A Tool for Improving Privacy in Software Development

Privacy is considered a necessary requirement for software development. It is necessary to understand how certain software vulnerabilities can create problems for organizations and individuals. In this context, privacy-oriented software development plays a primary role to reduce some problems that can arise simply from individuals’ interactions software applications, even when the data being processed is not directly linked to identifiable. The loss of confidentiality, integrity, or availability at some point in the data processing, such as data theft by external attackers or the unauthorized access or use of data by employees., represent some types of cybersecurity-related privacy events. Therefore, this research work discusses the formalization of 5 key privacy elements (Privacy by Design Principles, Privacy Design Strategies, Privacy Pattern, Vulnerabilities and Context) in software development and presents a privacy tool that supports developers’ decisions to integrate privacy and security requirements in all software development phases

La mobilità sostenibile nelle smart city: Prospettive, sfide e soluzioni

Le città di tutto il mondo affrontano sfide crescenti in termini di congestione del traffico, inquinamento atmosferico e cambiamenti climatici. La smart mobility è emersa come una risposta cruciale a queste sfide, e le smart city offrono un terreno fertile per l'innovazione in questo settore. Questo studio si propone di esaminare il ruolo della mobilità sostenibile nelle smart city, analizzando prospettive, sfide e soluzioni. Cities around the world face growing challenges in terms of traffic congestion, air pollution and climate change. Smart mobility has emerged as a crucial response to these challenges, and smart cities offer fertile ground for innovation in this area. This study aims to examine the role of sustainable mobility in smart cities, analysing perspectives, challenges and solutions

Smart Program Management in a Smart City

A Smart City is an urban area able to create economic development and high quality of life through the integrated use of technology and the optimization of resources. The most common problem in a Smart City is the existence of many projects focused on individual smart city domains such as energy efficiency in buildings, public transport services, car sharing, smart grids, etc. The lack of an integrated vision and management in this context lacks of economies of scope and scale. In this work, the complexity underlying the management of a Smart City is addressed starting from the proposal of a Smart City Integrated Model and the evaluation of the potential benefits deriving from the adoption of Program Management tools and techniques for managing aspects such as transversality, technological matters and interdependences between smart projects. A retrospective analysis on a sample of 214 projects has been carried out. The results obtained encourage the adoption of "smart program management" in the context of a smart city

New perspectives for cyber security in software development: when End-User Development meets Artificial Intelligence

Current research faces a "war"between Human-Computer Interaction and Artificial Intelligence. Despite the shared goal to support the user in his/her choices, researchers seem to be unable to find a common point between the two topics. While one tends to demonstrate that the user needs to have total control of the system he/she is using, the other aims to create mathematical models that automate as much as possible, to give the user the "feeling"that the system has a brain and can think on its own. In the current work, we want to demonstrate that there is more than one possible meeting point between those two research fields, without diminishing the two ideologies. To do so we propose both the adoption of End-User Development techniques (that is a branch of the Human-Computer Interaction) to collect data, and the adoption of Artificial Intelligence models, to support the user in performing the right choice. Additionally, we also propose and discuss a couple of scenarios, specifically the programming of internet of things devices in a smart home environment, and check that the related configurations do not expose the user to potential external cyber-attacks. We will not provide any specific solution (with data and/or simulations), rather we want to discuss the potential collaboration between EUD and AI

A Rapid Review of Responsible AI frameworks: How to guide the development of ethical AI

In the last years, the raise of Artificial Intelligence (AI), and its pervasiveness in our lives, has sparked a flourishing debate about the ethical principles that should lead its implementation and use in society. Driven by these concerns, we conduct a rapid review of several frameworks providing principles, guidelines, and/or tools to help practitioners in the development and deployment of Responsible AI (RAI) applications. We map each framework w.r.t. the different Software Development Life Cycle (SDLC) phases discovering that most of these frameworks fall just in the Requirements Elicitation phase, leaving the other phases uncovered. Very few of these frameworks offer supporting tools for practitioners, and they are mainly provided by private companies. Our results reveal that there is not a "catching-all" framework supporting both technical and non-technical stakeholders in the implementation of real-world projects. Our findings highlight the lack of a comprehensive framework encompassing all RAI principles and all (SDLC) phases that could be navigated by users with different skill sets and with different goals

AI for Humans and Humans for AI: Towards Cultures of Participation in the Digital Age

Introduction to AI for Humans and Humans for AI: Towards Cultures of Participation in the Digital Age with Human-Centered Artificial Intelligenc

Integrating security and privacy in software development

As a consequence to factors such as progress made by the attackers, release of new technologies and use of increasingly complex systems, threats to applications security have been continuously evolving. Security of code and privacy of data must be implemented in both design and programming practice to face such scenarios. In such a context, this paper proposes a software development approach, Privacy Oriented Software Development (POSD), that complements traditional development processes by integrating the activities needed for addressing security and privacy management in software systems. The approach is based on 5 key elements (Privacy by Design, Privacy Design Strategies, Privacy Pattern, Vulnerabilities, Context). The approach can be applied in two directions forward and backward, for developing new software systems or re-engineering an existing one. This paper presents the POSD approach in the backward mode together with an application in the context of an industrial project. Results show that POSD is able to discover software vulnerabilities, identify the remediation patterns needed for addressing them in the source code and design the target architecture to be used for guiding privacy-oriented system reengineering

Serious Games for Cybersecurity: How to Improve Perception and Human Factors

Cybersecurity is a growing problem in today’s technological innovation and new digital economy. Threat actors cause a danger to people’s safety or lead to the compromise of intellectual property, either sold on the dark web or used as leverage for ransom. Many executives believe cybersecurity is the responsibility of Information Technologies (IT). It is everyone’s responsibility. Countering cyber threats requires focusing on people and behaviors and cognitive models; the mere technicalities are not enough to face the issue. With this in mind, the following research analyzes existing frameworks in the literature for developing serious games for cybersecurity. They are developed to train and educate individuals in various aspects of cybersecurity, including threat detection, incident response, and risk management. Moreover, combining serious games and Explainable Artificial Intelligence (AI) can be a powerful approach to cybersecurity training and education. By integrating Explainable AI techniques into serious games, users can better understand the decision-making processes within the game environment. Players can learn how to interpret the explanations provided by AI models, identify potential limitations or errors, and make decisions based on both AI-generated insights and their own domain knowledge. This combination equips individuals with the skills to improve perception and human factors in cybersecurity

Clinical-chatbot AHP evaluation based on “quality in use” of ISO/IEC 25010

Background Conversational agents are currently a valid alternative to humans in first-level interviews with users who need information, even in-depth, about services or products. In application domains such as health care, this technology can become pervasive only if the perceived ”quality in use” is appropriate. How to measure chatbot quality is an open question. The international standard ISO/IEC 25010 proposes a set of characteristics (effectiveness, efficiency, satisfaction, freedom from risk, and context coverage) to be considered when the ”quality in use” of a software system has to be measured. Basic procedure This study proposes a clinical chatbot comparison method based on quality. The proposed approach is based on Analytic Hierarchy Process methodology (AHP). Findings Our contribution is twofold. First, we propose a set of measures for each characteristic of ISO/IEC 25010 according to three classes of functionality: providing information, providing prescriptions and process management. Moreover a quantitative method is proposed for making homogeneous the pairwise weights when the AHP is used for the ”quality-in-use” comparison. As a case study, a comparison of two versions of a chatbot was performed. Conclusions The results show that the proposed approach provides an effective reference base for performing quality comparisons of medical chatbots compliant with the ISO/IEC 25010 standard

Managing a Smart City Integrated Model through Smart Program Management

Context. A Smart city is intended as a city able to offer advanced integrated services, based on information and communication technology (ICT) technologies and intelligent (smart) use of urban infrastructures for improving the quality of life of its citizens. This goal is pursued by numerous cities worldwide, through smart projects that should contribute to the realization of an integrated vision capable of harmonizing the technologies used and the services developed in various application domains on which a Smart city operates. However, the current scenario is quite different. The projects carried out are independent of each other, often redundant in the services provided, unable to fully exploit the available technologies and reuse the results already obtained in previous projects. Each project is more like a silo than a brick that contributes to the creation of an integrated vision. Therefore, reference models and managerial practices are needed to bring together the efforts in progress towards a shared, integrated, and intelligent vision of a Smart city. Objective. Given these premises, the goal of this research work is to propose a Smart City Integrated Model together with a Smart Program Management approach for managing the interdependencies between project, strategy, and execution, and investigate the potential benefits that derive from using them. Method. Starting from a Smart city worldwide analysis, the Italian scenario was selected, and we carried out a retrospective analysis on a set of 378 projects belonging to nine different Italian Smart cities. Each project was evaluated according to three different perspectives: application domain transversality, technological depth, and interdependences. Results. The results obtained show that the current scenario is far from being considered “smart” and motivates the adoption of a Smart integrated model and Smart program management in the context of a Smart city. Conclusions. The development of a Smart city requires the use of Smart program management, which may significantly improve the level of integration between the application domain transversality and technological depth