Giampaolo Bella
YOU?
Author Swipe
View article: Poster: Machine Learning for Vulnerability Detection as Target Oracle in Automated Fuzz Driver Generation
Poster: Machine Learning for Vulnerability Detection as Target Oracle in Automated Fuzz Driver Generation Open
In vulnerability detection, machine learning has been used as an effective static analysis technique, although it suffers from a significant rate of false positives. Contextually, in vulnerability discovery, fuzzing has been used as an eff…
View article: To See or Not to See: A Privacy Threat Model for Digital Forensics in Crime Investigation
To See or Not to See: A Privacy Threat Model for Digital Forensics in Crime Investigation Open
Digital forensics is a cornerstone of modern crime investigations, yet it raises significant privacy concerns due to the collection, processing, and storage of digital evidence. Despite that, privacy threats in digital forensics crime inve…
View article: The SPADA methodology for threat modelling
The SPADA methodology for threat modelling Open
As individuals engage with innovative technologies, including smart cars and smart homes, a comprehensive treatment of the threats to their privacy becomes increasingly urgent. This article recognises the relevance of security and, in part…
View article: Not Sure Your Car Withstands Cyberwarfare
Not Sure Your Car Withstands Cyberwarfare Open
Data and derived information about target victims has always been key for successful attacks, both during historical wars and modern cyber wars. Ours turns out to be an era in which modern cars generate a plethora of data about their drive…
View article: Behind the (Digital Crime) Scenes: An MSC Model
Behind the (Digital Crime) Scenes: An MSC Model Open
Criminal investigations are inherently complex as they typically involve\ninteractions among various actors like investigators, prosecutors, and\ndefendants. The pervasive integration of technology in daily life adds an extra\nlayer of com…
View article: A behaviouristic semantic approach to blockchain-based e-commerce
A behaviouristic semantic approach to blockchain-based e-commerce Open
Electronic commerce and finance are progressively supporting and including decentralized, shared and public ledgers such as the blockchain. This is reshaping traditional commercial activities by advancing them towards Decentralized Finance…
View article: The IoT Breaches Your Household Again
The IoT Breaches Your Household Again Open
Despite their apparent simplicity, devices like smart light bulbs and electrical plugs are often perceived as exempt from rigorous security measures. However, this paper challenges this misconception, uncovering how vulnerabilities in thes…
View article: Up-to-date Threat Modelling for Soft Privacy on Smart Cars
Up-to-date Threat Modelling for Soft Privacy on Smart Cars Open
Physical persons playing the role of car drivers consume data that is sourced from the Internet and, at the same time, themselves act as sources of relevant data. It follows that citizens' privacy is potentially at risk while they drive, h…
View article: Towards Grammatical Tagging for the Legal Language of Cybersecurity
Towards Grammatical Tagging for the Legal Language of Cybersecurity Open
Legal language can be understood as the language typically used by those engaged in the legal profession and, as such, it may come both in spoken or written form. Recent legislation on cybersecurity obviously uses legal language in writing…
View article: An Ontological Approach to Compliance Verification of the NIS 2 Directive
An Ontological Approach to Compliance Verification of the NIS 2 Directive Open
Cybersecurity, which notoriously concerns both human and technological aspects, is becoming more and more regulated by a number of textual documents spanning several pages, such as the European GDPR Regulation and the NIS Directive. This p…
View article: A behaviouristic approach to representing processes and procedures in the OASIS 2 ontology
A behaviouristic approach to representing processes and procedures in the OASIS 2 ontology Open
Foundational ontologies devoted to the effective representation of processes and procedures are not widely investigated at present, thereby limiting the practical adoption of semantic approaches in real scenarios where the precise instruct…
View article: An automated method for the ontological representation of security directives
An automated method for the ontological representation of security directives Open
Large documents written in juridical language are difficult to interpret, with long sentences leading to intricate and intertwined relations between the nouns. The present paper frames this problem in the context of recent European securit…
View article: Towards Grammatical Tagging for the Legal Language of Cybersecurity
Towards Grammatical Tagging for the Legal Language of Cybersecurity Open
Legal language can be understood as the language typically used by those engaged in the legal profession and, as such, it may come both in spoken or written form. Recent legislation on cybersecurity obviously uses legal language in writing…
View article: A Threat Model for Soft Privacy on Smart Cars
A Threat Model for Soft Privacy on Smart Cars Open
Modern cars are getting so computerised that ENISA's phrase "smart cars" is a perfect fit. The amount of personal data that they process is very large and, yet, increasing. Hence, the need to address citizens' privacy while they drive and,…
View article: The ontology for agents, systems and integration of services: OASIS version 2$
The ontology for agents, systems and integration of services: OASIS version 2$ Open
Semantic representation is a key enabler for several application domains, and the multi-agent systems realm makes no exception. Among the methods for semantically representing agents, one has been essentially achieved by taking a behaviour…
View article: Brenner Base Tunnel, Lots Mules 2-3 (Italy): The construction experience of the emergency stop in Trens
Brenner Base Tunnel, Lots Mules 2-3 (Italy): The construction experience of the emergency stop in Trens Open
The Brenner Base Tunnel (BBT) incorporates the latest safety standards in tunnelling. The project consists of two main tunnels, an exploratory tunnel and four adits. The operational safety plan of the BBT includes the construction of cross…
View article: How to Model Privacy Threats in the Automotive Domain
How to Model Privacy Threats in the Automotive Domain Open
This paper questions how to approach threat modelling in the automotive domain at both an abstract level that features no domain-specific entities such as the CAN bus and, separately, at a detailed level. It addresses such questions by con…
View article: PETIoT: PEnetration Testing the Internet of Things
PETIoT: PEnetration Testing the Internet of Things Open
Attackers may attempt exploiting Internet of Things (IoT) devices to operate them unduly as well as to gather personal data of the legitimate device owners'. Vulnerability Assessment and Penetration Testing (VAPT) sessions help to verify t…
View article: PETIoT: PEnetration Testing the Internet of Things
PETIoT: PEnetration Testing the Internet of Things Open
Attackers may attempt exploiting Internet of Things (IoT) devices to operate them unduly as well as to gather personal data of the legitimate device owners'. Vulnerability Assessment and Penetration Testing (VAPT) sessions help to verify t…
View article: Evaluating the Fork-Awareness of Coverage-Guided Fuzzers
Evaluating the Fork-Awareness of Coverage-Guided Fuzzers Open
Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the yea…
View article: A Double Assessment of Privacy Risks Aboard Top-Selling Cars
A Double Assessment of Privacy Risks Aboard Top-Selling Cars Open
The advanced and personalised experience that modern cars offer makes them more and more data-hungry. For example, the cabin preferences of the possible drivers must be recorded and associated to some identity, while such data could be exp…