Il Futuro della Cybersecurity in Italia: Ambiti Progettuali Strategici

Il presente volume nasce come continuazione del precedente, con l’obiettivo di delineare un insieme di ambiti progettuali e di azioni che la comunità nazionale della ricerca ritiene essenziali a complemento e a supporto di quelli previsti nel DPCM Gentiloni in materia di sicurezza cibernetica, pubblicato nel febbraio del 2017. La lettura non richiede particolari conoscenze tecniche; il testo è fruibile da chiunque utilizzi strumenti informatici o navighi in rete. Nel volume vengono considerati molteplici aspetti della cybersecurity, che vanno dalla definizione di infrastrutture e centri necessari a organizzare la difesa alle azioni e alle tecnologie da sviluppare per essere protetti al meglio, dall’individuazione delle principali tecnologie da difendere alla proposta di un insieme di azioni orizzontali per la formazione, la sensibilizzazione e la gestione dei rischi. Gli ambiti progettuali e le azioni, che noi speriamo possano svilupparsi nei prossimi anni in Italia, sono poi accompagnate da una serie di raccomandazioni agli organi preposti per affrontare al meglio, e da Paese consapevole, la sfida della trasformazione digitale. Le raccomandazioni non intendono essere esaustive, ma vanno a toccare dei punti che riteniamo essenziali per una corretta implementazione di una politica di sicurezza cibernetica a livello nazionale. Politica che, per sua natura, dovrà necessariamente essere dinamica e in continua evoluzione in base ai cambiamenti tecnologici, normativi, sociali e geopolitici. All’interno del volume, sono riportati dei riquadri con sfondo violetto o grigio; i primi sono usati nel capitolo introduttivo e nelle conclusioni per mettere in evidenza alcuni concetti ritenuti importanti, i secondi sono usati negli altri capitoli per spiegare il significato di alcuni termini tecnici comunemente utilizzati dagli addetti ai lavori. In conclusione, ringraziamo tutti i colleghi che hanno contribuito a questo volume: un gruppo di oltre 120 ricercatori, provenienti da circa 40 tra Enti di Ricerca e Università, unico per numerosità ed eccellenza, che rappresenta il meglio della ricerca in Italia nel settore della cybersecurity. Un grazie speciale va a Gabriella Caramagno e ad Angela Miola che hanno contribuito a tutte le fasi di produzione del libro. Tra i ringraziamenti ci fa piacere aggiungere il supporto ottenuto dai partecipanti al progetto FILIERASICURA

Modeling Social and Individual Trust in Requirements Engineering Methodologies

When we model and analyze trust in organizations or information systems we have to take into account two different levels of analysis: social and individual. Social levels dene the structure of organizations, whereas individual levels focus on individual agents. This is particularly important when capturing security requirements where a ihnormallyls trusted organizational role can be played by an untrusted individual. Our goal is to model and analyze the two levels nding the link between them and supporting the automatic detection of conficts that can come up when agents play roles in the organization. We also propose a formal framework that allows for the automatic verification of security requirements between the two levels by using Datalog and has been implemented in CASE tool

From Trust to Dependability through Risk Analysis

The importance of critical systems has been widely recognized and several efforts are devoted to integrate dependability requirements in their development process. Such efforts result in a number of models, frameworks, and methodologies that have been proposed to model and assess the dependability of critical systems. Among them, risk analysis considers the likelihood and severity of failures for evaluating the risk affecting the system. This approach then proposes to contain the risk level within acceptable values by adopting adequate countermeasures. In our previous work, we introduced the Tropos Goal-Risk framework, a formal framework for modeling, assessing, and treating risks on the basis of the likelihood and severity of failures. In this paper, we refine the Goal-Risk framework introducing the notion of trust for assessing risks on the basis of the organizational setting of the system. The assessment process is also enhanced to analyze risks along trust relations among actors. To make the discussion more concrete, we illustrate the framework with a case study on partial airspace delegation in Air Traffic Management (ATM) system

Requirements Engineering meets Trust Management: Model, Methodology, and Reasoning

The last years have seen a number of proposals to incorporate Security Engineering into mainstream Software Requirements Engineering. However, capturing trust and security requirements at an organizational level (as opposed to a design level) is still an open problem. This paper presents a formal framework for modeling and analyzing security and trust requirements. It extends the Tropos methodology, an agent-oriented software engineering methodology. The key intuition is that in modeling security and trust, we need to distinguish between the actors that manipulate resources, accomplish goals or execute tasks, and actors that own the resources or the goals. To analyze an organization and its information systems, we proceed in two steps. First, we built a trust model, determining the trust relationships among actors, and then we give a functional model, where we analyze the actual delegations against the trust model, checking whether an actor that offers a service is authorized to have it. The formal framework allows for the automatic verification of security and trust requirements by using a suitable delegation logic that can be mechanized within Datalog. To make the discussion more concrete, we illustrate the proposal with a Health Care case study

Cullets (glass fragments) quality control by artificial vision: a color based approach

Glass fragments (cullets) to be recycled present different market values according to their color. Glass recycling plants perform cullets sorting mainly discriminating colored glasses from white and half white glasses; furthermore sorting presents some other technological limits concerning the minimum cullet size, about 45 mm, that is possible to analyze. In this paper are analyzed the possibility that could be offered by the adoption of a color imaging based approach to realize cullets sorting. This study was mainly focused on the effects that cullets surface status and characteristics produce on the detected color digital spectra and how they can influence the further classification. All the tests have been performed on glass samples as they result after the cleaning stage, impurities removal, of an industrial glass recycling plant

The Use of Neural Network Classifiers in Solid Waste Recycling

The massive adoption, in these last years, of specialized equipment or complex processing architectures specifically developed to separate different solid waste materials, resulting from the selective collection of solid urban waste, equipment or manufactured goods dismantling at the end of their life cycle, more an more requiring control systems able to “qualify” the products during the processing. Such a goal, when implemented “on-line”, is usually realized in two steps. The attributes (physical, chemical, morphological, morphometrical, textural, etc.) of the materials resulting from processing are detected and numerically modeled. The resulting feature vector is then “handled” by a software architecture performing the required recognition/classification procedure and defining the quality of the investigated products. From the results further “feed-back” or “feed-forward” control strategies can be applied in order to improve equipment or processing architectures performances. In this paper are analyzed and described the advantages and the problems encountered by the authors when neural network (NN) based architectures have been adopted to define “artificial intelligence software unit” able to perform the recognition, at industrial recycling processing plant level, of several solid waste materials starting from their preliminary optical recognitio