstract:

Nell’attuale società globalizzata l’informatica permea ormai quasi ogni ambito del reale. Pressoché inevitabile, quindi, che pure la criminalità si avvalga dell’informatica per la commissione di reati. Al riguardo, si pensi solo a phishing, pedopornografia on line, diffamazioni commesse su social network, cyberstalking, adescamento di minori in Internet, violazione di diritto d’autore, istigazione on line al suicidio, in un crescendo di reati che non può non destare allarme sociale. 

A fronte della commissione di simili reati, anche le indagini penali divengono informatiche e sempre più spesso gli elementi di prova sono rappresentati da digital evidence.
Il seminario intende offrire un quadro introduttivo al tema delle indagini informatiche nel procedimento penale.
In tale ottica, anzitutto verranno tracciate le coordinate della disciplina vigente in materia; in secondo luogo, saranno esaminate le più rilevanti questioni giuridiche che derivano dall’impiego dell’informatica nell’ambito delle indagini penali; infine, verranno evidenziate le inedite prospettive delle investigazioni informatiche.

20/03/2014 – Talk by Paul-Andre Mellies

Title:  The free dialogue category with sums: an algebraic approach to game semantics
Time: 13:00
Location: Meeting room
Type: Research Result
Speaker: Paul-Andre Mellies (CNRS, Paris Diderot))
Abstract:
In this talk, I will give a direct combinatorial description of the free dialogue category with sums
as a category with dialogue games as objects and with innocent strategies as morphisms.
I will then explain how to apply this result in order to construct a functor from the category
of dialogue games and innocent strategies to the category of coherence spaces and cliques.
One obtains in this way another proof of the positionality theorem of innocent strategies,
which establishes moreover that the halting positions of an innocent strategy form a clique.

19/03/2014 – Talk by Andriana E. Gkaniatsou

Title:  Towards the automated analysis of low-level cryptographic protocols
Time: 13:00
Location: Meeting room
Type: Research Result
Speaker: Andriana E. Gkaniatsou (U. of Edinburgh)
Abstract:
In this talk we discuss the problem of the automated analysis of reversed engineered low-level cryptographic protocols. Such analysis is difficult, as most of such protocol implementations are proprietary and confidential.
Our proposal is to consider the analysis as an inference problem and use knowledge repair techniques to fix possible mismatches. We discuss our thoughts towards this problem, and some working examples based on real card implementations.

29/01/2014 – Talk by Mohammed Abbadi

Title:  Interoperability in Game Programming by Casanova Orchestration
Time: 14:00
Location: Meeting room
Type: Research Result
Speaker: Mohammed Abbadi
Abstract:

Making games is a complex field of application. The underlying of games, simulations, is particularly relevant in many fields: training, research prototypes, serious games, etc. We propose a cleanly designed language for building games. The language is based on the powerful semantic model known as “orchestration”.

Thanks to our language, building games become easier (less effort and less bugs) and thus more accessible.

 

24/01/2014 – Talk by Mauro Conti

Title:  Future Internet Security and Privacy (challenges)
Time: 14:00
Location: Meeting room
Type: Research Result
Speaker: Mauro conti
Abstract:

The Internet is an amazing success story, connecting hundreds of millions of users. However, in the last decade, there has been a growing realization that the current Internet Protocol is reaching the limits of its senescence. In fact, the way people access and utilize it has changed radically since the 1970-s when its architecture was conceived.
This has prompted several research efforts that aim to design potential next-generation Internet architectures. In particular, Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. CCN focuses on content distribution, which is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN.
NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats.

In this talk, we highlight the main security and privacy issues we identified in NDN. Then, as a representative case, we discuss interest flooding, a possible denial-of-service attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.

27/11/2013 – Talk by Stefano Calzavara

Title:  Formalizing and Enforcing Web Session Integrity
Time: 11:00
Location: Meeting room
Type: Research Result
Speaker: Stefano Calzavara
Abstract:
Enforcing protection at the browser side has recently become a popular approach for securing web authentication, even when web application developers do not follow recommended security guidelines. Though interesting, existing attempts in the literature only address specific classes of attacks, and thus fall short of providing robust foundations to reason on web authentication security. In this talk we provide such foundations, by introducing a novel notion of web session integrity, which allows us to capture many existing attacks and spot some new ones. We then discuss FF+, a security-enhanced model of a web browser that provides a full-fledged and provably sound enforcement of web session integrity. We leverage our theory to develop SessInt, a prototype extension for Google Chrome implementing the security mechanisms formalized in FF+.   SessInt provides a level of security very close to FF+, while keeping an eye at usability and user experience.

20/11/2013 – Talk by Wilayat Khan

Title:  Automatic and Robust Client-Side Protection for Cookie-Based Sessions
Time: 11:00
Location: Meeting room
Type: Research Result
Speaker: Wilayat Khan
Abstract:
Abstract: Session cookies constitute one of the primary attack targets
against client authentication on the Web, hence modern web browsers
implement native protection mechanisms for them based on the Secure
and HttpOnly flags. While there is a general understanding about the
effectiveness of these defences, no formal result has so far proved about
the security guarantees they convey.

In this work, we have provided the first such result, with a mechanized
proof of non-interference assessing the robustness of the Secure and
HttpOnly cookie flags against both web and network attacks. We have
mechanized the proofs using the interactive theorem prover Coq.
Furthermore, we have developed CookiExt, a browser extension
that provides client-side protection against session hijacking based on
appropriate flagging of session cookies and automatic redirection over
HTTPS for HTTP requests carrying such cookies. Our solution improves
over existing client-side defences by combining protection against both
web and network attacks, while at the same time being designed so as
to minimise its effects on the user’s browsing experience.

21/10/2013 – Talk by Mirko Pittaluga

Title: Background discrimination techniques using Artificial Neural Networks for the GERDA experiment.
Time: 10:30
Location: Meeting room
Type: Research Result
Speaker: Mirko Pittaluga - Università degli studi di Padova
Abstract:

GERDA is a research program that aims at observing a double beta decay, a nuclear rection with a deep physical interest, in Germanium. One of the challenges that must be addressed in the decay research is the background suppression, i.e., the suppression of all the possible external background causes and the discrimination of the detected signal between interesting signal and background. In this talk we show how Artificial Neural Networks (ANN) can be applied to address signal/background discrimination and discuss their benefits and limitations.

15/10/2013 – Talk by Euripides Markou

Title: Distributed Computing: An algorithmic theory framework for mobile agents and some interesting problems.
Time: 14:00
Location: Meeting room
Type: Tutorial
Speaker: Euripides Markou - University of Thessaly, Lamia, Greece
Abstract:

We focus on distributed algorithms for mobile agents. We define a mobile agent and discuss basic properties and models. We present some interesting problems in the area. We discuss advantages of using mobile agents as opposed to static agents and also discuss security issues. We focus on the gathering problem and present recent algorithms and related work.