Safer in the Clouds (Extended Abstract)

We outline the design of a framework for modelling cloud computing systems.The approach is based on a declarative programming model which takes the form of a lambda-calculus enriched with suitable mechanisms to express and enforce application-level security policies governing usages of resources available in the clouds. We will focus on the server side of cloud systems, by adopting a pro-active approach, where explicit security policies regulate server's behaviour.Comment: In Proceedings ICE 2010, arXiv:1010.530

Model checking usage policies

We study usage automata, a formal model for specifying policies on the usage of resources. Usage automata extend finite state automata with some additional features, parameters and guards, that improve their expressivity. We show that usage automata are expressive enough to model policies of real-world applications. We discuss their expressive power, and we prove that the problem of telling whether a computation complies with a usage policy is decidable. The main contribution of this paper is a model checking technique for usage automata. The model is that of usages, i.e. basic processes that describe the possible patterns of resource access and creation. In spite of the model having infinite states, because of recursion and resource creation, we devise a polynomial-time model checking technique for deciding when a usage complies with a usage policy

Tools and verification

This chapter presents different tools that have been developed inside the Sensoria project. Sensoria studied qualitative analysis techniques for verifying properties of service implementations with respect to their formal specifications. The tools presented in this chapter have been developed to carry out the analysis in an automated, or semi-automated, way. We present four different tools, all developed during the Sensoria project, exploiting new techniques and calculi from the Sensoria project itself

SoK: Lending Pools in Decentralized Finance

Lending pools are decentralized applications which allow mutually untrusted users to lend and borrow crypto-assets. These applications feature complex, highly parametric incentive mechanisms to equilibrate the loan market. This complexity makes the behaviour of lending pools difficult to understand and to predict: indeed, ineffective incentives and attacks could potentially lead to emergent unwanted behaviours. Reasoning about lending pools is made even harder by the lack of executable models of their behaviour: to precisely understand how users interact with lending pools, eventually one has to inspect their implementations, where the incentive mechanisms are intertwined with low-level implementation details. Further, the variety of existing implementations makes it difficult to distill the common aspects of lending pools. We systematize the existing knowledge about lending pools, leveraging a new formal model of interactions with users, which reflects the archetypal features of mainstream implementations. This enables us to prove some general properties of lending pools, and to precisely describe vulnerabilities and attacks. We also discuss the role of lending pools in the broader context of decentralized finance and identify relevant research challenges

Cryptocurrency scams: analysis and perspectives

Since the inception of Bitcoin in 2009, the market of cryptocurrencies has grown beyond the initial expectations, as witnessed by the thousands of tokenised assets available on the market, whose daily trades amount to dozens of USD billions. The pseudonymity features of these cryptocurrencies have attracted the attention of cybercriminals, who exploit them to carry out potentially untraceable scams. The wide range of cryptocurrency-based scams observed over the last ten years has fostered the research on the analysis of their effects, and the development of techniques to counter them. However, doing research in this field requires addressing several challenges: for instance, although a few data sources about cryptocurrency scams are publicly available, they often contain incomplete or misclassified data. Further, there is no standard taxonomy of scams, which leads to ambiguous and incoherent interpretations of their nature. Indeed, the unavailability of reliable datasets makes it difficult to train effective automatic classifiers that can detect and analyse cryptocurrency scams. In this paper, we perform an extensive review of the scientific literature on cryptocurrency scams, which we systematise according to a novel taxonomy. By collecting and homogenising data from different public sources, we build a uniform dataset of thousands of cryptocurrency scams.We devise an automatic tool that recognises scams and classifies them according to our taxonomy.We assess the effectiveness of our tool through standard performance metrics.We also give an in-depth analysis of the classification results, offering several insights into threat types, from their features to their connection with other types. Finally, we provide a set of guidelines that policymakers could follow to improve user protection against cryptocurrency scams

'Pencil Beamforming Increases Human Exposure to ElectroMagnetic Fields': True or False?

According to a very popular belief-very widespread among non-scientific communities-the exploitation of narrow beams, a.k.a. 'pencil beamforming', results in a prompt increase of exposure levels radiated by 5G Base Stations (BSs). To face such concern with a scientific approach, in this work we propose a novel localization-enhanced pencil beamforming technique, in which the traffic beams are tuned in accordance with the uncertainty localization levels of User Equipment (UE). Compared to currently deployed beamforming techniques, which generally employ beams of fixed width, we exploit the localization functionality made available by the 5G architecture to synthesize the direction and the width of each pencil beam towards each served UE. We then evaluate the effectiveness of pencil beamforming in terms of ElectroMagnetic Field (EMF) exposure and UE throughput levels over different realistic case-studies. Results, obtained from a publicly released open-source simulator, dispel the myth: the adoption of localization-enhanced pencil beamforming triggers a prompt reduction of exposure w.r.t. other alternative techniques, which include e.g., beams of fixed width and cellular coverage not exploiting beamforming. The EMF reduction is achieved not only for the UE that are served by the pencil beams, but also over the whole territory (including the locations in proximity to the 5G BS). In addition, large throughput levels-adequate for most of 5G services-can be guaranteed when each UE is individually served by one dedicated beam

Predicting global usages of resources endowed with local policies

The effective usages of computational resources are a primary concern of up-to-date distributed applications. In this paper, we present a methodology to reason about resource usages (acquisition, release, revision, ...), and therefore the proposed approach enables to predict bad usages of resources. Keeping in mind the interplay between local and global information occurring in the application-resource interactions, we model resources as entities with local policies and global properties governing the overall interactions. Formally, our model takes the shape of an extension of pi-calculus with primitives to manage resources. We develop a Control Flow Analysis computing a static approximation of process behaviour and therefore of the resource usages.Comment: In Proceedings FOCLASA 2011, arXiv:1107.584

Visibilia ex invisibilibus: seeing at the nanoscale for improved preservation of parchment

This paper describes the application of atomic force microscopy (AFM) for the imaging of collagen denaturation as observed in parchment. Parchment is prepared from processed animal skin and collagen is the main component. Large collections in national archives, libraries and religious institutions contain numerous documents written on parchment. Their preservation presents an unsolved problem for conservators. The main challenge is to assess the state of collagen and to detect what conservators refer to as the pre-gelatinised state, which can cause surface cracking resulting in a loss of text and can increase the vulnerability of parchment to aqueous cleaning agents. Atomic force microscopy (AFM) was first used within the Improved Damage Assessment of Parchment (IDAP) project, enabling the characterisation of the collagen structure within parchment at the nanoscale. Damage categories were also established based on the extent of the ordered collagen structure that was observed in the AFM images. This paper describes the work following the IDAP project, where morphological changes in the fibres due to both artificial and natural ageing were observed and linked to observations made by AFM. It also explores the merits and drawbacks of different approaches used for sample preparation and the possibility of using a portable AFM for imaging directly on the surface of documents. A case study on a manuscript from the 18th century is presented

Measuring EMF and Throughput Before and After 5G Service Activation in a Residential Area

The deployment of 5G networks is approaching a mature phase in many countries across the world. However, little efforts have been done so far to scientifically compare ElectroMagnetic Field (EMF) exposure and traffic levels before and after the activation of 5G service over the territory. The goal of this work is to provide a sound comparative assessment of exposure and traffic, by performing repeated measurements before and after 5G provisioning service. Our solution is based on an EMF meter and a spectrum analyzer that is remotely controlled by a measurement algorithm. In this way, we dissect the contribution of each pre-5G and 5G band radiating over the territory. In addition, we employ a traffic chain to precisely characterize the achieved throughput levels. Results, derived from a set of measurements performed on a commercial deployment, reveal that the provisioning of 5G service over mid-band frequencies has a limited impact on the exposure. In parallel, the measured traffic is more than doubled when 5G is activated over mid-bands, reaching levels above 200 [Mbps]. On the other hand, the provisioning of 5G over sub-GHz bands does not introduce a substantial increase in the traffic levels. Eventually, we demonstrate that EMF exposure is impacted by the raw-land reconfiguration to host the 5G panels, which introduces changes in the sight conditions and in the power received from the main lobes

C-MYC, HIF-1α, ERG, TKT, and GSTP1: an Axis in Prostate Cancer?

To analyze putative biomarkers for prostate cancer (PCA) characterization, the second leading cause of cancer-associated mortality in men. Quantification of the expression level of c-myc and HIF-1α was performed in 72 prostate cancer specimens. A cohort of 497 prostate cancer patients from The Cancer Genome Atlas (TCGA) database was further analyzed, in order to test our hypothesis. We found that high c-myc level was significantly associated with HIF-1α elevated expression (p = 0.008) in our 72 samples. Statistical analysis of 497 TCGA prostate cancer specimens confirmed the strong association (p = 0.0005) of c-myc and HIF-1α expression levels, as we found in our series. Moreover, we found high c-myc levels significantly associated with low Glutatione S-transferase P1 (GSTP1) expression (p = 0.01), with high Transketolase (TKT) expression (p < 0.0001). High TKT levels were found in TCGA samples with low GSTP1 mRNA (p < 0.0001), as shown for c-myc, and with ERG increased expression (p = 0.02). Finally, samples with low GSTP1 expression displayed higher ERG mRNA levels than samples with high GSTP1 score (p < 0.0001), as above shown for c-myc. Our study emphasizes the notion of a potential value of HIF-1α and c-myc as putative biomarkers in prostate cancer; moreover TCGA data analysis showed a putative crosstalk between c-myc, HIF-1α, ERG, TKT, and GSTP1, suggesting a potential use of this axis in prostate cancer