4,268 research outputs found
VALUTAZIONE DELLA GESTIONE DEI CANILI RUOLO DEL MEDICO VETERINARIO
In questo lavoro si abbiamo descritto un metodo per il controllo e la vigilanza all'interno delle strutture che ospitano in cani prendendo in considerazione le norme emanate dalla Regione Lazio in quanto non esiste una procedura codificata a livello regionale per tale attività . Il nostro obbiettivo era proporre un sistema di valutazione oggettivo, tracciabile, che fornisse una valutazione qualitativa del servizio offerto e che ribadisse il ruolo primario del Medico Veterinario in tale attività. Dopo aver illustrato il metodo, che si basa sulla compilazione di una check list e la successiva elaborazione della stessa, lo abbiamo provato su quattro canili della provincia di Viterbo per verificare l'applicabilità, il tempo necessario per la singola valutazione e il raggiungimento degli obbiettivi. Sebbene le prove sono state limitate nel numero il metodo è risultato applicabile anche se con un impegno in termini di tempo relativamente lungo. Dalle prove in campo gli obbiettivi che ci eravamo prefissati sono stati rispettati.
In this paper we have described a method of control and supervision within the structures that house dogs in considering the rules issued by the Lazio Region as there is no written procedures at the regional level for such activities. Our goal was to offer an objective evaluation system, traceable, that would provide a qualitative assessment of the service offered and were to maintain that the primary role of the veterinarian in such activities. After explaining the method, which is based on
the compilation of a checklist and subsequent processing of the same, we tried it on four kennels of the province of Viterbo to verify the applicability, the time required for the individual assessment and achievement of objectives . Although the tests have been limited in the number result, the method is applicable even if with a commitment in terms of relatively long time. From field testing the goals that we set have been met
On the Security of Software Systems and Services
This work investigates new methods for facing the security issues and threats arising from the composition of software. This task has been carried out through the formal modelling of both the software composition scenarios and the security properties, i.e., policies, to be guaranteed.
Our research moves across three different modalities of software composition which are of main interest for some of the most sensitive aspects of the modern information society. They are mobile applications, trust-based composition and service orchestration.
Mobile applications are programs designed for being deployable on remote platforms. Basically, they are the main channel for the distribution and commercialisation of software for mobile devices, e.g., smart phones and tablets. Here we study the security threats that affect the application providers and the hosting platforms. In particular, we present a programming framework for the development of applications with a static and dynamic security support. Also, we implemented an enforcement mechanism for applying fine-grained security controls on the execution of possibly malicious applications.
In addition to security, trust represents a pragmatic and intuitive way for managing the interactions among systems. Currently, trust is one of the main factors that human beings keep into account when deciding whether to accept a transaction or not. In our work we investigate the possibility of defining a fully integrated environment for security policies and trust including a runtime monitor.
Finally, Service-Oriented Computing (SOC) is the leading technology for business applications distributed over a network. The security issues related to the service networks are many and multi-faceted. We mainly deal with the static verification of secure composition plans of web services. Moreover, we introduce the synthesis
of dynamic security checks for protecting the services against illegal invocations
Turning Federated Learning Systems Into Covert Channels
Federated learning (FL) goes beyond traditional, centralized machine learning
by distributing model training among a large collection of edge clients. These
clients cooperatively train a global, e.g., cloud-hosted, model without
disclosing their local, private training data. The global model is then shared
among all the participants which use it for local predictions. In this paper,
we put forward a novel attacker model aiming at turning FL systems into covert
channels to implement a stealth communication infrastructure. The main
intuition is that, during federated training, a malicious sender can poison the
global model by submitting purposely crafted examples. Although the effect of
the model poisoning is negligible to other participants, and does not alter the
overall model performance, it can be observed by a malicious receiver and used
to transmit a single bit
Jalapa: Securing Java with Local Policies Tool Demonstration
AbstractWe present Jalapa, a tool for securing Java bytecode programs with history-based usage policies. Policies are defined by usage automata, that recognize the forbidden execution histories. Usage automata are expressive enough to allow programmers specify of many real-world usage policies; yet, they are simple enough to permit formal reasoning. Programmers can sandbox untrusted pieces of code with usage policies. The Jalapa tool rewrites the Java bytecode by adding the hooks for the mechanism that enforces the given policies at run-time
Automating the Generation of Cyber Range Virtual Scenarios with VSDL
A cyber range is an environment used for training security experts and
testing attack and defence tools and procedures. Usually, a cyber range
simulates one or more critical infrastructures that attacking (red) and
defending (blue) teams must compromise and protect, respectively. The
infrastructure can be physically assembled, but much more convenient is to rely
on the Infrastructure as a Service (IaaS) paradigm. Although some modern
technologies support the IaaS, the design and deployment of scenarios of
interest is mostly a manual operation. As a consequence, it is a common
practice to have a cyber range hosting few (sometimes only one), consolidated
scenarios. However, reusing the same scenario may significantly reduce the
effectiveness of the training and testing sessions. In this paper, we propose a
framework for automating the definition and deployment of arbitrarily complex
cyber range scenarios. The framework relies on the virtual scenario description
language (VSDL), i.e., a domain-specific language for defining high-level
features of the desired infrastructure while hiding low-level details. The
semantics of VSDL is given in terms of constraints that must be satisfied by
the virtual infrastructure. These constraints are then submitted to an SMT
solver for checking the satisfiability of the specification. If satisfiable,
the specification gives rise to a model that is automatically converted to a
set of deployment scripts to be submitted to the IaaS provider
VeriOSS: Using the Blockchain to Foster Bug Bounty Programs
Nowadays software is everywhere and this is particularly true for free and open source software (FOSS). Discovering bugs in FOSS projects is of paramount importance and many bug bounty programs attempt to attract skilled analysts by promising rewards. Nevertheless, developing an effective bug bounty program is challenging. As a consequence, many programs fail to support an efficient and fair bug bounty market. In this paper, we present VeriOSS, a novel bug bounty platform. The idea behind VeriOSS is to exploit the blockchain technology to develop a fair and efficient bug bounty market. To this aim, VeriOSS combines formal guarantees and economic incentives to ensure that the bug disclosure is both reliable and convenient for the market actors
- …