Ilaria Matteucci | Consiglio Nazionale delle Ricerche (CNR) (original) (raw)

Papers by Ilaria Matteucci

Research paper thumbnail of Model and synthesize security automata

Research paper thumbnail of A novel security information and event management system for enhancing cyber security in a hydroelectric dam

International Journal of Critical Infrastructure Protection, Jun 1, 2016

Security information and event management (SIEM) systems are increasingly used to cope with the s... more Security information and event management (SIEM) systems are increasingly used to cope with the security challenges involved in critical infrastructure protection. However, these systems have several limitations. This paper describes an enhanced security information and event management system that (i) resolves conflicts between security policies; (ii) discovers unauthorized network data paths and appropriately reconfigures network devices; and (iii) provides an intrusion-and fault-tolerant storage system that ensures the integrity and non-forgeability of stored events. The performance of the enhanced system is demonstrated using a case study involving a hydroelectric dam. The case study considers an attack model that affects portions of the information technology infrastructure of the hydroelectric dam and demonstrates that the security information and event management system is successfully able to detect and respond to attacks.

Research paper thumbnail of Implementing CAN bus security by TOUCAN

Proceedings of the Twentieth ACM International Symposium on Mobile Ad Hoc Networking and Computing

Modern vehicles embed a lot of software that turns them into Cyper-Physical Systems (CPS). Electr... more Modern vehicles embed a lot of software that turns them into Cyper-Physical Systems (CPS). Electronic Control Units (ECUs) communicate through the CAN bus protocol, which was not designed to be secure. This paper presents a proof-of-concept of TOUCAN, a new security protocol designed to secure CAN bus communications following the AUTOSAR standard. The presentation introduces design, implementation and performance of TOUCAN on a test-bed composed by two inexpensive boards that can be demonstrated to exchange secure TOUCAN frames.

Research paper thumbnail of A Privacy-Preserving Solution for Intelligent Transportation Systems: Private Driver DNA

IEEE Transactions on Intelligent Transportation Systems

Research paper thumbnail of Full-protocol safety analysis of CINNAMON

2022 IEEE 95th Vehicular Technology Conference: (VTC2022-Spring)

Research paper thumbnail of Security Assessment of Systems of Systems

2019 IEEE/ACM 7th International Workshop on Software Engineering for Systems-of-Systems (SESoS) and 13th Workshop on Distributed Software Development, Software Ecosystems and Systems-of-Systems (WDES)

Engineering Systems of Systems is one of the new challenges of the last few years. This depends o... more Engineering Systems of Systems is one of the new challenges of the last few years. This depends on the increasing number of systems that must interact one with another to achieve a goal. One peculiarity of Systems of Systems is that they are made of systems able to live on their own with well-established functionalities and re quirements, and that are not necessarily aware of the joint mission or prepared to collaborate. In this emergent sce nario, security is one crucial aspect that must be consid ered from the very beginning. In fact, the security of a Sys tem of Systems is not automatically granted even if the se curity of each constituent system is guaranteed. The aim of this paper is to address the problem of assessing security properties in Systems of Systems. We discuss the specific security aspects of such emergent systems, and propose the TeSSoS approach, which includes modelling and test ing security properties in Systems of Systems and intro duces the Red and Blue Requirements Specification con cepts.

Research paper thumbnail of CANDY CREAM - Hacking Infotainment Android Systems to Command Instrument Cluster via Can Data Frame

2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC)

Research paper thumbnail of Addressing Security Properties in Systems of Systems: Challenges and Ideas

Lecture Notes in Computer Science, 2019

Within growing pervasive information systems, Systems of Systems (SoS) emerge as a new research f... more Within growing pervasive information systems, Systems of Systems (SoS) emerge as a new research frontier. A SoS is formed by a set of constituent systems that live on their own with well-established functionalities and requirements, and, in certain circumstances, they must collaborate to achieve a common mission. In this scenario, security is one crucial property that needs to be considered since the early stages of SoS lifecycle. Unfortunately, SoS security cannot be guaranteed by addressing the security of each constituent system separately. The aim of this paper is to discuss the challenges faced in addressing the security of SoS and to propose some research ideas centered around the notion of a mission to be carried out by the SoS.

Research paper thumbnail of Contributions from ADBIS 2018 Workshops

Communications in Computer and Information Science, 2018

Research paper thumbnail of Extending Security-by-Contract with Extending Security-by-Contract with Quantitative Trust on Mobile Quantitative Trust on Mobile Devices Devices

Research paper thumbnail of Analysis of Functional Safety in a secure implementation of CAN Protocol

2020 IEEE 18th International Conference on Industrial Informatics (INDIN), 2020

In modern vehicles, functionalities are typically managed by Electronic Control Units (ECUs). The... more In modern vehicles, functionalities are typically managed by Electronic Control Units (ECUs). They communicate each other by using the CAN bus protocol, standardized as ISO 11898-1:2015. However, the CAN protocol was not meant to be secure: messages are sent in clear. In the last decade, several attempts to secure the CAN protocol have been implemented. Here, we focus on TOUCAN [1], [2] and we propose and study a revised version of TOUCAN protocol enhanced from a functional safety prospective and compliant with AUTOSAR safety and security guidelines. In particular, we analyse and simulate the communication robustness of the new version of TOUCAN against transmission errors.

Research paper thumbnail of Secure Routine: A Routine-Based Algorithm for Drivers Identification

ArXiv, 2021

The introduction of Information and Communication Technology (ICT) in transportation systems lead... more The introduction of Information and Communication Technology (ICT) in transportation systems leads to several advantages (efficiency of transport, mobility, traffic management). However, it may bring some drawbacks in terms of increasing security challenges, also related to human behaviour. As an example, in the last decades attempts to characterize drivers’ behaviour have been mostly targeted. This paper presents Secure Routine, a paradigm that uses driver’s habits to driver identification and, in particular, to distinguish the vehicle’s owner from other drivers. We evaluate Secure Routine in combination with other three existing research works based on machine learning techniques. Results are measured using well-known metrics and show that Secure Routine outperforms the compared works. Keywords–driver identification; secure routine; machine learning; automotive.

Research paper thumbnail of Improving Vehicle Safety Through a Fog Collaborative Infrastructure

2018 IEEE International Conference on Smart Computing (SMARTCOMP), 2018

The introduction of Information and Communication Technology in modern cities enhances quality, p... more The introduction of Information and Communication Technology in modern cities enhances quality, performance, and interactivity of urban services. The ultimate goal is twofold: the reduction of costs and of resource consumption and the increasing number of services offered to citizens. As drawback, smart cities become more vulnerable from the point of view of safety, security, and preservation of citizen privacy. In this paper, we propose a fog-computing based infrastructure to manage the sharing of information among vehicles and smart traffic lights in a urban network, with the aim of improving the safety of end-users of the network. For this purpose, our infrastructure provides to drivers several services to retrieve information in a private and secure way. The services we consider, are mainly four and are oriented to the traffic prediction, incident prevention, managing of emergency, and driver recognition.

Research paper thumbnail of Enforcement of U-XACML History-Based Usage Control Policy

Lecture Notes in Computer Science, 2016

Usage Control policies have been introduced to overcome issues related to the usage of resources.... more Usage Control policies have been introduced to overcome issues related to the usage of resources. Indeed, a Usage Control policy takes into account attributes of subjects and resources which change over time. Hence, the policy is continuously enforced while an action is performed on a resource, and it is re-evaluated at every context change. This permits to revoke the access to a resource as soon as the new context violates the policy. The Usage Control model is very flexible, and mutable attributes can be exploited also to make a decision based on the actions that have been previously authorized and executed. This paper presents a history-based variant of U-XACML policies composed via process algebra-like operators in order to take trace of past actions made on resources by the subjects. In particular, we present a formalization of our idea through a process algebra and the enhanced logical architecture to enforce such policies.

Research paper thumbnail of A Lifecycle for Data Sharing Agreements: How it Works Out

Lecture Notes in Computer Science, 2016

An electronic Data Sharing Agreement (DSA) is a humanreadable, yet machine-processable contract, ... more An electronic Data Sharing Agreement (DSA) is a humanreadable, yet machine-processable contract, regulating how organizations and/or individuals share data. In past work, we have shed light on DSA engineering, i.e., the process of studying how data sharing is ruled in traditional legal human-readable contracts and mapping their fields (and rules) into formats that are machine-processable, leading to the transposition of a traditional legal contract into the electronic DSA. However, the definition of an electronic DSA is only the starting point of a complex DSA lifecycle, driving the contract from its creation to 1) an analysis phase, where the DSA rules are checked against conflicts; and 2) a mapping phase, where the analysed rules are transposed into privacy policies expressed in enforceable languages. This paper presents our vision for the architectural definition of a DSA system, where a lifecycle manager orchestrates: an authoring tool for legal experts, policy experts, and end users; an analyser for checking consistency of the DSA rules; a mapper for encoding rules in a low level language amenable for enforcement. The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no 610853 (Coco Cloud).

Research paper thumbnail of Exploiting Vehicles’ Reputation to Mitigate DoS Attack

Proceedings of the International Workshop on domAin specific Model-based AppRoaches to vErificaTion and validaTiOn, 2016

Recently the convergence of safety and security needs in automotive systems is one of the main ch... more Recently the convergence of safety and security needs in automotive systems is one of the main challenges of the research community. However, the different nature of safety and security metrics suggests that no individual assessment technique is sufficient, in isolation, to validate large systems that are intended to be both safe and secure. The introduction of new generation ICT systems into vehicles makes them potentially vulnerable to security attacks that may impact on the safety of passengers, pedestrians, and vehicle itself. Hence, entities involved in a communication have to be evaluated trustable by means of specific mechanisms of the vehicle or infrastructure system. This work aims at proposing an algorithm for the calculation of reputation of vehicles in a Vehicular Ad Hoc Network (VANET) based on the type and number of exchanged messages. The ultimate goal is to mitigate the Denial of Service (DoS) attack in such kind of communication by acting as a firewall with respect to not trustable vehicles. Indeed, the DoS is a security attack that affects the availability of network bandwidth. This may have an impact on safety of drivers and vehicles since it may prevent the communication and spread of important information for, e.g., human life.

Research paper thumbnail of Automated adaptation via quantitative partial model checking

Proceedings of the 31st Annual ACM Symposium on Applied Computing, 2016

We propose a formal framework to model an automated adaptation protocol based on Quantitative Par... more We propose a formal framework to model an automated adaptation protocol based on Quantitative Partial Model Checking (QPMC). An agent seeks the collaboration of a second agent to satisfy some (fixed) condition on the actions to be executed. The provided protocol allows the two agents to automatically agree by iteratively applying QPMC.

Research paper thumbnail of A novel security information and event management system for enhancing cyber security in a hydroelectric dam

International Journal of Critical Infrastructure Protection, 2016

Security information and event management (SIEM) systems are increasingly used to cope with the s... more Security information and event management (SIEM) systems are increasingly used to cope with the security challenges involved in critical infrastructure protection. However, these systems have several limitations. This paper describes an enhanced security information and event management system that (i) resolves conflicts between security policies; (ii) discovers unauthorized network data paths and appropriately reconfigures network devices; and (iii) provides an intrusion-and fault-tolerant storage system that ensures the integrity and non-forgeability of stored events. The performance of the enhanced system is demonstrated using a case study involving a hydroelectric dam. The case study considers an attack model that affects portions of the information technology infrastructure of the hydroelectric dam and demonstrates that the security information and event management system is successfully able to detect and respond to attacks.

Research paper thumbnail of 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and Security (TELERISE 2015)

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, 2015

This paper is the report on the 1st International Workshop on TEchnical and LEgal aspects of data... more This paper is the report on the 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity (TELERISE 2015) at the 37th International Conference on Software Engineering (ICSE 2015). TELERISE investigates privacy and security issues in data sharing from a technical and legal perspective. Keynote speech as well as selected papers presented at the event fit the topics of the workshop. This report gives the rationale of TELERISE and it provides a provisional program.

Research paper thumbnail of Closing the loop of SIEM analysis to Secure Critical Infrastructures

Critical Infrastructure Protection is one of the main challenges of last years. Security Informat... more Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.

Research paper thumbnail of Model and synthesize security automata

Research paper thumbnail of A novel security information and event management system for enhancing cyber security in a hydroelectric dam

International Journal of Critical Infrastructure Protection, Jun 1, 2016

Security information and event management (SIEM) systems are increasingly used to cope with the s... more Security information and event management (SIEM) systems are increasingly used to cope with the security challenges involved in critical infrastructure protection. However, these systems have several limitations. This paper describes an enhanced security information and event management system that (i) resolves conflicts between security policies; (ii) discovers unauthorized network data paths and appropriately reconfigures network devices; and (iii) provides an intrusion-and fault-tolerant storage system that ensures the integrity and non-forgeability of stored events. The performance of the enhanced system is demonstrated using a case study involving a hydroelectric dam. The case study considers an attack model that affects portions of the information technology infrastructure of the hydroelectric dam and demonstrates that the security information and event management system is successfully able to detect and respond to attacks.

Research paper thumbnail of Implementing CAN bus security by TOUCAN

Proceedings of the Twentieth ACM International Symposium on Mobile Ad Hoc Networking and Computing

Modern vehicles embed a lot of software that turns them into Cyper-Physical Systems (CPS). Electr... more Modern vehicles embed a lot of software that turns them into Cyper-Physical Systems (CPS). Electronic Control Units (ECUs) communicate through the CAN bus protocol, which was not designed to be secure. This paper presents a proof-of-concept of TOUCAN, a new security protocol designed to secure CAN bus communications following the AUTOSAR standard. The presentation introduces design, implementation and performance of TOUCAN on a test-bed composed by two inexpensive boards that can be demonstrated to exchange secure TOUCAN frames.

Research paper thumbnail of A Privacy-Preserving Solution for Intelligent Transportation Systems: Private Driver DNA

IEEE Transactions on Intelligent Transportation Systems

Research paper thumbnail of Full-protocol safety analysis of CINNAMON

2022 IEEE 95th Vehicular Technology Conference: (VTC2022-Spring)

Research paper thumbnail of Security Assessment of Systems of Systems

2019 IEEE/ACM 7th International Workshop on Software Engineering for Systems-of-Systems (SESoS) and 13th Workshop on Distributed Software Development, Software Ecosystems and Systems-of-Systems (WDES)

Engineering Systems of Systems is one of the new challenges of the last few years. This depends o... more Engineering Systems of Systems is one of the new challenges of the last few years. This depends on the increasing number of systems that must interact one with another to achieve a goal. One peculiarity of Systems of Systems is that they are made of systems able to live on their own with well-established functionalities and re quirements, and that are not necessarily aware of the joint mission or prepared to collaborate. In this emergent sce nario, security is one crucial aspect that must be consid ered from the very beginning. In fact, the security of a Sys tem of Systems is not automatically granted even if the se curity of each constituent system is guaranteed. The aim of this paper is to address the problem of assessing security properties in Systems of Systems. We discuss the specific security aspects of such emergent systems, and propose the TeSSoS approach, which includes modelling and test ing security properties in Systems of Systems and intro duces the Red and Blue Requirements Specification con cepts.

Research paper thumbnail of CANDY CREAM - Hacking Infotainment Android Systems to Command Instrument Cluster via Can Data Frame

2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC)

Research paper thumbnail of Addressing Security Properties in Systems of Systems: Challenges and Ideas

Lecture Notes in Computer Science, 2019

Within growing pervasive information systems, Systems of Systems (SoS) emerge as a new research f... more Within growing pervasive information systems, Systems of Systems (SoS) emerge as a new research frontier. A SoS is formed by a set of constituent systems that live on their own with well-established functionalities and requirements, and, in certain circumstances, they must collaborate to achieve a common mission. In this scenario, security is one crucial property that needs to be considered since the early stages of SoS lifecycle. Unfortunately, SoS security cannot be guaranteed by addressing the security of each constituent system separately. The aim of this paper is to discuss the challenges faced in addressing the security of SoS and to propose some research ideas centered around the notion of a mission to be carried out by the SoS.

Research paper thumbnail of Contributions from ADBIS 2018 Workshops

Communications in Computer and Information Science, 2018

Research paper thumbnail of Extending Security-by-Contract with Extending Security-by-Contract with Quantitative Trust on Mobile Quantitative Trust on Mobile Devices Devices

Research paper thumbnail of Analysis of Functional Safety in a secure implementation of CAN Protocol

2020 IEEE 18th International Conference on Industrial Informatics (INDIN), 2020

In modern vehicles, functionalities are typically managed by Electronic Control Units (ECUs). The... more In modern vehicles, functionalities are typically managed by Electronic Control Units (ECUs). They communicate each other by using the CAN bus protocol, standardized as ISO 11898-1:2015. However, the CAN protocol was not meant to be secure: messages are sent in clear. In the last decade, several attempts to secure the CAN protocol have been implemented. Here, we focus on TOUCAN [1], [2] and we propose and study a revised version of TOUCAN protocol enhanced from a functional safety prospective and compliant with AUTOSAR safety and security guidelines. In particular, we analyse and simulate the communication robustness of the new version of TOUCAN against transmission errors.

Research paper thumbnail of Secure Routine: A Routine-Based Algorithm for Drivers Identification

ArXiv, 2021

The introduction of Information and Communication Technology (ICT) in transportation systems lead... more The introduction of Information and Communication Technology (ICT) in transportation systems leads to several advantages (efficiency of transport, mobility, traffic management). However, it may bring some drawbacks in terms of increasing security challenges, also related to human behaviour. As an example, in the last decades attempts to characterize drivers’ behaviour have been mostly targeted. This paper presents Secure Routine, a paradigm that uses driver’s habits to driver identification and, in particular, to distinguish the vehicle’s owner from other drivers. We evaluate Secure Routine in combination with other three existing research works based on machine learning techniques. Results are measured using well-known metrics and show that Secure Routine outperforms the compared works. Keywords–driver identification; secure routine; machine learning; automotive.

Research paper thumbnail of Improving Vehicle Safety Through a Fog Collaborative Infrastructure

2018 IEEE International Conference on Smart Computing (SMARTCOMP), 2018

The introduction of Information and Communication Technology in modern cities enhances quality, p... more The introduction of Information and Communication Technology in modern cities enhances quality, performance, and interactivity of urban services. The ultimate goal is twofold: the reduction of costs and of resource consumption and the increasing number of services offered to citizens. As drawback, smart cities become more vulnerable from the point of view of safety, security, and preservation of citizen privacy. In this paper, we propose a fog-computing based infrastructure to manage the sharing of information among vehicles and smart traffic lights in a urban network, with the aim of improving the safety of end-users of the network. For this purpose, our infrastructure provides to drivers several services to retrieve information in a private and secure way. The services we consider, are mainly four and are oriented to the traffic prediction, incident prevention, managing of emergency, and driver recognition.

Research paper thumbnail of Enforcement of U-XACML History-Based Usage Control Policy

Lecture Notes in Computer Science, 2016

Usage Control policies have been introduced to overcome issues related to the usage of resources.... more Usage Control policies have been introduced to overcome issues related to the usage of resources. Indeed, a Usage Control policy takes into account attributes of subjects and resources which change over time. Hence, the policy is continuously enforced while an action is performed on a resource, and it is re-evaluated at every context change. This permits to revoke the access to a resource as soon as the new context violates the policy. The Usage Control model is very flexible, and mutable attributes can be exploited also to make a decision based on the actions that have been previously authorized and executed. This paper presents a history-based variant of U-XACML policies composed via process algebra-like operators in order to take trace of past actions made on resources by the subjects. In particular, we present a formalization of our idea through a process algebra and the enhanced logical architecture to enforce such policies.

Research paper thumbnail of A Lifecycle for Data Sharing Agreements: How it Works Out

Lecture Notes in Computer Science, 2016

An electronic Data Sharing Agreement (DSA) is a humanreadable, yet machine-processable contract, ... more An electronic Data Sharing Agreement (DSA) is a humanreadable, yet machine-processable contract, regulating how organizations and/or individuals share data. In past work, we have shed light on DSA engineering, i.e., the process of studying how data sharing is ruled in traditional legal human-readable contracts and mapping their fields (and rules) into formats that are machine-processable, leading to the transposition of a traditional legal contract into the electronic DSA. However, the definition of an electronic DSA is only the starting point of a complex DSA lifecycle, driving the contract from its creation to 1) an analysis phase, where the DSA rules are checked against conflicts; and 2) a mapping phase, where the analysed rules are transposed into privacy policies expressed in enforceable languages. This paper presents our vision for the architectural definition of a DSA system, where a lifecycle manager orchestrates: an authoring tool for legal experts, policy experts, and end users; an analyser for checking consistency of the DSA rules; a mapper for encoding rules in a low level language amenable for enforcement. The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no 610853 (Coco Cloud).

Research paper thumbnail of Exploiting Vehicles’ Reputation to Mitigate DoS Attack

Proceedings of the International Workshop on domAin specific Model-based AppRoaches to vErificaTion and validaTiOn, 2016

Recently the convergence of safety and security needs in automotive systems is one of the main ch... more Recently the convergence of safety and security needs in automotive systems is one of the main challenges of the research community. However, the different nature of safety and security metrics suggests that no individual assessment technique is sufficient, in isolation, to validate large systems that are intended to be both safe and secure. The introduction of new generation ICT systems into vehicles makes them potentially vulnerable to security attacks that may impact on the safety of passengers, pedestrians, and vehicle itself. Hence, entities involved in a communication have to be evaluated trustable by means of specific mechanisms of the vehicle or infrastructure system. This work aims at proposing an algorithm for the calculation of reputation of vehicles in a Vehicular Ad Hoc Network (VANET) based on the type and number of exchanged messages. The ultimate goal is to mitigate the Denial of Service (DoS) attack in such kind of communication by acting as a firewall with respect to not trustable vehicles. Indeed, the DoS is a security attack that affects the availability of network bandwidth. This may have an impact on safety of drivers and vehicles since it may prevent the communication and spread of important information for, e.g., human life.

Research paper thumbnail of Automated adaptation via quantitative partial model checking

Proceedings of the 31st Annual ACM Symposium on Applied Computing, 2016

We propose a formal framework to model an automated adaptation protocol based on Quantitative Par... more We propose a formal framework to model an automated adaptation protocol based on Quantitative Partial Model Checking (QPMC). An agent seeks the collaboration of a second agent to satisfy some (fixed) condition on the actions to be executed. The provided protocol allows the two agents to automatically agree by iteratively applying QPMC.

Research paper thumbnail of A novel security information and event management system for enhancing cyber security in a hydroelectric dam

International Journal of Critical Infrastructure Protection, 2016

Security information and event management (SIEM) systems are increasingly used to cope with the s... more Security information and event management (SIEM) systems are increasingly used to cope with the security challenges involved in critical infrastructure protection. However, these systems have several limitations. This paper describes an enhanced security information and event management system that (i) resolves conflicts between security policies; (ii) discovers unauthorized network data paths and appropriately reconfigures network devices; and (iii) provides an intrusion-and fault-tolerant storage system that ensures the integrity and non-forgeability of stored events. The performance of the enhanced system is demonstrated using a case study involving a hydroelectric dam. The case study considers an attack model that affects portions of the information technology infrastructure of the hydroelectric dam and demonstrates that the security information and event management system is successfully able to detect and respond to attacks.

Research paper thumbnail of 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and Security (TELERISE 2015)

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, 2015

This paper is the report on the 1st International Workshop on TEchnical and LEgal aspects of data... more This paper is the report on the 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity (TELERISE 2015) at the 37th International Conference on Software Engineering (ICSE 2015). TELERISE investigates privacy and security issues in data sharing from a technical and legal perspective. Keynote speech as well as selected papers presented at the event fit the topics of the workshop. This report gives the rationale of TELERISE and it provides a provisional program.

Research paper thumbnail of Closing the loop of SIEM analysis to Secure Critical Infrastructures

Critical Infrastructure Protection is one of the main challenges of last years. Security Informat... more Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.