Category Archives: News

19/09/2019 – Talk by Euripdes Markou

Title: Exploring Graphs with Time Constraints by Unreliable Collections of Mobile Robots
Time: 15:15
Location: Acadia Lab, Building Zeta
Type: Research talk
Speaker:  Euripdes Markou
Abstract: 
A graph environment must be explored by a collection of mobile robots. Some of the robots, a priori unknown, may turn out to be unreliable. The graph is weighted and each node is assigned a deadline. The exploration is successful if each node of the graph is visited before its deadline by a reliable robot. The edge weight corresponds to the time needed by a robot to traverse the edge. Given the number of robots which may crash, is it possible to design an algorithm, which will always guarantee the exploration, independently of the choice of the subset of unreliable robots by the adversary? We find the optimal time, during which the graph may be explored. Our approach permits to find the maximal number of robots, which may turn out to be unreliable, and the graph is still guaranteed to be explored.
We concentrate on line graphs and rings, for which we give positive results. We start with the case of the collections involving only reliable robots. We give algorithms finding optimal times needed for exploration when the robots are assigned to fixed initial positions as well as when such starting positions may be determined by the algorithm. We extend our consideration to the case when some number of robots may be unreliable. Our most surprising result is that solving the line exploration problem with robots at given positions, which may involve crash-faulty ones, is NP-hard. The same problem has polynomial solutions for a ring and for the case when the initial robots’ positions on the line are arbitrary. The exploration problem is shown to be NP-hard for star graphs, even when the team consists of only two reliable robots.

25/09/2018 – Talk by Aad van Moorsel

Title: Benchmarks and Models for Blockchain
Time: 12:30
Location: Room A, Building Zeta
Type: Research talk
Speaker:  Aad Van Moorsel
Abstract:  Blockchain is a highly popular paradigm for non-centralized applications, especially in finance and trade. Performance is a major challenge for blockchains, since consensus approaches are known not to scale. In this presentation we address blockchain performance, from the perspective of model-based prediction as well as benchmark-based assessment. We introduce blockchains and illustrate the main performance issues. We present research results about smart contracts in the Ethereum blockchain and discuss the requirements for generic benchmarks for blockchain performance.
Author bio: Aad van Moorsel is a Professor at the School of Computing in Newcastle University. He worked in industry from 1996 until 2003, first as a researcher at Bell Labs/Lucent Technologies in Murray Hill and then as a research manager at Hewlett-Packard Labs in Palo Alto, both in the United States. He got his PhD in computer science from Universiteit Twente in The Netherlands (1993) and has a Masters in mathematics from Universiteit Leiden, also in The Netherlands. After finishing his PhD he was a postdoc at the University of Illinois at Urbana-Champaign, Illinois, USA, for two years. He is the author of over 100 peer-reviewed research papers, and holds three US patents. His research group at Newcastle University conducts research in security, privacy and trust, with applications in payment, blockchain and smart systems. The group’s research all contains elements of quantification, be it through system measurement, predictive modelling or on-line adaptation.

03/07/2018 – Talk by Frank Piessens

Title: Hardware support for software security
Time: 11:00
Location: Meeting room, Building Zeta
Type: Research talk
Speaker:  Frank Piessens
Abstract: Software is one of the main weak links in the security of our ICT infrastructure. For many high-profile attacks, the exploitation of software vulnerabilities is a key ingredient of the attack. The first part of this presentation will survey some of the attacker models under which one can study the security of software, and will discuss how the most recent attack techniques rely on specific hardware features. Hence, the question of how to design hardware to support software security is a practically relevant and challenging research question. Both industry and academia are re-considering how hardware can assist in guaranteeing the security of software-based systems. The second part of the talk will zoom in on one class of such new hardware designs: capability-based processors. The study of capability based protection mechanisms is decades old, but has seen a significant revival over the past years. A representative recent design is the Cambridge CHERI processor. The talk will give an informal overview of our ongoing investigation of the formal security properties of compilers and system software for such capability based processors.
Bio: Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium. His research field is software security, where he focuses on the development of high-assurance techniques to deal with implementation-level software vulnerabilities and bugs, including techniques such as software verification, run-time onitoring, hardware security architectures, type systems and programming language design. He studies the theory behind these techniques as well as their application in many types of software systems, including web applications, embedded software, and mobile applications. He has published over 200 scientific papers on these topics. Frank has served on the program committee of numerous security and software conferences including ACM CCS, Usenix Security, IEEE Security & Privacy, and ACM POPL. He acted as rogram chair for the International symposium on Engineering Secure Software and Systems (ESSOS 2014 & 2015), for the International Conference on Principles of Security and Trust (POST 2016) and for the IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019).

CISPA – Meeting 10/10/2017, 10:30

CISPA SEMINARS

When: Tuesday 10 October, at 10:30 in the morning
Where: Università Ca’ Foscari, Via Torino, 155 – 30170 Venezia Mestre Sala Conferenze del campus scientifico

First seminar:
Speaker: Dr. Giancarlo Pellegrino, Research Group Leader at CISPA
Title: Automated Vulnerability Analysis for Modern Application Software
Abstract:The complexity and pervasiveness of application software are growing rapidly. Nowadays, application software encompasses multiple devices, e.g., mobile and IoT,  and web services to perform operations ranging from online shopping and managing household appliances to controlling manufacturing processes. Like any other programs, application software has vulnerabilities that, when exploited,  can be used for financial fraud, stealing confidential data, and industrial espionage. Unfortunately, existing automated vulnerability analysis techniques are inadequate to tackle the complexity reached by these programs, thus leaving them exposed to attackers. My main research topic intends to stop this emerging trend and lay the foundation for the next-generation automated vulnerability analysis techniques. This talk focuses on the detection power and attack surface coverage challenges and presents two recent advances in the field. The first part of the talk presents Deemon, a tool that combines dynamic analysis and property graphs to mine Cross-Site Request Forgery, a long-neglected severe vulnerability. The second part of the talk presents jAEk, a new generation web application crawler that uses JavaScript dynamic analysis to increase the covered attack surface of web applications by 80%.
Short bio: Giancarlo Pellegrino is currently a research group leader at CISPA. His main research interests include all aspects of application security especially web security and automated vulnerability analysis. He has been selected for the CISPA-Stanford Center for Cybersecurity, and he will be soon appointed to a visiting assistant professor at Stanford University. Prior to that, Giancarlo was a postdoctoral researcher at CISPA and TU Darmstadt, Germany. During his doctoral stud- ies, Giancarlo was a member of the S3 group at EURECOM, in France, under the supervision of Prof. Davide Balzarotti. Until August 2013, he was a researcher associate in the “Security and Trust” research group at SAP SE.
Contact: gpellegrino@cispa.saarland

Second seminar:

Speaker: Sandra Strohbach, Dr. Giancarlo Pellegrino
Title: CISPA – One of Europe’s leading research sites of IT security
Abstract: The public presentation offers an overview of the Center for IT security, Privacy, and Accountability – CISPA located on the Saarland Informatics Campus in Saarbrücken, Germany. Founded in 2011, CISPA has become an important address of IT security and privacy.
You can learn more about the different research areas, excellent education programmes, and career opportunities. The examples of current research projects provide an insight into our daily work.
Short bio:  After her studies in translation science, Sandra Strohbach did her PhD in applied linguistics at Saarland University. At the same time, she worked as research assistant and lecturer in the department of Romanic languages. Since 2010, Sandra Strohbach has worked in the field of science management. She is an expert in the field of funding programmes and international cooperation as well as strategic development. She joined CISPA in 2017 and coordinates na- tional and international projects, among them the CISPA-Stanford Center for Cybersecurity.

Contact: strohbach@cispa.saarland

 

CISPA MEETING

One of Europe’s leading research sites for IT security

When: Tuesday 10 October, at 12.30 in the afternoon
Where: Università Ca’ Foscari, Via Torino, 155 – 30170 Venezia Mestre Sala Conferenze del campus scientifico

What to expect:

  • Insight into the CISPA goals
  • High Level Study courses and exchange programmes
  • Excellent Research environment
  • Various job opportunities for qualified individuals

 

 

Project “Formal Specification for Secured Software System” has been approved!

The project entitled “Formal Specification for Secured Software System” has been approved for funding. We would like to congratulate prof. Agostino Cortesi who is the Italian principal investigator and prof. Nabendu Chaki who is the Indian principal investigator. The objective of the project is to investigate whether security policies of a (possibly safety critical) system could be integrated into the formal requirement specification using formal methods, in order to detect ambiguities and inconsistencies within the specification phase in Software development life-cycle. The funding will cover the costs of researchers’ mobility between India and Italy.

Best Paper Award Valuetools 2016

The paper entitled:
“Fair workload distribution for multi-server systems with pulling strategies”
authored by Andrea Marin and Sabina Rossi has been awarded with the “best paper award” at Valuetools 2016.

Congratulations to the authors!

27/04/2016 – Tutorial day

Tutorial day

The ACADIA research centre organisms a tutorial day on hot topics in computer science.
Date: 27/04/2016
Location: Conference room, building Alpha, Scientific campus

Program:

– 11:00-13:00  Dale Miller (Ecole Polytechnique, Paris, France): “Communicating and trusting formal proofs”

– 14:00-17:00 Young Im Cho (Gachon Univ., Seoul, Korea): “Intelligent IoT Platforms for Smart City”

Abstract 1 (Communicating and trusting formal proofs)

In the mist of feeling insecure with our electronic communications, we can take solace in the advice that we can “trust the math” behind cryptography. Faced with concerns over the safety of fly-by-wire planes and self-driving cars, we should be able to find solace in the fact that some parts of our safety critical systems have been proved formally correct: that is, we should be able to “trust the proof”. The
way formal proofs are built today, however, makes trusting them difficult. While proof assistants are used to build formal proofs, those proofs are often locked to that assistant. Formal proofs produced by one proof assistant cannot usually be checked and trusted by another proof assistant nor by a future version of itself. Thus, one of the components of the scientific method that ensures trust-reproducibility – is missing from proof checking.
The field of proof theory, as initiated by Gentian in the 1930’s, has identified a great deal of structure in formal proofs. Given recent developments in this topic, it is now possible to apply what we know
about proofs in theory to what we would like to have for proofs in practice. To that end, I will present the Foundational Proof Certificates framework for defining the semantics of proof evidence.
Since such definitions are executable, it is possible to build proof checkers that can check a wide range of formal proofs. In this scheme, the logic engine that executes such definitions is the only thing that needs to be trusted. Since such a logic engine is based on well-known computational logic topics, anyone can write a logic engine in their choice of programming language and hardware in order for them to build a checker they can trust. I will also overview some of the consequences of defining proofs in this manner: provers can become networked far more richly than they are currently and both libraries and marketplaces of proofs are enabled in a technology independent
fashion.

 

Abstract 2 (Intelligent IoT Platforms for Smart City)

Machine-to-Machine communications (M2M) is a phenomenon that has been proceeding quietly in the background, and it is coming into the phase where explosion of usage scenarios in businesses will happen. Sensors, actuators, RFID/NFC tags, vehicles, and intelligent machines all have
the ability to communicate. The number of M2M connections is continuously increasing, and it has been predicted to see billions of machines interconnected in a near future. M2M applications provide
advantages in various domains from building, energy, healthcare, industrial, transportation, retail, security to environmental services. This fast-growing ecosystem is leading M2M towards a promising future, however M2M market expansion opportunities are not straight forward.
M2M is suffering from the highly fragmented vertical domain specific approach, which has increased the R&D cost in each specific domain. In fact, various vertical M2M solutions have been designed independently and separately for different applications, which inevitably impacts or even impedes large-scale M2M deployment. The existence of multiple manufacturers, the lack of a common M2M Service Capability Layer and no clarity about what can be achieved have all combined to leave the field of M2M communications closer to dream than reality.
To reduce the standardization gap which exist between M2M domains, the ETSI Technical committee M2M defined an end to end M2M service platform with the intermediate service layer that are key components of the horizontal M2M solution. This standards based platform follows a RESTful approach with open interfaces to enable developing services and applications independently of the underlying network, thus easing the deployment of vertical applications for an effective interoperability, and facilitating innovation across industries.
The following topics will be covered by the tutorial:
– IoT basics
– Smart City basics
– IoT international platform focusing on OneM2M reference model
– Components and model description for IoT platform
– Examples in detail
– Case studies and demonstration etc.

6 open fully funded PhD positions in Computer Science. Deadline: April, 21st

Ca’ Foscari University, Venice, announces 6 open fully funded PhD position in Computer Science, one of which on the following specific subject:

– “Data Science”, funded by ZHAW (Zurich University of Applied Sciences) – School of Engineering (Switzerland). More information at http://www.zhaw.ch/datalab/teaching

PhD students will have the opportunity to do their work in one of the three well-established research centers:

– ACADIA (www.dais.unive.it/acadia)
– KIIS (www.dais.unive.it/kiis)
– Dhv (Digital Humanities Venice), in collaboration with EPF de Lausanne and Telecom Italia

The PhD students will be based in the modern scientific campus of Mestre (https://www.youtube.com/watch?v=QWTtdyHMu1A), reachable in only 10 minutes from Venice by public transportation. The campus is highly international with both Master and PhD courses completely held in English.

For more information please contact the program coordinator Prof. Riccardo Focardi (focardi@unive.it)

Application deadline is April, 21st 2016 1 PM (Italian time) and can be done on-line at:

– English: http://www.unive.it/nqcontent.cfm?a_id=173236
– Italian: http://www.unive.it/pag/7738/

See more info at this page

RuCTFE 2015 report

Yesterday the security gang of the University of Venice challenged the best hackers in the world in RuCTFE 2015, one of the most important information security competition. Despite some connectivity problems, at the end of a fierce battle we placed 12th out of 300, resulting once again the 1st Italian team.

Congratulations to out students and professors!

Cookies picture