Research Interests:
The disclosure of sensitive data to unauthorized entities is a critical issue for organizations. Timely detection of data leakage is crucial to reduce possible damages. Therefore, breaches should be detected as early as possible, e.g.,... more
The disclosure of sensitive data to unauthorized entities is a critical issue for organizations. Timely detection of data leakage is crucial to reduce possible damages. Therefore, breaches should be detected as early as possible, e.g., when data are leaving the database. In this paper, we focus on data leakage detection by monitoring database activities. We present a framework that automatically learns normal user behavior, in terms of database activities, and detects anomalies as deviation from such behavior. In addition, our approach explicitly indicates the root cause of an anomaly. Finally, the framework assesses the severity of data leakages based on the sensitivity of the disclosed data.
Research Interests:
Abstract. While logging events is becoming increasingly common in computing, in communication and in collaborative work, log systems need to satisfy increasingly challenging (if not conflicting) requirements. Despite the growing... more
Abstract. While logging events is becoming increasingly common in computing, in communication and in collaborative work, log systems need to satisfy increasingly challenging (if not conflicting) requirements. Despite the growing pervasiveness of log systems, to date there is no high-level framework which allows one to model a log system and to check whether it meets the requirements it should satisfy. In this paper we propose a high-level framework for modeling log systems, and reasoning about them. This framework allows one to give a high-level representation of a log system an to check whether it satisfies given audit and privacy properties which in turn can be expressed in standard logic. In particular, the framework can be used for comparing and assessing log systems. We validate our proposal by formalizing a number of standard log properties and by using it to review a number of existing systems. 1
Research Interests:
We propose an extension of logic programming where the user can specify, together with the initial query, the information he is interested in by means of a request. This allows one to extract a result from an incomplete computation, such... more
We propose an extension of logic programming where the user can specify, together with the initial query, the information he is interested in by means of a request. This allows one to extract a result from an incomplete computation, such as the prefix of an infinite derivation. The classical property of independence of the selection rule doesn't hold anymore. It is shown that under mild conditions a class of selection rules can be identified for which independence holds. A model-theoretic semantics for the language is given. 1 Introduction The purpose of this paper is to present an extension of logic programming where it is possible to express a form of partial result. This is done by considering instead of the traditional successful derivations, where all subgoals are resolved, so-called adequate derivations, where possibly some subgoals remain. The intuition is that an adequate derivation is similar to a derivation in a lazy functional language, like for instance Haskell, whe...
Research Interests:
In this paper we show, among other things, that logical structures such as di erence lists have a natural counterpart in lazy functional programs; i.e. that most programs using di erence-lists are functional in nature. This shows... more
In this paper we show, among other things, that logical structures such as di erence lists have a natural counterpart in lazy functional programs; i.e. that most programs using di erence-lists are functional in nature. This shows immediately that many common non-well-moded programs are functional in nature and that well-modedness is thus not a necessary attribute of those logic programs behaving functionally. We do this by employing a straightforward { literal { translation of moded logic programs ...
Research Interests:
Protection of society against natural and man-made disasters is high on the societal and political agenda. Effective crisis management is more important than ever. Nowadays, crisis organisations depend crucially on reliable telecom... more
Protection of society against natural and man-made disasters is high on the societal and political agenda. Effective crisis management is more important than ever. Nowadays, crisis organisations depend crucially on reliable telecom services, and unexpected failure of telecommunication may have serious consequences. In order not to be caught unprepared, crisis organisations should therefore perform a risk assessment on telecom availability. Unfortunately, assessment of availability risks of modern, multi-operator telecom services is difficult; information sources are unreliable, and the relevant information is uncertain and difficult to obtain. This paper describes some of these difficulties, as well as the requirements of availability risk assessment methods for crisis telecommunication services. The paper outlines a new method that can be applied without requiring full knowledge of the physical layout of the telecom infrastructure. This new method relies on telecom service diagrams...
Research Interests:
Telecommunication services are essential to modern information systems, especially so for crisis management. Telecoms systems are complex and difficult to analyse. Current risk assessment methods are either not used because of their... more
Telecommunication services are essential to modern information systems, especially so for crisis management. Telecoms systems are complex and difficult to analyse. Current risk assessment methods are either not used because of their complexity, or lack rigorous argumentation to justify their results because they are oversimplified. Our challenge has been to develop a risk assessment method that is both usable in practice and delivers understandable arguments to explain and justify its risk evaluations. After experiments to validate the method in laboratory environments, we now present the first results from successful application with practitioners in a regional crisis organization that provides evidence about the practical usability of the method.
Research Interests:
Crisis organisations depend on telecommunication services; unavailability of these services reduces the effectiveness of crisis response. Crisis organisations should therefore be aware of availability risks, and need a suitable risk... more
Crisis organisations depend on telecommunication services; unavailability of these services reduces the effectiveness of crisis response. Crisis organisations should therefore be aware of availability risks, and need a suitable risk assessment method. Such a method needs to be aware of the exceptional circumstances in which crisis organisations operate, and of the commercial structure of modern telecom services. We found that existing risk assessment methods are unsuitable for this problem domain. Hence, crisis organisations do not perform any risk assessment, trust their supplier, or rely on service level agreements, which are not meaningful during crisis situations. We have therefore developed a new risk assessment method, which we call RASTER. We have tested RASTER using a case study at the crisis organisation of a government agency, and improved the method based on the analysis of case results. Our initial validation suggests that the method can yield practical results.
Research Interests:
Industrial control systems have stringent safety and security demands. High safety assurance can be obtained by specifying the system with possible faults and monitoring it to ensure these faults are properly addressed. Addressing... more
Industrial control systems have stringent safety and security demands. High safety assurance can be obtained by specifying the system with possible faults and monitoring it to ensure these faults are properly addressed. Addressing security requires considering unpredictable attacker behavior. Anomaly detection, with its data driven approach, can detect simple unusual behavior and system-based attacks like the propagation of malware; on the other hand, anomaly detection is less suitable to detect more complex \emph{process-based} attacks and it provides little actionability in presence of an alert. The alternative to anomaly detection is to use specification-based intrusion detection, which is more suitable to detect process-based attacks, but is typically expensive to set up and less scalable. We propose to combine a lightweight formal system specification with anomaly detection, providing data-driven monitoring. The combination is based on mapping elements of the specification to e...
Research Interests:
We study a new programming framework based on logic programming where success and failure are replaced by predicates for adequacy and inadequacy. Adequacy allows to extract a result from a partial computation, and inadequacy allows to... more
We study a new programming framework based on logic programming where success and failure are replaced by predicates for adequacy and inadequacy. Adequacy allows to extract a result from a partial computation, and inadequacy allows to flexibly constrain the search space. In this parameterized setting, the classical result of independence of the selection rule does not hold. We show that, under certain conditions, whenever there exists an adequate derivation there is one in which only so-called needed atoms are selected. This result is applied in a practical setting where adequacy is expressed using a notion of request.
Research Interests:
Input/Output is the mechanism through which Programmable Logic Controllers (PLCs) interact with and control the outside world. Particularly when employed in critical infrastructures, the I/O of PLCs has to be both reliable and secure.... more
Input/Output is the mechanism through which Programmable Logic Controllers (PLCs) interact with and control the outside world. Particularly when employed in critical infrastructures, the I/O of PLCs has to be both reliable and secure. PLCs I/O like other embedded devices are controlled by a pin based approach. In this paper, we investigate the security implications of the PLC pin control system. In particular, we show how an attacker can tamper with the integrity and availability of PLCs I/O by exploiting certain pin control operations and the lack of hardware interrupts associated to them.
Research Interests:
... 1 Security Group, TNO ICT, The Netherlands marnix.dekker@tno.nl 2 Department of Computer Science, University of Twente, The Netherlands sandro.etalle@utwente.nl ... Stufflebeam, WH, Antón, AI, He, Q., Jain, N.: Specifying privacy... more
... 1 Security Group, TNO ICT, The Netherlands marnix.dekker@tno.nl 2 Department of Computer Science, University of Twente, The Netherlands sandro.etalle@utwente.nl ... Stufflebeam, WH, Antón, AI, He, Q., Jain, N.: Specifying privacy policies with P3P and EPAL: lessons learned ...
Research Interests:
Abstract The management of health information has shifted from the use of paper-based to interconnected Electronic Health Record (EHR) systems. The ease with which patients' sensitive health information is accessible in EHR... more
Abstract The management of health information has shifted from the use of paper-based to interconnected Electronic Health Record (EHR) systems. The ease with which patients' sensitive health information is accessible in EHR systems, has raised concerns about the ...
... MISC{Delzanno29transforminga, author = {Giorgio Delzanno and Sandro Etalle}, title = {Transforming a Proof System into Prolog for Verifying Security Protocols}, year = {29} }. ... 756, Using encryption for authentication in large... more
... MISC{Delzanno29transforminga, author = {Giorgio Delzanno and Sandro Etalle}, title = {Transforming a Proof System into Prolog for Verifying Security Protocols}, year = {29} }. ... 756, Using encryption for authentication in large networks of computers Needham, Schroeder - 1978. ...
Research Interests:
Research Interests:
In the vision of an ambient intelligent world, innumerable small interconnected devices will surround us and support us in our daily tasks and while at leisure. To do so, these devices need to know and exchange our personal preferences.... more
In the vision of an ambient intelligent world, innumerable small interconnected devices will surround us and support us in our daily tasks and while at leisure. To do so, these devices need to know and exchange our personal preferences. Moreover, without any built-in countermeasures these devices are more than able to collect much more private information. This paper presents the
Research Interests:
Research Interests:
ABSTRACT
Research Interests:
Inter-library loan involves interaction among a dynamic number of digital libraries and users. Therefore, inter-library service management is complex. We need to handle different and conflicting requirements of services from the digital... more
Inter-library loan involves interaction among a dynamic number of digital libraries and users. Therefore, inter-library service management is complex. We need to handle different and conflicting requirements of services from the digital libraries and users. To resolve this problem, we present the concept of a packager who acts as a service broker. We also present an implementation using our Prolog
Research Interests:
Research Interests:
Research Interests:
In [3] a general fold operation has been introduced for definite programs wrt computed answer substitution semantics. It differs from the fold operation defined by Tamaki and Sato in [26,25] because its application does not depend on the... more
In [3] a general fold operation has been introduced for definite programs wrt computed answer substitution semantics. It differs from the fold operation defined by Tamaki and Sato in [26,25] because its application does not depend on the transformation history. This paper extends the results in [3] by giving a more powerful sufficient condition for the preservation of computed answer substitutions. Such a condition is meant to deal with the critical case when the atom introduced by folding depends on the clause to which the fold applies. The condition compares the dependency degree between the fonding atom and the folded clause, with the semantic delay between the folding atom and the ones to be folded. The result is also extended to a more general replacement operation, by showing that it can be decomposed into a sequence of definition, general folding and unfolding operations.
Several formal approaches have been proposed to analyse security protocols, eg 2, 7, 11, 1, 6, 12. Recently, a great interest has been growing on the use of constraint solving approach. Initially proposed by Millen and Shmatikov 9, this... more
Several formal approaches have been proposed to analyse security protocols, eg 2, 7, 11, 1, 6, 12. Recently, a great interest has been growing on the use of constraint solving approach. Initially proposed by Millen and Shmatikov 9, this approach allows analysis of a finite ...
Research Interests:
Research Interests:
Research Interests:
... Rules for Integrity Maintenance Luciano Caroprese, Sergio Greco, Cristina Sirangelo, Ester Zumpano ... Programming to Superoptimisation Martin Brain, Tom Crick, Marina De Vos, John ... Functional-Logic Programming Rafael Caballero,... more
... Rules for Integrity Maintenance Luciano Caroprese, Sergio Greco, Cristina Sirangelo, Ester Zumpano ... Programming to Superoptimisation Martin Brain, Tom Crick, Marina De Vos, John ... Functional-Logic Programming Rafael Caballero, Mario Rodrıguez Artalejo, Rafael del Vado ...
... Systems Emmanuele Zambon University of Twente IS Group emmanuele.zambon@utwente. nl Damiano Bolzoni, Sandro Etalle University of Twente DIES Group {damiano.bolzoni, sandro.etalle} @utwente.nl Marco Salvato KPMG Italia Spa... more
... Systems Emmanuele Zambon University of Twente IS Group emmanuele.zambon@utwente. nl Damiano Bolzoni, Sandro Etalle University of Twente DIES Group {damiano.bolzoni, sandro.etalle} @utwente.nl Marco Salvato KPMG Italia Spa msalvato@kpmg.it Abstract ...
Research Interests:
Industrial Control Systems (ICS) are used for operating and monitoring industrial processes. Recent reports state that current ICS infrastructures are not sufficiently protected against cyber threats. Unfortunately, due to the specific... more
Industrial Control Systems (ICS) are used for operating and monitoring industrial processes. Recent reports state that current ICS infrastructures are not sufficiently protected against cyber threats. Unfortunately, due to the specific nature of these systems, the application of common security countermeasures is often not effective. This paper summarizes experiences over a series of research efforts for building tools and mechanisms to improve the security and awareness in ICS. In particular, we discuss challenges and opportunities identified during an extensive analysis of ICS data resources. We believe that such insights are valuable for further research in the ICS context.
Research Interests:
Research Interests:
... To compare models, PAYL uses a simplified version of the Mahalanobis distance, which has the ... comparing two neighbour-ing models using the Manhattan distance, if the distance is smaller ... involves the combination of two different... more
... To compare models, PAYL uses a simplified version of the Mahalanobis distance, which has the ... comparing two neighbour-ing models using the Manhattan distance, if the distance is smaller ... involves the combination of two different techniques: a self-organizing map and the ...