107 research outputs found
Infrastrutture a chiave pubblica e protocolli di sicurezza
This paper deals with case studies about the management of a public key infrastrcture. An automated verification of secure procedures for certificate delivery is carried out
Twitlang(er): interactions modeling language (and interpreter) for Twitter
Online social networks are widespread means to enact interactive collaboration among people by, e.g., planning events, diffusing information, and enabling discussions. Twitter provides one of the most illustrative example of how people can effectively interact without resorting to traditional communication media. For example, the platform has acted as a unique medium for reliable communication in emergency or for organizing cooperative mass actions. This use of Twitter in a cooperative, possibly critical, setting calls for a more precise awareness of the dynamics regulating message spreading. To this aim, we designed?Twitlang, a formal language to model interactions among Twitter accounts. The operational semantics associated to the language allows users to clearly and precisely determine the effects of actions performed by Twitter accounts, such as post, retweet, reply to or delete tweets. The language has been implemented in the form of a?Maude?interpreter,?Twitlanger, which takes a language term as an input and, automatically or interactively, explores the computations arising from the term. By relying on this interpreter, automatic verification of communication properties of Twitter accounts can be carried out via the analysis tools provided by the?Maudeframework
Better Safe Than Sorry: An Adversarial Approach to Improve Social Bot Detection
The arm race between spambots and spambot-detectors is made of several cycles
(or generations): a new wave of spambots is created (and new spam is spread),
new spambot filters are derived and old spambots mutate (or evolve) to new
species. Recently, with the diffusion of the adversarial learning approach, a
new practice is emerging: to manipulate on purpose target samples in order to
make stronger detection models. Here, we manipulate generations of Twitter
social bots, to obtain - and study - their possible future evolutions, with the
aim of eventually deriving more effective detection techniques. In detail, we
propose and experiment with a novel genetic algorithm for the synthesis of
online accounts. The algorithm allows to create synthetic evolved versions of
current state-of-the-art social bots. Results demonstrate that synthetic bots
really escape current detection techniques. However, they give all the needed
elements to improve such techniques, making possible a proactive approach for
the design of social bot detection systems.Comment: This is the pre-final version of a paper accepted @ 11th ACM
Conference on Web Science, June 30-July 3, 2019, Boston, U
Team automata for security analysis
We show that team automata (TA) are well suited for security analysis by reformulating the Generalized Non-Deducibility on Compositions (GNDC) schema in terms of TA. We then use this to show that integrity is guaranteed for a case study in which TA model an instance of the Efficient Multi-chained Stream Signature (EMSS) protocol
Introducing Authenticated Information in a Reliable Multicast Protocol for Mobile Computing
We consider a known protocol for reliable multicast in distributed mobile systems where mobile hosts belonging to a group communicate with a wired infrastructure by means of wireless technology. The original specification of the protocol does not take into consideration any notion of computer security. In this paper it is shown how an adversary may eavesdrop on communications between legitimate members and inject packets over the wireless links, pretending to be a legitimate member belonging to the group. We suggest a revised version of the protocol providing authenticity and integrity of packets over the wireless links
Formal models and analysis of secure multicast in wired and wireless networks
The spreading of multicast technology enables the development of group communication and so dealing with digital streams becomes more and more common over the Internet. Given the flourishing of security threats, the distribution of streamed data must be equipped with sufficient security guarantees. To this aim, some architectures have been proposed, to supply the distribution of the stream with guarantees of, e.g., authenticity, integrity, and confidentiality of the digital contents. This paper shows a formal capability of capturing some features of secure multicast protocols. In particular, both the modeling and the analysis of some case studies are shown, starting from basic schemes for signing digital streams, passing through proto- cols dealing with packet loss and time-synchronization requirements, concluding with a secure distribution of a secret key. A process-algebraic framework will be exploited, equipped with schemata for analysing security properties and compositional principles for evaluating if a property is satisfied over a system with more than two components
1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and Security (TELERISE 2015)
This paper is the report on the 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity (TELERISE 2015) at the 37th International Conference on Software Engineering (ICSE 2015). TELERISE investigates privacy and security issues in data sharing from a technical and legal perspective. Keynote speech as well as selected papers presented at the event fit the topics of the workshop. This report gives the rationale of TELERISE and it provides a provisional program
Aspects of Modeling and Verifying Secure Procedures
Security protocols are specifications for exchanging messages on a possibly insecure network. They aim at achieving some security goals (eg authenticating the parties involved in a communication, or preserving confidentiality of certain messages) preventing some malicious party to achieve advantages for its own. Goals of security protocols are generally achieved through the use of cryptography, the art of writing in secret characters, not comprehensible to anyone but the sender and the intended recipient. There is however a branch, in the computer science community, that, among its wide field of activities, aims at studying possible attacks on secure procedures without breaking cryptography, eg by manipulating some of the exchanged messages. This is the formal methods community, with an eye for security. This thesis mainly investigates the formal modeling and analysis of security protocols, both with finite and non finite behaviour, both within a process-algebraic and an automata framework. Real life protocols for signing and protecting digital contents and for giving assurance about authentic correspondences will be specified by means of the above cited formalisms, and some of their properties will be verified by means of formal proofs and automated tools. The original contributions of this thesis are the following. Within the framework of a formal modeling and verification of security protocols, we have applied an automated tool to better understand some secure mechanisms for the delivery of electronic documents. This has given us a deep insight on revealing the effects of omitted (or even erroneously implemented) security checks. Furthermore, a formal framework for modeling and analysing secure multicast and wireless communication protocols has been proposed. The analysis is mostly based on some new compositional principles giving sufficient conditions for safely composing an arbitrary number of components within a unique system. Also, steps towards providing the Team Automata formalism (TA) with a framework for security analysis have been taken. Within the framework, we model and analyse integrity and privacy properties, contributing to testify the expressive power and modelling capabilities of TA
Fame for sale: efficient detection of fake Twitter followers
are those Twitter accounts specifically created to
inflate the number of followers of a target account. Fake followers are
dangerous for the social platform and beyond, since they may alter concepts
like popularity and influence in the Twittersphere - hence impacting on
economy, politics, and society. In this paper, we contribute along different
dimensions. First, we review some of the most relevant existing features and
rules (proposed by Academia and Media) for anomalous Twitter accounts
detection. Second, we create a baseline dataset of verified human and fake
follower accounts. Such baseline dataset is publicly available to the
scientific community. Then, we exploit the baseline dataset to train a set of
machine-learning classifiers built over the reviewed rules and features. Our
results show that most of the rules proposed by Media provide unsatisfactory
performance in revealing fake followers, while features proposed in the past by
Academia for spam detection provide good results. Building on the most
promising features, we revise the classifiers both in terms of reduction of
overfitting and cost for gathering the data needed to compute the features. The
final result is a novel classifier, general enough to thwart
overfitting, lightweight thanks to the usage of the less costly features, and
still able to correctly classify more than 95% of the accounts of the original
training set. We ultimately perform an information fusion-based sensitivity
analysis, to assess the global sensitivity of each of the features employed by
the classifier. The findings reported in this paper, other than being supported
by a thorough experimental methodology and interesting on their own, also pave
the way for further investigation on the novel issue of fake Twitter followers
- âŠ