Automated Security Testing for Identity Management of Large-scale Digital Infrastructures

Ensuring the security of an organization's digital assets against cyber threats is critical in today's technology-driven world. Regular security testing is one of the measures that can help assess the effectiveness of security controls, identify vulnerabilities, and strengthen the overall cybersecurity posture. Identity Management (IdM) protocols such as Security Assertion Markup Language 2.0, OpenID Connect, and OAuth 2.0 play a crucial role in protecting against identity theft, fraud, and security breaches. Also, following the Best Current Practices introduced by the standards to enhance the security of IdM protocols is essential to minimize the risk of unauthorized access, data breaches, and other security threats and to maintain compliance with regulatory requirements, and build trust with users and stakeholders. However, deploying these protocols can be challenging due to the complexity in designing, developing and implementing cryptographic mechanisms. The implementation of IdM protocols encounters three significant obstacles: fragmented security information, rapidly evolving threat environment, and the need for a controlled testing environment. Security testers must stay up-to-date with emerging threats and establish an appropriate testing infrastructure to guarantee the security and robustness of IdM implementations, while also minimizing the possibility of security incidents that could adversely affect operations. Automated security testing plays a crucial role in addressing security concerns, particularly as the intricate functional aspects of IdM solutions contribute to their complexity. It is essential to prioritize automation to bridge the cybersecurity skills gap among IT professionals. In this thesis, we propose Micro-Id-Gym (MIG), a framework that offers (i) an easy way to configure and reproduce the IdM production environment in a sandbox, allowing hands-on experiences with potentially impactful security tests that may winder availability of services and (ii) automatic security testing of IdM implementations together with suggestions for mitigations to avoid identified vulnerabilities. MIG provides a set of security testing tools for creating, executing, and analyzing security test cases through MIG-L, a declarative test specification language. We have evaluated the effectiveness of MIG by conducting experiments to assess the accuracy in supporting detection of relevant vulnerabilities in the implementation of IdM protocols. We utilized MIG to conduct security analyses across various corporate scenarios and projects, identifying vulnerabilities and responsibly disclosing them through bug bounty programs. Our findings were recognized by the providers, who awarded us both monetary compensation and public recognition. Overall, MIG can help organizations establish a robust and agile security testing strategy, supported by suitable infrastructure and testing procedures, that can ensure the security and resilience of their IdM implementations

A Method to Evaluate the Stimulation of a Real World Field of View by Means of a Spectroradiometric Analysis

Stimulation elicited by a real world field of view is related to the color, the intensity and the direction of the information reaching the eye: different spectral power distributions of light trigger different responses. An evaluation of the stimulation provided by the field of view can be performed by measuring the spectral radiance with a spectroradiometer and weighting this data with an efficiency curve. Different weights (physical, physiological and psychological) can lead to different analyses and consequently to different results. The proposed method allows an overall and simplified evaluation of the field of view based on spectral and luminance measures and a script that processes the luminous information. The final aim of this approach is to provide further information about the light stimulation reaching the retina and to supply a qualitative evaluation of the field of view, allowing to know how much stimulation is coming from a certain area within the visual field depending on the type of surface, basing on spectral and directional information. This approach can have practical implications, allowing technicians and designers to take into consideration the possible visual fields, in order to properly shape the features of stimulation throughout the day, hence following a field of view-based dynamic design

A methodological comparison between energy and environmental performance evaluation

The European Union is working on strategies in order to increase the energy efficiency of buildings. A useful solution is to identify the energy performance of buildings through the Energy Performance Certificate (EPC), as it provides information for the comparison of buildings with different architectural typology, shape, design technology and geographic location. However, this tool does not assess the real energy consumption of the building and does not always take into account its impact on the environment. In this work, two different types of analysis were carried out: one based only on the energy efficiency and the other one based on the environmental impact. Those analyses were applied on a standard building, set in three different Italian locations, with the purpose of obtaining cross-related information. After the evaluation of the results, interventions on some parameters (walls insulation, windows frame, filler gas in the insulated glazing) have been identified in order to improve the energy behavior of the building with an acceptable environmental impact. The aim of this paper is to propose a methodology that integrates the EPC with green building rating systems, leading to a more conscious choice of retrofit interventions as a compromise between energy performances and environmental impact

A Method to Evaluate the Stimulation of a Real World Field of View by Means of a Spectroradiometric Analysis

Stimulation elicited by a real world field of view is related to the color, the intensity and the direction of the information reaching the eye: different spectral power distributions of light trigger different responses. An evaluation of the stimulation provided by the field of view can be performed by measuring the spectral radiance with a spectroradiometer and weighting this data with an efficiency curve. Different weights (physical, physiological and psychological) can lead to different analyses and consequently to different results. The proposed method allows an overall and simplified evaluation of the field of view based on spectral and luminance measures and a script that processes the luminous information. The final aim of this approach is to provide further information about the light stimulation reaching the retina and to supply a qualitative evaluation of the field of view, allowing to know how much stimulation is coming from a certain area within the visual field depending on the type of surface, basing on spectral and directional information. This approach can have practical implications, allowing technicians and designers to take into consideration the possible visual fields, in order to properly shape the features of stimulation throughout the day, hence following a field of view-based dynamic design

Urban lighting project for a small town: comparing citizens and authority benefits

The smart and resilient city evolves by slow procedures of mutation without radical changes, increasing the livability of its territory. The value of the city center in a Smart City can increase through urban lighting systems: its elements on the territory can collect and convey data to increase services to city users; the electrical system becomes the so-called Smart Grid. This paper presents a study of smart lighting for a small town, a touristic location inside a nature reserve on the Italian coast. Three different approaches have been proposed, from minimal to more invasive interventions, and their effect on the territory has been investigated. Based on street typology and its surroundings, the work analyzes the opportunity to introduce smart and useful services for the citizens starting from a retrofitting intervention. Smart city capabilities are examined, showing how it is possible to provide new services to the cities through ICT (Information and Communication Technology) without deep changes and simplifying the control of basic city functions. The results evidence an important impact on annual energy costs, suggesting smart grid planning not only for metropolis applications, but also in smaller towns, such as the examined one

Modeling And Design Of Periodic Lattices With Tensegrity Architecture And Highly Nonlinear Response

In recent years, the nonlinear response of tensegrity systems has attracted increasing attention in the study of mechanical metamaterials. It has been shown in the literature that geometry and prestress of an elastic tensegrity structure can be designed to obtain different behaviors: stiffening, softening, and snap-through behavior in statics; propagation of solitary waves in dynamics. However, the realization of tensegrity systems is challenging, because of their prestressed state and the presence of tension-only cable members. A design method for periodic lattices with null prestress and no cables is here proposed, in which the repeating unit is at, or close to, a tensegrity configuration, maintaining the nonlinear types of response aforementioned. These structures can be realized by conventional additive manufacturing techniques, while the static and dynamic response can be predicted by means of stick-and-spring models

Outdoor work and solar radiation exposure: Evaluation method for epidemiological studies.

Background: The health risk related to an excessive exposure to solar radiation (SR) is well known. The Sun represents the main exposure source for all the frequency bands of optical radiation, that is the part of the electromagnetic spectrum ranging between 100 nm and 1 mm, including infrared (IR), ultraviolet (UV) and visible radiation. According to recent studies, outdoor workers have a relevant exposure to SR but few studies available in scientific literature have attempted to retrace a detailed history of individual exposure. Material and Methods: We propose a new method for the evaluation of SR cumulative exposure both during work and leisure time, integrating subjective and objective data. The former is collected by means of an interviewer administrated questionnaire. The latter is available through the Internet databases for many geographical regions and through individual exposure measurements. The data is integrated into a mathematical algorithm, in order to obtain an esteem of the individual total amount of SR the subjects have been exposed to during their lives. Results: The questionnaire has been tested for 58 voluntary subjects. Environmental exposure data through online databases has been collected for 3 different places in Italy in 2012. Individual exposure by electronic UV dosimeter has been measured in 6 fishermen. A mathematical algorithm integrating subjective and objective data has been elaborated. Conclusions: The method proposed may be used in epidemiological studies to evaluate specific correlations with biological effects of SR and to weigh the role of the personal and environmental factors that may increase or reduce SR exposure

6. Automated Assistance to the Security Assessment of API for Financial Services

This chapter presents the challenges related to the security assessment and the auto- mated synthesis of mitigation measures of APIs for financial services. The focus is on the APIs supporting the implementation of the new Payment Services Directive. It also gives an overview of an innovative approach to address these challenges by (i) the automated identification and mitigation of security misconfigurations underlying sessions based on Transport Layer Security, which is ubiquitously used to build a foundation layer of security; and (ii) the automated penetration testing and synthesis of mitigations for the functionalities provided by APIs built on top of it, both business (e.g., payments) and security (e.g., authentication or authorization). The main novelty of the proposed approach lies in the tight integration of identification and mitigation phases by means of actionable measures that allow users to significantly strengthen the security posture of the entire API ecosystem

Occupational Exposure to Solar UV Radiation of a Group of Fishermen Working in the Italian North Adriatic Sea

Occupational solar radiation exposure is a relevant heath risk in the fishing sector. Our aim was to provide a detailed evaluation of individual UV exposure in three different fishing activities in Italy, with personal UV dosimeters and a simple formula to calculate the fraction of ambient erythemal UV dose received by the workers. The potential individual UV exposure of the fishermen was between 65 and 542 Joules/m2. The percentages of the ambient exposure were estimated between 2.5% and 65.3%. Workers\u2019 UV exposure was mainly influenced by the characteristics of the work activity, the postures adopted, and the type of boats. Overall, our data showed that 43% of the daily measurements could result largely above the occupational limits of 1\u20131.3 standard erythemal dose (i.e., 100 Joules/m2) per day, in case of exposure of uncovered skin areas. Measurements of individual UV exposure are important not only to assess the risk but also to increase workers\u2019 perception and stimulate the adoption of preventive measures to reduce solar UV risk. Furthermore, the simple method proposed, linking ambient erythemal UV dose to the workers\u2019 exposure, can be a promising tool for a reliable assessment of the UV risk, as time series of environmental UV dose are widely availabl