ZenHackAdemy: Ethical Hacking @ DIBRIS

Cybersecurity attacks are on the rise, and the current response is not effective enough. The need for a competent workforce, able to face attackers, is increasing. At the moment, the gap between academia and real-world skills is huge and academia cannot provide students with skills that match those of an attacker. To pass on these skills, teachers have to train students in scenarios as close as possible to real-world ones. Capture the Flag (CTF) competitions are a great tool to achieve this goal, since they encourage students to think as an attacker does, thus creating more awareness on the modalities and consequences of an attack. We describe our experience in running an educational activity on ethical hacking, which we proposed to computer science and computer engineering students. We organized seminars, outside formal classes, and provided online support on the hands-on part of the training. We delivered different types of exercises and held a final CTF competition. These activities resulted in growing a community of students and researchers interested in cybersecurity, and some of them have formed ZenHack, an official CTF team

Stochastic simulation of event structures

Currently the semantics of stochastic process algebras are defined using (an extension) of labelled transition systems. This usually results in a semantics based on the interleaving of causally independent actions. The advantage is that the structure of transition systems closely resembles that of Markov chains, enabling the use of standard solution techniques for analytical and numerical performance assessment of formal specifications. The main drawback is that distributions are restricted to be exponential. In [2] we proposed to use a partial-order semantics for stochastic process algebras. This allows the support of non-exponential distributions in the process algebra in a perspicuous way, but the direct resemblance with Markov chains is lost. This paper proposes to exploit discrete-event simulation techniques for analyzing our partial-order model, called stochastic event structures. The key idea is to obtain from event structures so-called (time-homogeneous) generalized semiMarkov ..

Towards Runtime Monitoring of Node.js and Its Application to the Internet of Things

In the last years Node.js has emerged as a framework particularly suitable for implementing lightweight IoT applications, thanks to its underlying asynchronous event-driven, non blocking I/O model. However, verifying the correctness of programs with asynchronous nested callbacks is quite difficult, and, hence, runtime monitoring can be a valuable support to tackle such a complex task. Runtime monitoring is a useful software verification technique that complements static analysis and testing, but has not been yet fully explored in the context of Internet of Things (IoT) systems. Trace expressions have been successfully employed for runtime monitoring in widespread multiagent system platforms. Recently, their expressive power has been extended to allow parametric specifications on data that can be captured and monitored only at runtime. Furthermore, they can be language and system agnostic, through the notion of event domain and type. This paper investigates the use of parametric trace expressions as a first step towards runtime monitoring of programs developed in Node.js and Node-RED, a flow-based IoT programming tool built on top of Node.js. Runtime verification of such systems is a task that mostly seems to have been overlooked so far in the literature. A prototype implementing the proposed system for Node.js, in order to dynamically check with trace expressions the correct usage of API functions, is presented. The tool exploits the dynamic analysis framework Jalangi for monitoring Node.js programs and allows detection of errors that would be difficult to catch with other techniques. Furthermore, it offers a simple REST interface which can be exploited for runtime verification of Node-RED components, and, more generally, IoT devices

Software Performance Modelling Using PEPA Nets

Modelling and analysing distributed and mobile software systems is a challenging task. PEPA nets—coloured stochastic Petri nets—are a recently introduced modelling formalism which clearly capture important features such as location, synchronisation and message passing. In this paper we describe PEPA nets and the newly-developed platform support for software performance modelling using them. Crucial to this support is the compilation from PEPA nets into Hillston’s PEPA stochastic process algebra in order to access the software tools which support the PEPA algebra. In addition to derivation of steady state performance measures, this suite of tools allows properties of the system to be verified using model-checking. We show the application of PEPA nets in the modelling and analysis of a secure Web service

On the Aggregation Techniques in Stochastic Petri Nets and Stochastic Process Algebras

this paper. 1. INTRODUCTIO

Relazioni tra le reti di Petri stocastiche e le algebre di processi stocastiche

Dottorato di ricerca in informatica. 6. ciclo. Relatore Gianfranco BalboConsiglio Nazionale delle Ricerche - Biblioteca Centrale - P.le Aldo Moro, 7, Rome; Biblioteca Nazionale Centrale - P.za Cavalleggeri, 1, Florence / CNR - Consiglio Nazionale delle RichercheSIGLEITItal

Stochastic Petri Net Semantics for Stochastic Process Algebras

In this paper we define a Stochastic Petri Net (SPN) semantics for Stochastic Process Algebras (SPAs), a recently introduced formalism that offers a novel approach for performance modeling. The proposed semantics is evaluated in terms of three criteria: Concurrency and Retrievability, as defined by Olderog for untimed net semantics, and Markov Equivalence for the stochastic aspects. 1 Introduction SPNs and SPAs have had somewhat of a common development. In both cases the original definitions (standard Petri nets and pure Process Algebra) did not include any temporal information, so that they were used only for the qualitative analysis of concurrent systems. The timing extensions of the basic formalisms also allowed one to study the quantitative properties of systems. In particular, in both SPNs and SPAs, negative exponentially distributed delays have been associated with the elementary events (transitions and actions), and it has been proved that both formalisms can be viewed as high..

AulaWeb, Web-based Learning as a Commodity - The Experience of the University of Genova

Starting from the academic year 2005/2006, the University of Genova has foster the use of AulaWeb, a virtual environment based on the open source software Moodle, to promote the introduction of web-based technologies in the traditional educational process. We describe the experience of the past four years presenting the approach we have followed to encourage the use of AulaWeb among faculties, the numbers of users we have reached, an Instructional Design course we have organised to promote educational technology

Exploiting Symmetries In Stochastic Process Algebras

Stochastic Process Algebras have been introduced to enable compositional performance analysis of parallel and distributed systems. As with other high level modelling formalisms, state space explosion is a frequently observed problem, especially if the system consists of many cooperating components. However, if the components are identical replicas of each others, the state space can be reduced by means of equivalence preserving aggregation. This paper introduces symmetric parallel composition, an operator to specify sets of identical replicas cooperating in parallel. Its operational semantics is consistent with usual parallel composition whereas the state space explosion problem is drastically reduced. We illustrate this beneficial effect, and provide an interpretation of symmetric parallel composition in terms of Petri Nets. INTRODUCTION Continuous time Markov chains (CTMC), which are widely used as performance models in many diverse areas, are usually generated from high level descr..