Program | 4th, 5th, 6th, 7th February

Tutorial outline

In the “2015 Italian Cybersecurity Report” [2] CIS Sapienza and CINI Cybersecurity National Lab proposed the National Cybersecurity Framework (Framework Nazionale per la Cybersecurity, FNCS), based on the NIST Framework for Improving Critical Infrastructure Cybersecurity [3].

FNCS expands NIST’s Framework to better adapt to the Italian landscape, extending its applicability to a wider range of organizations, ranging from market leaders and large organization to small and medium-sized enterprises. It also introduces the concept of “contextualization”, which is the way to tailor the Framework to the context of a specific organization. In 2019 a new version of the National Cybersecurity Framework has been issued, the National Cybersecurity and Data Protection Framework v 2.0 (FNCSDP) [1]

Nonetheless important aspects like data protection and data privacy were not comprehensively considered, due to a not complete view on the intersection between cybersecurity & data protection/privacy. The raising in importance of these two themes and the new steam produced by recent international regulations led the effort of producing a new version of the FNCS.

The Framework has been updated, aligning it with the new version of the NIST Framework (version 1.1) [4] and the evolved EU and Italian regulatory landscape.

Moreover, as a result of a joint work with the Italian Data Protection Authority <https://www.garanteprivacy.it>, the Framework has been further extended, encompassing data protection elements in its core, thus becoming the National Cybersecurity and Data Protection Framework (FNCSDP). Finally, a “template” for the creation of contextualizations which incorporates the EU General Data Protection Regulation (GDPR) < Regulation (EU) 2016/679> (GDPR Contextualization Template) has been proposed.

The tutorial will have the following structure

• Illustration of the characteristics and advantages of the new Framework for Cybersecurity and Data Protection, highlighting changes and improvements over the previous version, and introduction of its basic concepts.
• Discussion of the process a cybersecurity and data protection assessment in a generic organization using the framework, providing guidelines and best practices for a beginner audience.
• Introduction and discussion of the more advanced aspects of the framework, like the modeling of a regulation or technical standard through a “Contextualization Template”, a base for the creation of a contextualization that contains general and mandatory aspects to consider and must be expanded during the actual contextualization process considering the specificity of the organization on which is applied the FNCSDP, the strategies for combining different contextualization templates into a contextualization, and the metrics for evaluating the results of the assessment.

Intended audience

Expected attendants encompass people belonging to the following classes:

• Regulators, possibly interested in how the existing regulations are mapped and reported in model for managing the security and data protection governance.
• Security governance: interested in the evolution FNCS and the new concepts captured by the new core.
• Data Protection governance interested in the data protection concepts and processes and how they can be integrated in the already existing cyber-security governance processes.

Speakers Bio

Marco ANGELINI is a post-doctoral researcher in Engineering in Computer Science at University of Rome “La Sapienza”, Italy, Department of Computer, Control and Management Sciences & Engineering. He is a researcher in the Centre for Cyber-Intelligence and Security (CIS) of University of Rome “La Sapienza”, where he successfully participated the EU FP-7 project “PANOPTESEC”, providing automatic detection, management and reaction to cyber-threats for Critical Infrastructures. His main research interests include Visual analytics (the process of combining visualization of information, interaction by user and analytical computation for solving heavy computational problems) and Cyber-Security (focused on designing visual analytics solutions for cyber-defense of critical infrastructures, open-source intelligence and malware analysis).Marco Angelini is a member and coordinates research projects of the A.WA.RE (Advanced Visualization & Visual Analytics REsearch) research group at University of Rome “La Sapienza”. Marco Angelini is member of CINI Cybersecurity National Laboratory, where he coordinates national projects with the goal of strengthening the Cyber- Security status of an organization, both in public and private sectors. He is the responsible of “CyberReadiness.IT”, a project of CINI Cybersecurity National Laboratory with the goal of assessing the cybersecurity readiness of the human substrate of an organization. As a result of his activities, Dr. Marco Angelini has published more than 40 papers, including 10 peer-reviewed journal papers and 30 peer-reviewed conference papers in international journals and conferences. More about him can be found at https://sites.google.com/dis.uniroma1.it/angelini.

Claudio CICCOTELLI is a post-doctoral researcher at Sapienza University of Rome, where he is a member of the Cyber Intelligence and Information Security research center. He got his PhD in 2017, at the same University, with a thesis on practical approaches for fault detection and diagnosis in data centers. His main research interests include critical infrastructure protection and cyber-physical security (IACS/SCADA security), mobile security and dependability of complex systems.

Leonardo QUERZONI is assistant professor at Sapienza University of Rome. He got his PhD in 2007 with a thesis on efficient solutions for publish/subscribe data dissemination. His research interests range from cyber security to distributed systems and focus, in particular, on topics that include binary similarity, distributed stream processing, dependability and security in distributed systems. He authored more than 80 paper published in international scientific journals and conferences. In 2016 he co- authored the Italian National Framework for Cyber Security as member of Cyber Intelligence and Information Security research center at Sapienza University of Rome. In 2017 he got the Test of Time Award from the ACM International Conference on Distributed Event-Based Systems for the paper “TERA: topic-based event routing for peer-to-peer architectures”, published in 2007. In 2014 he was general chair for the International Conference on Principles of Distributed Systems, and in 2019 he will be program co-chair for the ACM International Conference on Distributed Event-Based Systems.

References

[1] CIS Sapienza and CINI Cybersecurity National Laboratory, 2018 National Cybersecurity and Data Protection Framework (version 2.0), 2019.

[2] CIS Sabienza and CINI Cybersecurity National Laboratory, 2015 Italian Cybersecurity Report – Un Framework Nazionale per la Cyber Security, 2015.

[3] NIST, Framework for Improving Critical Infrastructure Cycbersecurity (Version 1.0), 2014.

[4] NIST, Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1), 2018.

Presentazione

Sorveglianza di Stato, sicurezza delle telecomunicazioni, protezione delle fonti. Questo seminario affronterà in modo pragmatico i problemi con cui i giornalisti hanno a che fare ogni giorno nello svolgimento del loro mestiere. Dagli hacker agli strumenti d’intercettazione, la stampa nazionale è continuamente esposta ai rischi di una scarsa conoscenza di chi potrebbe volerci attaccare e di quali strumenti può disporre. Per questo, durante l’incontro si esamineranno alcuni metodi di prevenzione e di analisi delle minacce, con particolare attenzione sia alle nozioni teoriche di base sia agli strumenti pratici di protezione delle nostre attività. Più di ogni cosa, è necessaria una consapevolezza generale di quali errori umani è bene evitare per fare sì che dispositivi ritenuti sicuri non si trasformino in gravi falle, che possono mettere a repentaglio un’inchiesta o la stessa identità dei propri informatori.

Relatori:

Raffaele Angius: Giornalista freelance per Repubblica, La Stampa, Wired e Agi, Raffaele Angius è specializzato nell’impiego di strumenti informatici per la protezione delle fonti e delle telecomunicazioni. Nel 2018 ha creato ItaliaLeaks, la piattaforma di Agi per la raccolta di segnalazioni anonime su corruzione e criminalità organizzata. Oggi è curatore di RegeniFiles, l’iniziativa di Repubblica in collaborazione con la famiglia Regeni dedicata alla raccolta di informazioni sulle violazioni dei diritti umani in Egitto e sull’omicidio di Giulio Regeni. Come giornalista, scrive principalmente di crimini informatici, diritti umani digitali e sorveglianza di Stato, ed è membro dell’Hermes Center for Transparency and Digital Human Rights, con il quale collabora alla diffusione di strumenti per la protezione del lavoro giornalistico e delle fonti. Social: @faffa42

Fabio Pietrosanti: Presidente e co-fondatore del Centro Hermes per la Trasparenza e i Diritti Umani Digitali, è attivo in diversi progetti per la diffusione di consapevolezza, strumenti e tecnologie a supporto della libertà di espressione e della trasparenza. Membro di Transparency International Italia, gestore di nodi di anonimato Tor e di pubblicazione anonima Tor2web, è fra i fondatori del progetto di Whistleblowing GlobaLeaks, oggi in uso tanto nel mondo del giornalismo, dell’attivismo quanto nella pubblica amministrazione con finalità di contrasto della corruzione. Si occupa di innovazione tecnologica, progettazione software nell’ambito del whistleblowing, della tutela della riservatezza delle informazioni e dell’anonimato digitale. Veterano del mondo dell’hacking e del software libero, ha partecipato a progetti e community quali sikurezza.org, s0ftpj, Progetto Winston Smith, Metro Olografix. Professionalmente ha avuto esperienze come network security manager, senior security advisor, imprenditore e CTO di una startup impegnata nello sviluppo di sistemi di cifratura delle telefonate cellulari.

Presentazione

Una giornata dedicata alle PMI delle Marche all’interno della più importante conferenza italiana dedicata alla sicurezza informatica con 2 momenti di approfondimento sui temi della Social Media Intelligence (il mattino) e degli attuali scenari della cybersecurity e della privacy nel mondo delle PMI italiane e della PA (il pomeriggio).

Esempi applicativi, casi di studio e nuovi scenari saranno presentati da un panel di relatori che uniscono le competenze delle università e degli enti del territorio a nomi di fama nazionale e internazionale.

Co-Organizers: PID Marche, Marche Chamber of Commerce, Marche Region, Marche Polytechnic University, University of Camerino, University of Chieti-Pescara

Relatori

Emanuele FRONTONI
Luca SPALAZZI
Antonio TETI
Mario CALIGIURI

Tutorial outline

In the “2015 Italian Cybersecurity Report” [2] CIS Sapienza and CINI Cybersecurity National Lab proposed the National Cybersecurity Framework (Framework Nazionale per la Cybersecurity, FNCS), based on the NIST Framework for Improving Critical Infrastructure Cybersecurity [3].

FNCS expands NIST’s Framework to better adapt to the Italian landscape, extending its applicability to a wider range of organizations, ranging from market leaders and large organization to small and medium-sized enterprises. It also introduces the concept of “contextualization”, which is the way to tailor the Framework to the context of a specific organization. In 2019 a new version of the National Cybersecurity Framework has been issued, the National Cybersecurity and Data Protection Framework v 2.0 (FNCSDP) [1]

Nonetheless important aspects like data protection and data privacy were not comprehensively considered, due to a not complete view on the intersection between cybersecurity & data protection/privacy. The raising in importance of these two themes and the new steam produced by recent international regulations led the effort of producing a new version of the FNCS.

The Framework has been updated, aligning it with the new version of the NIST Framework (version 1.1) [4] and the evolved EU and Italian regulatory landscape.

Moreover, as a result of a joint work with the Italian Data Protection Authority <https://www.garanteprivacy.it>, the Framework has been further extended, encompassing data protection elements in its core, thus becoming the National Cybersecurity and Data Protection Framework (FNCSDP). Finally, a “template” for the creation of contextualizations which incorporates the EU General Data Protection Regulation (GDPR) < Regulation (EU) 2016/679> (GDPR Contextualization Template) has been proposed.

The tutorial will have the following structure

• Illustration of the characteristics and advantages of the new Framework for Cybersecurity and Data Protection, highlighting changes and improvements over the previous version, and introduction of its basic concepts.
• Discussion of the process a cybersecurity and data protection assessment in a generic organization using the framework, providing guidelines and best practices for a beginner audience.
• Introduction and discussion of the more advanced aspects of the framework, like the modeling of a regulation or technical standard through a “Contextualization Template”, a base for the creation of a contextualization that contains general and mandatory aspects to consider and must be expanded during the actual contextualization process considering the specificity of the organization on which is applied the FNCSDP, the strategies for combining different contextualization templates into a contextualization, and the metrics for evaluating the results of the assessment.

Intended audience

Expected attendants encompass people belonging to the following classes:

• Regulators, possibly interested in how the existing regulations are mapped and reported in model for managing the security and data protection governance.
• Security governance: interested in the evolution FNCS and the new concepts captured by the new core.
• Data Protection governance interested in the data protection concepts and processes and how they can be integrated in the already existing cyber-security governance processes.

Speakers Bio

Marco ANGELINI is a post-doctoral researcher in Engineering in Computer Science at University of Rome “La Sapienza”, Italy, Department of Computer, Control and Management Sciences & Engineering. He is a researcher in the Centre for Cyber-Intelligence and Security (CIS) of University of Rome “La Sapienza”, where he successfully participated the EU FP-7 project “PANOPTESEC”, providing automatic detection, management and reaction to cyber-threats for Critical Infrastructures. His main research interests include Visual analytics (the process of combining visualization of information, interaction by user and analytical computation for solving heavy computational problems) and Cyber-Security (focused on designing visual analytics solutions for cyber-defense of critical infrastructures, open-source intelligence and malware analysis).Marco Angelini is a member and coordinates research projects of the A.WA.RE (Advanced Visualization & Visual Analytics REsearch) research group at University of Rome “La Sapienza”. Marco Angelini is member of CINI Cybersecurity National Laboratory, where he coordinates national projects with the goal of strengthening the Cyber- Security status of an organization, both in public and private sectors. He is the responsible of “CyberReadiness.IT”, a project of CINI Cybersecurity National Laboratory with the goal of assessing the cybersecurity readiness of the human substrate of an organization. As a result of his activities, Dr. Marco Angelini has published more than 40 papers, including 10 peer-reviewed journal papers and 30 peer-reviewed conference papers in international journals and conferences. More about him can be found at https://sites.google.com/dis.uniroma1.it/angelini.

Claudio CICCOTELLI is a post-doctoral researcher at Sapienza University of Rome, where he is a member of the Cyber Intelligence and Information Security research center. He got his PhD in 2017, at the same University, with a thesis on practical approaches for fault detection and diagnosis in data centers. His main research interests include critical infrastructure protection and cyber-physical security (IACS/SCADA security), mobile security and dependability of complex systems.

Leonardo QUERZONI is assistant professor at Sapienza University of Rome. He got his PhD in 2007 with a thesis on efficient solutions for publish/subscribe data dissemination. His research interests range from cyber security to distributed systems and focus, in particular, on topics that include binary similarity, distributed stream processing, dependability and security in distributed systems. He authored more than 80 paper published in international scientific journals and conferences. In 2016 he co- authored the Italian National Framework for Cyber Security as member of Cyber Intelligence and Information Security research center at Sapienza University of Rome. In 2017 he got the Test of Time Award from the ACM International Conference on Distributed Event-Based Systems for the paper “TERA: topic-based event routing for peer-to-peer architectures”, published in 2007. In 2014 he was general chair for the International Conference on Principles of Distributed Systems, and in 2019 he will be program co-chair for the ACM International Conference on Distributed Event-Based Systems.

References

[1] CIS Sapienza and CINI Cybersecurity National Laboratory, 2018 National Cybersecurity and Data Protection Framework (version 2.0), 2019.

[2] CIS Sabienza and CINI Cybersecurity National Laboratory, 2015 Italian Cybersecurity Report – Un Framework Nazionale per la Cyber Security, 2015.

[3] NIST, Framework for Improving Critical Infrastructure Cycbersecurity (Version 1.0), 2014.

[4] NIST, Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1), 2018.

Blockchain-based registries of user choices and their challenges
Andrea Vitaletti, Maurizio Pizzonia, Albenzio Cirillo, Marco Zecchini and Diego Pennino

Towards the formalization of the XRP ledger consensus protocol
Lara Mauri, Stelvio Cimato and Ernesto Damiani

The open legal challenges of pursuing AML/CFT accountability within privacy-enhanced IoM ecosystems
Nadia Pocher

A simulation-based and data-driven framework for enabling the analysis and design of business
processes based on blockchain and smart contracts solutions
Luciano Argento, Sabrina Graziano, Alfredo Garro, Antonella Guzzo, Francesco Pasqua and Domenico Saccà

A blockchain based recommendation system
Paolo Mori, Laura Ricci, Andrea De Salve and Andrea Lisi

Securing the art market with public ledgers
Marino Miculan and Daniel Tosone

Ensuring personal data anonymity in data marketplaces through sensing-as-a-service and
distributed ledger technologies
Mirko Zichichi, Michele Contu, Stefano Ferretti and Víctor Rodríguez-Doncel

Acknowledging value of personal information: a privacy aware data market for health and social
research
Francesco Bruschi, Vincenzo Rana, Alessio Pagani and Donatella Sciuto

VeriOSS: using the blockchain to foster bug bounty programs
Andrea Canidio, Gabriele Costa and Letterio Galletta

Security analysis of a blockchain-based protocol for the certification of academic credentials
Marco Baldi, Franco Chiaraluce, Migelan Kodra and Luca Spalazzi

Modera: Franco Chiaraluce

Presentazione

Sorveglianza di Stato, sicurezza delle telecomunicazioni, protezione delle fonti. Questo seminario affronterà in modo pragmatico i problemi con cui i giornalisti hanno a che fare ogni giorno nello svolgimento del loro mestiere. Dagli hacker agli strumenti d’intercettazione, la stampa nazionale è continuamente esposta ai rischi di una scarsa conoscenza di chi potrebbe volerci attaccare e di quali strumenti può disporre. Per questo, durante l’incontro si esamineranno alcuni metodi di prevenzione e di analisi delle minacce, con particolare attenzione sia alle nozioni teoriche di base sia agli strumenti pratici di protezione delle nostre attività. Più di ogni cosa, è necessaria una consapevolezza generale di quali errori umani è bene evitare per fare sì che dispositivi ritenuti sicuri non si trasformino in gravi falle, che possono mettere a repentaglio un’inchiesta o la stessa identità dei propri informatori.

Relatori:

Raffaele Angius: Giornalista freelance per Repubblica, La Stampa, Wired e Agi, Raffaele Angius è specializzato nell’impiego di strumenti informatici per la protezione delle fonti e delle telecomunicazioni. Nel 2018 ha creato ItaliaLeaks, la piattaforma di Agi per la raccolta di segnalazioni anonime su corruzione e criminalità organizzata. Oggi è curatore di RegeniFiles, l’iniziativa di Repubblica in collaborazione con la famiglia Regeni dedicata alla raccolta di informazioni sulle violazioni dei diritti umani in Egitto e sull’omicidio di Giulio Regeni. Come giornalista, scrive principalmente di crimini informatici, diritti umani digitali e sorveglianza di Stato, ed è membro dell’Hermes Center for Transparency and Digital Human Rights, con il quale collabora alla diffusione di strumenti per la protezione del lavoro giornalistico e delle fonti. Social: @faffa42

Fabio Pietrosanti: Presidente e co-fondatore del Centro Hermes per la Trasparenza e i Diritti Umani Digitali, è attivo in diversi progetti per la diffusione di consapevolezza, strumenti e tecnologie a supporto della libertà di espressione e della trasparenza. Membro di Transparency International Italia, gestore di nodi di anonimato Tor e di pubblicazione anonima Tor2web, è fra i fondatori del progetto di Whistleblowing GlobaLeaks, oggi in uso tanto nel mondo del giornalismo, dell’attivismo quanto nella pubblica amministrazione con finalità di contrasto della corruzione. Si occupa di innovazione tecnologica, progettazione software nell’ambito del whistleblowing, della tutela della riservatezza delle informazioni e dell’anonimato digitale. Veterano del mondo dell’hacking e del software libero, ha partecipato a progetti e community quali sikurezza.org, s0ftpj, Progetto Winston Smith, Metro Olografix. Professionalmente ha avuto esperienze come network security manager, senior security advisor, imprenditore e CTO di una startup impegnata nello sviluppo di sistemi di cifratura delle telefonate cellulari.

Presentazione

Una giornata dedicata alle PMI delle Marche all’interno della più importante conferenza italiana dedicata alla sicurezza informatica con 2 momenti di approfondimento sui temi della Social Media Intelligence (il mattino) e degli attuali scenari della cybersecurity e della privacy nel mondo delle PMI italiane e della PA (il pomeriggio).

Esempi applicativi, casi di studio e nuovi scenari saranno presentati da un panel di relatori che uniscono le competenze delle università e degli enti del territorio a nomi di fama nazionale e internazionale.

Co-Organizers: PID Marche, Marche Chamber of Commerce, Marche Region, Marche Polytechnic University, University of Camerino, University of Chieti-Pescara

Relatori

Marina PAOLANTI
Roberto PIERDICCA
Mirco STURARI
Francesco ARRUZZOLI
Cristiano ORLANDI

Presentazione

Una giornata dedicata alle PMI delle Marche all’interno della più importante conferenza italiana dedicata alla sicurezza informatica con 2 momenti di approfondimento sui temi della Social Media Intelligence (il mattino) e degli attuali scenari della cybersecurity e della privacy nel mondo delle PMI italiane e della PA (il pomeriggio).

Esempi applicativi, casi di studio e nuovi scenari saranno presentati da un panel di relatori che uniscono le competenze delle università e degli enti del territorio a nomi di fama nazionale e internazionale.

Co-Organizers: PID Marche, Marche Chamber of Commerce, Marche Region, Marche Polytechnic University, University of Camerino, University of Chieti-Pescara

Relatori

Giovanni LIBERTINI
Emilio FREZZA
Vincenzo CAMMILLACCI

Presenter

Prof. Massimiliano Rak associate professor at University of Campania Luigi Vanvitelli. His scientific activity is mainly focused on the analysis and design security and performance in System Architectures. He actively participate to international research groups and was member of several EU, National and Regional funded projects, moreover, he coordinated the SPECS FP7 European project. Massimiliano Rak has published more than 150 papers in conferences, books and international journals.

Short Description

Recent software development methodologies, as DevOps or Agile, are very popular and widely used, especially for the development of cloud services and applications, they can be hardly integrated with security design and risk management methodologies. Security techniques cannot easily automated and require big economic investments, due to the necessity of security experts in the development team and to the lack of automatic tools to evaluate risk and to assess security in the design and operation phases. This Tutorial aims at illustrating the techniques and tools developed in the context of SPECS and MUSA European projects that support the development of cloud application through a novel Security-by-Design methodology based on Security Service Level Agreements (SLAs). The technique illustrated in the tutorial will cover (semi-) automated risk analysis, Security assessment and security SLA evaluation. During the tutorial a simple and practical example of cloud application will be illustrated and developed. Participants will be invited to contribute to the development and check and use the tools.

Structure of the tutorial

The tutorial consists in 6 blocks of 30 minutes, 3 of them with oral speechs and 3 of them with hands on the tools.

• Module 1 (speech): security SLA Model and Concepts
• Module 2 (hands on): Security SLA Evaluation and security SLA of existing CSPs
• Module 3 (speech): SLA-based Security-by-Design Development Process
• Module 4 (hands on): Application Model and Automated Risk Analysis
• Module 5 (speech): Security Assessment procedure
• Module 6 (hands on): Security Assessment of a simple cloud application

Intended Audience

The target audience should have basic security competences. Competences on cloud technologies are welcome.

Programma

• Massimiliano Sala – La De Crifis e la crittanalisi italiana
• Andrea Visconti e Sergio Polese – Survey: Attacchi alle funzioni Hash
• Stefano Barbero – Methods for rotational cryptanalysis of ARX ciphers
• Roberto La Scala – Survey: Cifrari ed equazioni alle differenze
• Marco Cianfriglia – High Performance Computing nella crittoanalisi
• Giordano Santilli – Survey su attacchi alle curve ellittiche
• Domenica Sogiorno – Una famiglia di chiavi deboli nel Bitcoin
• Michele Elia e Nadir Murru – RSA cryptanalysis and factoring: a survey

Organizers

• Andrea Visconti (University of Milan)
• Marco Pedicini (University of Roma Tre)
• Roberto La Scala (University of Bari Aldo Moro)

More info

www.decifris.it/2020/crittanalisi2020.html

Nowadays, the volume of the multimedia heterogeneous evidence presented for digital forensic analysis has significantly increased, thus requiring the application of big data technologies, cloud-based forensics services, as well as Deep Learning techniques. In digital forensics domain, Deep Neural Networks (DNN) has been applied for cybercrime investigation such as child abuse investigations, malware classification, and image forensics. This tutorial covers topics at the frontier of research on DNN models in the context of digital forensics. The goal is to explain the principles behind solving forensic problems and give practical means for engineers and researchers (whose main competences may lie elsewhere), to apply the most powerful methods that have been developed in the last years. It will be presented and practically demonstrated how to formulate and solve image classification with freely available software that will be distributed to the participants of the tutorial.

Lecturers

• Introduction and Overview – Prof. Luca Spalazzi
• Deep Learning for Digital Forensics: Datasets, Representation, and Tasks – Prof. Emanuele Frontoni
• Deep Learning with Python for Image Classification – Dr. Marina Paolanti

Target Audience

The intended audience is academicians, graduate students and industrial researchers who are interested in the state-of-the-art deep learning techniques for information extraction and summarization in large forensics datasets. Audience with mathematical and theoretical inclination will enjoy the course as much as the audience with practical tendency.

Dalle rapine cibernetiche all’impresa altamente tecnologizzata, fare informazione richiede sempre più competenze e un dizionario consono a descriverne gli effetti. Quattro esperti si alterneranno sul palco per fornire le chiavi di lettura necessarie a raccontare altrettanti temi, sempre più centrali in televisione e sui giornali. Durante il workshop i giornalisti avranno l’opportunità di affrontare il significato di termini sempre più usati – e a volte abusati – e di approfondire le direttrici che definiscono il mondo delle startup, dell’intelligenza artificiale, della cybersecurity e dei big data.

Relatori

Big Data – Donato Malerba è direttore del Dipartimento di Informatica dell’Università degli studi di Bari Aldo Moro, dove insegna “Data Mining” nella laurea magistrale in Data Science. E’ direttore del Laboratorio Nazionale CINI su Big Data. È stato membro sia del consiglio dei direttori della Big Data Value Association e sia del consiglio della Public-Private Partnership Big Data Value dell?unione Europea. La sua attività scientifica riguarda principalmente la data science (machine learning, data mining e big data analytics) e sue molteplici applicazioni. Nel 2017 è stato promotore della scuola invernale su Big Data (BigDat 2017). Fa parte dello editorial board della rivista Machine Learning, ed è associate editor delle riviste Data Mining and Knowledge Discovery, e Knowledge and Information Systems.

Startup – Luca Zorloni è responsabile economia e internet per Wired Italia, segue con particolare interesse i campi relativi a telecomunicazioni, politiche digitali e privacy, Cina e aziende innovative. Cronista di formazione, sviluppa per Wired anche inchieste e approfondimenti data. In passato ha lavorato al Giorno, passando dalla cronaca locale all’economia, e ha collaborato con Forbes e Business Insider Italia.

Intelligenza Artificiale – Giorgio Giacinto è Professore Ordinario di Ingegneria Informatica presso l’Università degli Studi di Cagliari, e dal 1995 fa parte del gruppo di ricerca sul Pattern Recognition e le sue applicazioni (PRA Lab) del Dipartimento di Ingegneria Elettrica ed Elettronica (DIEE) dell’Università di Cagliari (http://pralab.diee.unica.it). E’ coordinatore del corso di Laurea Magistrale in Computer Engineering, Cybersecurity and Artificial Intelligence. La sua attività di ricerca si svolge principalmente nell’ambito del Pattern Recognition e Machine Learning per la Cybersecurity, sviluppando strumenti per l’analisi, rilevazione e classificazione di malware (sistemi Android, documenti in formato PDF e Office), strumenti per la protezione di applicazioni web, e strumenti per l’analisi di traffico DNS. Negli ultimi anni particolare attenzione è stata posta al tema dell’adversarial learning, che studia la sicurezza degli algoritmi di machine learning.

Cybersecurity – Raffaele Angius Giornalista freelance per Repubblica, La Stampa, Wired e Agi, Raffaele Angius è specializzato nell’impiego di strumenti informatici per la protezione delle fonti e delle telecomunicazioni. Nel 2018 ha creato ItaliaLeaks, la piattaforma di Agi per la raccolta di segnalazioni anonime su corruzione e criminalità organizzata. Oggi è curatore di RegeniFiles, l’iniziativa di Repubblica in collaborazione con la famiglia Regeni dedicata alla raccolta di informazioni sulle violazioni dei diritti umani in Egitto e sull’omicidio di Giulio Regeni. Come giornalista, scrive principalmente di crimini informatici, diritti umani digitali e sorveglianza di Stato, ed è membro dell’Hermes Center for Transparency and Digital Human Rights, con il quale collabora alla diffusione di strumenti per la protezione del lavoro giornalistico e delle fonti. Social: @faffa42

Workshop topics

• Cybersecurity readiness
• Cybersecurity awareness
• Cybersecurity training
• Cybersecurity assessment
• Human factors in Cybersecurity

Structure of the workshop

• Introduction
• Presentation of CyberReadiness.IT project and its methodology
• Interventions/Presentations of several stakeholders
• Presentation of initial results from the project (by several stakeholders)
• Q&A

Intended audience & duration

Expected attendants encompass people belonging to the following classes:

• Public regulators, for obtaining a map of the cybersecurity readiness level of their area of competence.
• Private organizations: for assessment and improvements of the cybersecurity readiness and awareness of the human strata of their organization.
• Security governance: interested in ways to integrate the human vulnerabilities analysis into their cybersecurity assessment procedures.
• Training & education: for proposing training activities focused on the human side of the problem, targeting specifically readiness, awareness and cybersecurity best practices.

Chairs Bio

Marco Angelini is a post-doctoral researcher in Engineering in Computer Science at University of Rome “La Sapienza”, Italy, Department of Computer, Control and Management Sciences & Engineering. He is a researcher in the Centre for Cyber-Intelligence and Security (CIS) of University of Rome “La Sapienza”, where he successfully participated the EU FP-7 project “PANOPTESEC”, providing automatic detection, management and reaction to cyber-threats for Critical Infrastructures. His main research interests include Visual analytics (the process of combining visualization of information, interaction by user and analytical computation for solving heavy computational problems) and Cyber-Security (focused on designing visual analytics solutions for cyber-defense of critical infrastructures, open-source intelligence and malware analysis).Marco Angelini is a member and coordinates research projects of the A.WA.RE (Advanced Visualization & Visual Analytics REsearch) research group at University of Rome “La Sapienza”. Marco Angelini is member of CINI Cybersecurity National Laboratory, where he coordinates national projects with the goal of strengthening the Cyber- Security status of an organization, both in public and private sectors. He is the responsible of “CyberReadiness.IT”, a project of CINI Cybersecurity National Laboratory with the goal of assessing the cybersecurity readiness of the human substrate of an organization. As a result of his activities, Dr. Marco Angelini has published more than 40 papers, including 10 peer-reviewed journal papers and 30 peer-reviewed conference papers in international journals and conferences. More about him can be found at https://sites.google.com/dis.uniroma1.it/angelini.

Claudio Ciccotelli is a post-doctoral researcher at Sapienza University of Rome, where he is a member of the Cyber Intelligence and Information Security research center. He got his PhD in 2017, at the same University, with a thesis on practical approaches for fault detection and diagnosis in data centers. His main research interests include critical infrastructure protection and cyber-physical security (IACS/SCADA security), mobile security and dependability of complex systems.

Luigi Martino is the coordinator of the Center for Cyber Security and International Relations Studies, a specialized observatory of the CSSII at the Department of Political Science (University of Florence); Currently, Luigi is Ph.D. Candidate in Human Rights and Global Politics, School of Advanced Studies Sant’Anna, Pisa with a Research Project on “Improving Cybersecurity for Critical Infrastructure in Italy: The Public-Private Partnership Model Against Cyber Attacks”. He holds the MA in IR with a focus on the Strategic Relevance of Cyberspace and the Risks of Cyber Warfare. He is a member of the Research Advisory Group of the Global Commission on the Stability of Cyberspace. Since 2017 he is member of the Forum for Cyber Expertise, representing the Center for Cyber Security and International Relations Studies and consultant on Cyber Security for BV-Tech. Author of many publications in Italian, English and Spanish on cyber security, cyber warfare, cyber intelligence and cyber diplomacy. Luigi is member of CINI Cybersecurity National Laboratory, where he is responsible of “CyberReadiness.IT”, a project of CINI Cybersecurity National Laboratory with the goal of assessing the cybersecurity readiness of the human substrate of an organization.

Open issues in programming bitcoin contracts
Massimo Bartoletti, Stefano Lande, Maurizio Murgia and Roberto Zunino

A time capsule
Vincenzo Orabona, Donato Cappetta and Chiara Spadafora

Ether analysis of solidity functions
Cosimo Laneve and Claudio Sacerdoti Coen

Attacking and repairing smart contracts on forking blockchains
Vincenzo Botta, Daniele Friolo, Daniele Venturi and Ivan Visconti

Software engineering for DApp smart contracts managing workers contracts
Roberto Tonelli, Andrea Pinna, Michele Marchesi and Giorgia Lallai

Software engineering for a DApp smart contracts application to the energy market
Roberto Tonelli, Andrea Pinna, Michele Marchesi and Francesco Pisu

Smart-contract based access control on distributed information in a smart-city scenario
Francesco Buccafurri, Cecilia Labrini and Lorenzo Musarella

Modera: Leonardo Mostarda

Presentazione

Una giornata dedicata alle PMI delle Marche all’interno della più importante conferenza italiana dedicata alla sicurezza informatica con 2 momenti di approfondimento sui temi della Social Media Intelligence (il mattino) e degli attuali scenari della cybersecurity e della privacy nel mondo delle PMI italiane e della PA (il pomeriggio).

Esempi applicativi, casi di studio e nuovi scenari saranno presentati da un panel di relatori che uniscono le competenze delle università e degli enti del territorio a nomi di fama nazionale e internazionale.

Co-Organizers: PID Marche, Marche Chamber of Commerce, Marche Region, Marche Polytechnic University, University of Camerino, University of Chieti-Pescara

Relatori

PID Marche
DIH delle Marche
Regione Marche

How Critical Infrastructures has somewhat been forced to follow the overconnected cyberspace trend still maintaining the need of protecting their operative environments from the new cyber threats, why we can’t help but achieve an information supremacy and not only a cyber protection, and how Leonardo is working with its products and services in order to deal with this change.

Germano MATTEUZZI
Responsible for technology scouting and innovation of the Leonardo services and products portfolio

Graduate in Information Engineering and with an University Master in Cyber Security, both in “La Sapienza” – Rome, member of International Cyber Security Organizations (ISACA, ISC2) with relevant Cyber Security Certifications, CISA, CISSP, CISM, CRISC. More than 20 years of working experience in ICT, focusing on SW Engineering, System Engineering and Network Management, 13 years of Cyber Security working experience. Working in Leonardo, since 2009, previously in a Telco company, currently Head of Cyber Security Competence Center Delivery Unit, in the Cyber Security Division of Leonardo, formerly responsible for the Cyber Security Presales unit. In charge of the Leonardo Cyber Security delivery activities, for Government, Defense and CNI market sectors, is also responsible for technology scouting and innovation of the Leonardo services and products portfolio.

Session chair: Stefano Bistarelli

Self-Sovereign Management of Privacy Consensus Using Blockchain
Francesco Buccafurri and Vincenzo De Angelis

Towards Secure E-Voting with Everlasting Privacy
Gennaro Avitabile, Sven Heiberg, Helger Lipmaa, Janno Siim and Ivan Visconti

A Deep Learning Approach for Detecting Security Attacks on Blockchain
Francesco Scicchitano, Angelica Liguori, Massimo Guarascio, Ettore Ritacco and Giuseppe Manco

Enabling Propagation in Web of Trust by Ethereum
Francesco Buccafurri, Lorenzo Musarella and Roberto Nardone

Session chair: Corrado Aaron Visaggio

DNS Covert Channel Detection via Behavioral Analysis: a Machine Learning Approach
Salvatore Saeli, Federica Bisio, Danilo Massa and Pierangelo Lombardo

An Unsupervised Behavioral Analysis of Highway Traffic Flow for Security Applications
Fabrizio Balducci, Gabriella Calvano, Donato Impedovo and Giuseppe Pirlo

dAPTaset: a Comprehensive Mapping of APT-related Data
Giuseppe Laurenza and Riccardo Lazzeretti

Contextual filtering of computer application logs for security situational awareness
Marcello Cinque, Raffaele Della Corte and Antonio Pecchia

Semantic Techniques for Validation of GDPR Compliance of Business Processes
Beniamino Di Martino and Michele Mastroianni

Cyber Range, la piattaforma virtuale che prepara alla difesa dalle minacce cyber
Le attuali minacce Cyber impongono nuovi strumenti per l’addestramento del personale preposto alla difesa dello spazio cibernetico. La piattaforma Cyber Range prepara ad affrontare le sempre più sofisticate intrusioni informatiche perpetrate da criminali e cyber attivisti simulando teatri e scenari di combattimento realistici che consentono l’allenamento alla difesa attiva.

Cyber Range, the virtual platform that prepares to the defense from cyber threats
The current cyber threats call for new tools to train the personnel dedicated to defend cyber space. The Cyber Range platform prepares to face the increasingly sophisticated cyber intrusions perpetrated by criminals, cyber activists and other organizations by simulating realistic battle theaters and scenarios that provide training to the active defense.

Danilo MASSA
CTO Cyber Security Division, AizOon

Danilo Massa, CTO della divisione Cyber Security di aizoOn, guida lo sviluppo di tecnologie proprietarie. Possiede una consolidata esperienza tecnologica e manageriale nel campo della cyber security, dove opera a 360˚. Ha di recente coordinato l’implementazione della piattaforma Cyber Range, per allenare le organizzazioni a difendersi dai sempre più sofisticati attacchi informatici.

Danilo Massa, CTO of the Cyber Security division at aizoOn, guides the development of proprietary technologies. He has a consolidated technological and managerial experience in the cyber security field, where he operates at 360˚. He has recently developed the Cyber Range platform, to train organizations to defend themselves against increasingly sophisticated cyberattacks.

Giovanni CERRATO
Project Manager, AizoOn

Giovanni Cerrato, Project Manager di aizoOn, collabora allo sviluppo di un Cyber Range, piattaforma virtuale finalizzata all’addestramento ed alla gestione di attacchi informatici in ambito Cyber Defense su sistemi IT e Scada. In qualità di Senior Cyber Security Specialist, effettua inoltre test di sicurezza su applicazioni web, dispositivi mobile ed infrastrutture critiche.

Giovanni Cerrato, Project Manager at aizoOn, collaborates to the development of a Cyber Range, virtual platform dedicated to the training and management of cyberattacks in the Cyber Defense field on IT and Scada systems. As a Senior Cyber Security Specialist, he also performs security tests on web applications, mobile devices and critical infrastructures.

In un mondo sempre più orientato al Cloud e sempre più caratterizzato da scenari ibridi e multi-cloud, mantenare la visibilità e il controllo degli aspetti di sicurezza diventa sempre più difficoltoso. Le informazioni di sicurezza sono gestite da una molteplicità di strumenti, parte on-premise e parte negli ambienti Cloud, e i team di sicurezza sono spesso costretti a sviluppare integrazioni complesse, intraprendere costosi progetti di migrazione, e passare continuamente da una console all’altra di diversi prodotti, con il rischio di non riuscire a monitorare tutti i rischi e tutte le minacce. In questo scenario diventa necessario un nuovo approccio. IBM ha recentemente annunciato IBM Cloud Pak for Security, una piattaforma volta ad integrare più rapidamente gli strumenti di sicurezza esistenti al fine di permettere approfondimenti e indagini sulle minacce identificate, sfruttando tutte le tecnologie già a disposizione, e di guidare l’orchestrazione delle azioni di risposte e l’automazione. Il tutto su una piattaforma cloud-ready, in grado di operare indifferentemente su infrastrutture on-premise, Cloud privati o pubblici.

Giulia CALIARI
Security Architect, IBM Italia

Dal 2014 Giulia si occupa delle tematiche di sicurezza, in particolare per aspetti legati alla tecnologia. Con una vasta conoscenza dell’offerta di IBM Security, supporta direttamente le aziende clienti e collabora con business partner nel disegno e nella realizzazione di iniziative in ambito Cybersecurity. In precedenza, ha operato per diversi anni con il ruolo di Architetto coprendo l’intero portafoglio delle tecnologie software IBM e collaborando a numerosi progetti innovativi e complessi, in particolare nell’ambito della Pubblica Amministrazione. Ha inoltre una pluriennale esperienza nell’area della gestione e dell’analisi dati.

Tiesse, an Italian vendor focused on innovative corporate routers and IoT enabling appliances presents the Tiesse Network Architecture. Key features: zero-touch provisioning. CPE and network monitoring. Automatic update of CPE configuration. Update triggered by the CPE based on local information, and by a controller based on the analysis of data coming from all devices. L7 traffic classification.

Ivano CERRATO
Progettista Software, Tiesse

Ivano Cerrato si è laureato nel 2012 in ingegneria informatica presso il Politecnico di Torino, dove ha conseguito il titolo di dottore di ricerca nel 2016 con una tesi nell’ambito dell’SDN/NFV. Ivano Cerrato ha al suo attivo numerosi articoli scientifici e pubblicazioni in ambito Functions Virtualization e Software Defined Networking. Attualmente è progettista software presso Tiesse Spa dove si occupa di tematiche relative alla ottimizzazione dinamica dei collegamenti  di rete e di SDN/NFV.

Stefano PETRANGELI
Progettista Software, Tiesse

Stefano Petrangeli ha conseguito la laurea triennale in Ingegneria dell’informazione presso l’università degli studi dell’Aquila e ha poi concluso il percorso di studi con la laurea specialistica in Ingegneria informatica presso il Politecnico di Torino, con una tesi sull’orchestrazione di servizi SDN/NFV. Dal 2016 ricopre il ruolo di progettista software presso Tiesse Spa con attenzione alle tematiche di zero-touch provisioning e aggiornamento modulare ed intelligente dei dispositivi

Salvatore CARRINO
Senior Vice President dell’ICT Global Cyber Security, Eni SpA

Massimo TEDESCHI
Cyber Security Division – Product & Technology Development Director, Leonardo

Daniele ALI’
VicePresident Cybersecurity, Fincantieri

Modera: Raffaele Angius

Session chair: Giorgio Giacinto

TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time
Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder and Lorenzo Cavallaro

KingFisher: an Industrial Security Framework based on Variational Autoencoders
Giuseppe Bernieri, Mauro Conti and Federico Turrin

SAFE: Self-Attentive Function Embeddings for Binary Similarity
Luca Massarelli, Giuseppe Antonio Di Luna, Fabio Petroni, Roberto Baldoni and Leonardo Querzoni

Triage of IoT Attacks through Process Mining
Simone Coltellese, Fabrizio Maria Maggi, Andrea Marrella, Luca Massarelli and Leonardo Querzoni

Session chair: Rosario Pugliese

Screening out social bots interference: are there any silver bullets?
Mattia Zago, Pantaleone Nespoli, Dimitrios Papamartzivanos, Manuel Gil Pérez, Félix Gómez Mármol, Georgios Kambourakis and Gregorio Martínez Pérez

Modeling and Verification of the Worth-One-Minute Security Protocols
Alessandro Aldini, Alessandro Bogliolo, Saverio Delpriori, Lorenz Cuno Klopfenstein and Giorgia Remedi

Systematic IoT Penetration Testing: Alexa Case Study
Massimiliano Rak, Giovanni Salzillo and Claudia Romeo

Formal Methods for Android Banking Malware Analysis and Detection
Giacomo Iadarola, Fabio Martinelli, Francesco Mercaldo and Antonella Santone

A Life Cycle for Authorization Systems Development in the GDPR Perspective
Said Daoudagh and Eda Marchetti

Session chair: Francesco Tiezzi

Vulnerable Open Source Dependencies: Counting Those That Matter
Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta and Fabio Massacci

Common Criteria Certification of the VxWorks MILS Hypervisor for Security-Critical Embedded Systems
Domenico Cotroneo, Luigi De Simone and Roberto Natella

InfraStress: Enhancing Resilience of Industrial Plants against Cyber-Physical Threats
Denis Caleta, Aleksandar Jovanovic, Luigi Romano and Lorenzo Sutton

SymNav: Visually Assisting Symbolic Execution
Marco Angelini, Graziano Blasilli, Luca Borzacchiello, Emilio Coppa, Daniele Cono D’Elia, Camil Demetrescu, Simone Lenti, Simone Nicchi and Giuseppe Santucci

Hardware Security, Vulnerabilities, and Attacks: A Comprehensive Taxonomy
Paolo Prinetto and Gianluca Roascio

In the area of proliferation of IoT devices and social media, the possibilities to create cyber and/or physical threats are increasing revealing a feasible break for SOC analysts. An enhanced SOC could make use of a holistic Early Warning System architecture, designed for capturing, analysing and correlating several sources of information, in order to increase the situational awareness. Sentiment Analysis is a way to capture possible future events such as demonstration or parades against a sensible company installation, here social media like Twitter or blogs (normal web or dark web) are a source of information

Marco CAMMISA
Exprivia IMT-IL

Dr. Marco Cammisa (male) holds Master Degree of Computer Science Engineering at the University of Rome Tor Vergata. He is specialized in Artificial Intelligence and Advanced Analytics methodologies. He works in Exprivia since March 2005, where he has been involved as Application Architect and Senior Data Scientist. He is currently working as: Wp5 Task Leader for the European Project H2020 ECHO, Application Architect and Data Scientist for the project DigitalFuture.

Session chair: Luca Viganò

Secure e-Voting in Smart Communities
Vincenzo Agate, Marco Curaba, Pierluca Ferraro, Giuseppe Lo Re and Marco Morana

Enhancing privacy awareness during internet browsing
Bernardo Breve, Loredana Caruccio, Stefano Cirillo, Domenico Desiato, Vincenzo Deufemia and Giuseppe Polese

PowerDrive: Accurate De-Obfuscation and Analysis of PowerShell Malware
Denis Ugarte, Davide Maiorca, Fabrizio Cara and Giorgio Giacinto

MuAC: Access Control Language for Mutual Benefits
Lorenzo Ceragioli, Pierpaolo Degano and Letterio Galletta

Pull Printing with National eID Cards: An Open-source and Software-oriented Implementation
Matteo Leonelli, Umberto Morelli, Silvio Ranise and Giada Sciarretta

L’espansione delle tecnologie connesse a Internet moltiplica il rischio di violazioni dell’IT. Servono strategie e soluzioni affidabili e flessibili che aiutino la crescita sicura del Business, abilitino la Digital Transformation e garantiscano la protezione dagli attacchi informatici. Nella sessione:

• Governo delle identità digitali e accesso sicuro alle applicazioni in conformità alle norme.
• AI e tecniche di analisi predittiva a supporto del SOC.
• Protezione Asset critici, Dati e Applications nel Cloud Ibrido.

Elio DI SANDRO
Director Offering & Solutions, Cybertech

With over 35 years’ experience in the IT business, Elio has covered Technical, Sales and Managerial roles in Italy, Europe and US. He successfully ran international Software and IT Service BU during a 28-year career at IBM. Since 2012 he was part of the Executive Board as the Director of Offering and Solutions in OmnitechIT, merged into the Engineering Group in 2019 with the brand Cybertech.

AMEE è la piattaforma di aizoOn per l’analisi automatica di software sospetti con tecniche di analisi avanzate quali data mining, ML, VMI e active cyber deception. L’analisi assegna al campione profilo di rischio, categorizzazione e classificazione sulla base del comportamento manifestato. AMEE genera reputation score, report ed IoC integrabili nei propri sistemi di difesa.

AMEE is the platform developed by aizoOn for the suspicious software analysis with advanced analysis techniques such as data mining, ML, VMI and active cyber deception. The analysis profiles the sample using risk profile, categorization and classification based on the manifested behavior. AMEE generates reputation scores, reports and augments its defense systems by integrating new IoCs.

Simone ROTONDO
Cyber Security Researcher, AizoOn

Simone Rotondo is Cyber Security Researcher and OS expert at aizoOn. In the AMEE project, he is responsible for integrating OS research and dynamic malware analyses, particularly observing “undocumented” in Windows OS and code injection techniques. He has a long experience in cybersecurity, mainly on OS internals, reverse engineering and low-level development. He loves climbing and ski touring.

Stefano RINALDI
Cyber Security Researcher, AizoOn

Stefano Rinaldi is Cyber Security Researcher at aizoOn, where he is coordinator and core developer for the AMEE project, focused on automated dynamic analysis techniques. His research fields include computer security, reverse engineering and malware analysis. He has been involved in the Aramis security appliance to provide real-time threat hunting and malware case investigation services.

Nonostante gli sforzi per contrastarlo, il ransomware continua ad essere una minaccia molto seria per le nostre organizzazioni. E’ necessario comprendere come questo fenomeno si sia evoluto negli ultimi mesi e come sia possibile contenerne gli impatti sul nostro business. Questo intervento descrive un caso reale di incidente informatico e propone un modello di difesa in grado di rispondere efficacemente alle più recenti e diffuse tecniche di attacco.

Davide SETTI
Cybersecurity Analyst & Developer, Certego

Classe 1989, appassionato di informatica da sempre, non poteva intraprendere gli studi di Ingegneria Informatica. Dopo la laurea magistrale, inizia la sua carriera lavorativa come sviluppatore web, entra nel team Certego nel 2016 come analista ed è attualmente responsabile dello sviluppo della piattaforma di gestione incedenti informatici PanOptikon.