Research Projects

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023

Additional benefits: University canteen

Website: https://angelo.furfaro.dimes.unical.it, https://people.dimes.unical.it/andreapugliese

Description

The project aims at studying various problems related to different aspects of cybersecurity,

with the aim of (i) identifying methodological and technological approaches and solutions to the issues that currently present the greatest interest, also through the study of real cases proposed by public and private actors and stakeholders) and (ii) defining and developing more secure and reliable processes and infrastructures. The main topics of the project include (i) methods, techniques and tools for the protection of systems, infrastructure and data and (ii) methods, techniques and tools for digital identity and accountability. The student will study and identify, in the above areas, appropriate solutions for the benefit of individual citizens, public institutions and other complex organizations. The student will also develop knowledge and skills that will allow him/her a wide range of professional possibilities, in the public sector (including the National Cybersecurity Agency), research laboratories, centers of study and expertise, private

sectors, and other complex organizations, including through collaboration with inter- and multi-disciplinary teams in cybersecurity - in general, in those settings that require professionals with solid scientific, methodological, and technological skills in cybersecurity.

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023

Website:  https://disi.unibo.it/en/research/research-areas/computer-security-biometric-systems-and-legal-issues

Description

The research project will investigate the interplay between the different layers and methodologies involved in the design of secure systems. Security is an intrinsically interdisciplinary field, and the proposed challenge is to take into account aspects that are traditionally independent such as hardware design (e.g. trusted cores, reference monitors), software architectures (e.g. novel virtualization approaches), networking models (e.g. interplay between network programmability and security), formal methods (e.g. analysis, automatic generation of code from provably secure design descriptions), and the human element (e.g. sensitivity to attack vectors).

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023Università di Palermo

Website: https://www.unipa.it/persone/docenti/d/alessandra.depaola

Description

In many cybersecurity contexts, it is crucial to timely recognize ongoing events by analyzing

information provided by different sensing nodes. Intrusion detection and malware recognition, for instance, are two common scenarios in which heterogeneous data/features are evaluated together to extract the peculiarities of different attacks. Most approaches exploit supervised classifiers to identify known attacks; however, these are not effective in the case of new threats, i.e., zero-day attacks, where unforeseen patterns may occur. The research activity aims to address this challenge by proposing new solutions that conjugate anomaly detection algorithms with the most recent artificial intelligence methods in order to identify potential cybersecurity breaches at an early stage. To this aim, the candidate should exploit a combination of various techniques, such as statistical analysis, unsupervised learning, classification algorithms and other artificial intelligence methods, to overcome the limitations of single approaches. The research activity should address several challenges, such as the need to perform detection of anomalies and potential threats in real time, also minimizing resource consumption, especially in those scenarios where resource-limited devices are used.

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023

Additional benefits: Access to extensive research funds for participation to conferences and schools.

Website: https://www.unive.it/data/people/5590985 

Description

Authentication is preliminary to access control and authorization since it allows for identifying users and programs into a system. Authentication is often based on multi-factor approaches, such as passwords, OTPs and biometrics, and typically tend to reduce usability. It is thus important to explore trade-offs between usability and security in order to make users accept the proposed mechanism and prevent abuses such as the selection of weak passwords, the sharing of OTP devices, etc. The PhD student will analyze existing authentication solutions and classify them based on their security, usability and compliance to existing regulations. Then, the student will investigate innovative solutions that balance usability and security with respect to various threat models and regulatory/administrative domains, also considering real case studies.

Curriculum: Foundational Aspects of Cybersecurity

Funds: DM MUR 118/2023

Additional benefits: Access to extensive research funds for participation to conferences and schools.

Website: https://www.unive.it/data/people/5590470 

Description

Hardware and software systems drive the digital transformation. They are a pervasive aspect of our daily lives and we rely upon them for a growing number of critical tasks. The ever-growing complexity of these system raises concerns about their security. This project aims at rigorously studying which are the security guarantees that some of these emerging systems provide to their users. The PhD student will use the techniques and methodologies provided by the field of language-based security to study the design and implementation of trusted execution environments (TEEs) in different contexts. The student will investigate innovative solutions to formally prove the security of a system based on the properties of the underlying TEEs. These solutions might be implemented directly in hardware or as IDE/compiler plugins helping the programmer to develop secure-by-design software.

Curriculum: Foundational Aspects in Cybersecurity

Funds:  Istituto di Informatica e Telematica

Website: https://cyb.iit.cnr.it/

Description

This project focuses on the development of techniques for monitoring, analysing and mitigating Information Disorder. Information disorder refers to the dissemination of false or misleading information that can cause confusion, harm or even social and political destabilization. The project aims to identify and develop effective methods to detect and address two specific problems: coordinated behavior and the use of manipulated content such as DeepFake. Coordinated Behaviour refers to groups of users performing synergic actions in pursuit of a common intent. One objective will be to identify and characterize this type of behavior on social networks by identifying indices to measure it. The use of manipulated content is another major problem of information disorder.  The project will focus on identifying and developing effective methods to detect and mitigate the use of DeepFake content. To achieve these objectives, the project will use a combination of qualitative and quantitative research methods with a multidisciplinary approach, ranging from computer science to social sciences. The expected results of this project are the development of effective techniques and strategies to detect and mitigate the coordinated behavior and use of DeepFake content in online information ecosystems. The results of the project will contribute to the broader effort to combat information disorder and its impact on society and democracy.

Curriculum: Software, Systems and Infrastructure Security

Funds: FFO Ateneo

Website: https://computerscience.unicam.it/

Description 

The main goal of this research project is to advance the off-chain protocol state of the art by building a novel approach that can run-on battery-operated sensor and actuator IoT devices. Off-chain solutions are second layer approaches that can be used in the context of Distributed Ledger Technology (DLT) in order to improve scalability. This research project aims at conceiving secure protocols that allow the implementation of a novel off-chain system that is scalable and energy efficient. In particular, this off-chain system must be conceived to be executed on IoT devices that are battery powered, have low computation capabilities (in terms of memory and CPU power) and have limited communication range. These limitations pose the main challenges in order to devise off-chain secure protocols. The goal is to investigate security provable techniques that can guarantee off-chain system security. This will be done by adapting the existing modelling and formal analysis approaches. More precisely, the project aims at developing tools and methodologies that support the specification and verification of security properties. These tools must allow the formalization of security requirements that can be verified at design time and monitored during the system execution. The tools and methodologies developed in the project will be applied to smart city scenarios. 

Curriculum: Foundational Aspects in Cybersecurity

Funds: DM MUR 118/2023

Website: https://www.univpm.it

Description

The availability of the first quantum computers motivates the need to study, design, analyze, implement, integrate, validate, and test new cryptographic tools and primitives capable of withstanding both attacks performed with classical computers and future quantum computer-based attacks. The hosting research group has already been active for many years in designing and implementing post-quantum cryptographic primitives and participating in their standardization process coordinated by NIST. The research project is aimed at investigating, designing, and validating new approaches for finding new solutions to major open problems in

this research area, such as: devising new efficient and secure post-quantum digital signature schemes, integrating post-quantum cryptographic into existing applications (such as Internet security protocols, space communications, etc.), identify new cryptographic protocols to perform advanced functions and for use in decentralized cryptography-based infrastructures, such as those leveraging blockchain and distributed ledger technology.

Curriculum: Software, System, and Infrastructure Security  

Funds: Altro

Website: https://ccn.iit.cnr.it/en/  

Description

Botnets represent one of the most serious cybersecurity threats faced by organizations today.  While a significant amount of research has been accomplished on botnet analysis and detection, several challenges remain unaddressed, such as the ability to design detectors which can cope with new forms of botnets. The goal of the project is to use artificial intelligence-based techniques to classify and categorize botnets by analyzing the commands executed and the malware used to infect devices. A network infrastructure implementing honeypots will be used to interact with bots and collect useful data. Using artificial intelligence-based behavior analysis of bots attempting to infect new victim devices, the project aims to identify patterns and signatures that can be used to classify and categorize botnets. The ultimate goal of the project is to use this information to prevent future botnet attacks.

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023 

Description 

Embedded computing systems (ECS) at the base of several application domains (CPS, IoT, transportation, autonomous driving, etc.) must be designed with security in mind from their design phase in a measurable manner. 

Security must be considered at all layers of an ECS design, including:

•  Embedded hardware vulnerabilities

•  Memory Access Protection (MMU & MPU)

•  Secure Debugging (HSM and Host)

•  Runtime Manipulation Detection

•  Secure Feature Activation (Switch Over)

In particular, the hardware is the root of trust of a full ECS; with jeopardized hardware, the whole system is at stake. Thus, it is imperative to enhance the control and trust of hardware across the supply chain and during its operation, and this is the global objective of this Ph.D. project.

This Ph.D. project aims to investigate new RISC-V-based CPU-centric architectures protected against the significant hardware security threats observed across different computing domains: from low-end embedded to High-Performance Computing (HPC) systems. Such an investigation should also exploit security features from external accelerators, either implemented with standard CMOS or with emerging technologies.

The research aims to create an all-encompassing analysis framework and implementation strategy to ensure security in the hardware supply chain and system operation. This involves integrating dedicated monitoring and countermeasure hardware and software to mitigate the effects of attacks that can compromise information or disrupt services. 

Solutions will be considered at all stages of the system design process, including simulation, architectural design, and Register Transfer Level (RTL) design, working mainly on open hardware architectures such as RISC-V.

Curriculum: Data Governance and protection

Funds: ex DM 118 co-funded with research funds available at the Department

Description

The diffusion of fake media and the ease with which end-users can create fake media is raising increasing concern, due to the impact that the diffusion of fake media can have on our society. It is essential that public entities develop tools to detect fake media, monitor their diffusion on social media and within our society, and investigate the reason behind the creation and diffusion of fake media.

In the last years, multimedia forensic researchers have developed several tools to distinguish genuine media from fake ones and to identify several forms of media manipulations. Yet, detecting fake media and media manipulations is not enough to combat the use of manipulated media for disinformation campaigns; it is necessary that the malevolent use of the manipulations is identified. At the same time, the integrity of a media asset does not ensure that the use of the asset is a benign one: the inclusion of a pristine image in a wrong context may lead to user disinformation as much as the use of a manipulated image.

The next challenge in media forensics, then, is to characterize media manipulation within the context and discourse wherein the media is used and link the manipulation to the intended goal of the counterfeiter.

The goal of this research is twofold:

1. to build suitable, multimodal, models to study the contextual impact of media manipulations;

2. to develop a pool of automatic techniques working under different modalities (images, videos, text), linking the manipulations of a media asset to the intended meaning of the manipulation.

The expected research is a truly multidisciplinary one, touching both the cognitive and technological aspects of the addressed problem.

Curriculum: Software, System, and Infrastructure Security

Funds: CNR-ICAR

Website: www.icar.cnr.it

Description

The emergence of quantum computers has triggered the development of new solutions for future secured communications by major security agencies and standardization bodies. This project aims to identify, investigate, and trade off the best candidate quantum cryptography (QC) and post-quantum cryptography (PQC) algorithms and protocols for secure satellite telecommunication missions. The project will focus on the following three main activities: 

1. Identification of satellite telecommunication scenarios requiring protection from quantum computers, with the definition of a complete set of functional and security requirements for each scenario; 

2. Selection of QC and PQC algorithms and their implementation in networking protocols compliant with the functional and security requirements previously identified; 

3. Development of a testbed to evaluate in a laboratory environment the usability and performance of the above protocols within their use cases.

The above-selected algorithms and protocols will comply with open cryptography and satellite communications standards.

Curriculum: Foundational Aspects of Cybersecurity

Funds: University

Website: http://www.dessert.unina.it/

Description 

Nowadays, AI code generators are a valuable solution to help programmers and developers automate coding tasks and reduce the time and effort needed to create software applications. Since they are founded on deep neural networks, AI-based code generators are inevitably exposed to adversarial inputs, i.e., inputs with subtle perturbations that can mislead the models. This issue has several implications also in security applications. Poisoning of AI code

generators refers to the malicious act of intentionally feeding the generator with malicious code or data with the intent of causing it to generate flawed or vulnerable code. These vulnerabilities can be exploited by attackers to gain unauthorized access to systems, steal sensitive data, or cause other types of damage.

This project will focus on the assessment of the data used to feed the AI code generators to ensure that only high-quality code (i.e., free from biases, errors, or vulnerabilities) can be used as a source of information for the models. To fulfill this goal, the Ph.D. candidate will develop solutions based on ML, or that leverage static and dynamic analysis, to assess the code  correctness and vulnerabilities. More specifically, the candidate will adopt these solutions to: 

1. assess whether the AI code generators are poisoned, i.e., whether the code generated by the models adheres to best practices and industry standards for security, reliability, maintainability, and other quality metrics; and 

2. heal the poisoned models by fine-tuning them on data free from vulnerability, i.e., to let the generator learn from examples of code that have already been tested and verified to meet certain standards.

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023 

Description

Edge computing allows faster computation and better support for real-time applications than pure cloud-based architectures. However, the rapid increase in the size of edge computing networks and their heterogeneity raise new security issues and challenges. This project aims to address some of the most relevant ones, that is, those related to malware detection, with a focus on the challenging use case of edge-AI. The Ph.D. student will work on the definition of innovative lightweight decentralized solutions for early-stage malware detection at the edge. Learning approaches, such as deep learning, will be investigated, where edge devices are responsible for the learning process without any central observer or coordinator. The challenge is to achieve good accuracy and competitive efficiency even if participating devices lack a global view of the network to feed their learning process.

One of the reference scenarios of the Ph.D. research activity is the challenging Edge-AI use case. Edge-AI services can run under different architectures (e.g., federated learning, decentralized, federated learning, or hybrid solutions), characterized by various advantages and drawbacks, and different security threats. Part of the Ph.D. activity will be devoted to understanding and analyzing the rapidly evolving threat class represented by malware for edge-AI under the most challenging attack scenarios and learning architectures. Detection techniques will be designed, able to cope with different kinds of poisoning attacks, either performed individually or collaboratively (i.e., Sybil attacks).

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023

Website: https://serlab.di.uniba.it/people/danilo-caivano/

Description 

The proliferation of intelligent systems in our society has revolutionized various fields. At the same time, the widespread adoption of such systems has led to a corresponding increase in risks associated with cybersecurity.

Intelligent systems must be built with reference to “trust by design” and “security by design” principles to ensure that they are trustworthy and generate results that do not cause harm or unnecessary risk. The advent of Generative AI has further enhanced these risks that must be addressed to ensure that these systems are designed with the appropriate safeguards from cyberattacks.

Cybersecurity and trustworthiness are interlinked as the principles of trustworthiness complement and sometimes overlap the ones of AI cybersecurity.

Trustworthiness features such as robustness, accuracy, traceability, explainability, data quality, and fairness inherently complement cybersecurity.

The objective of this Ph.D. project is to investigate such issues and propose novel solutions for a Trustworthy and Secure AI, identify potential risks and vulnerabilities of AI models and algorithms, and provide actions for remediation. Proposed solutions and approaches should help organizations develop and validate their intelligent systems and ensure they meet the necessary standards for safety, security, robustness, and privacy protection while also promoting transparency, accountability, and ethical behavior. Finally, intelligent systems should be validated to make them compatible with current regulations.

Curriculum: Software, System, and Infrastructure Security

Funds: Research funds of the FITNESS research group.

Additional benefits: Additional research contract within the context of the active project(s), to be negotiated on an individual basis.

Websites: http://www.fitnesslab.eu/, https://certify-project.eu/, https://encrypt-project.eu/, https://cyberseas.eu/, https://incisive-project.eu/ 

Description

Even the most secure algorithm is vulnerable, if the computing environment where it is executed is not adequately protected (ENISA Annual Report on Cybersecurity Research and Innovation Needs and Priorities). Effective protection is needed not only when data is “in transfer” (e.g. exchanged over a network connection) or “at rest” (e.g. stored on a disk) but also when it is “in use” (e.g. loaded in the RAM or in the CPU). While the protection of data in transfer and at rest is relatively easy to achieve, protection of data in use is still - to a large extent - an open issue. The main challenge is that data must be protected even from attacks by privileged users (e.g. system administrators or cloud providers) and software (e.g. the OS or the hypervisor). The availability of effective mechanisms for the protection of data in use is a key enabler of a number of application domains, such as Industrial Control Systems, Smart Grids, eHealth, and more. Also importantly, it is the prerequisite for the real take-up of cloud computing. Some of the big players in the cloud market already offer solutions (e.g. Microsoft ACC) which provide protection of data in use via TEE. The PhD program will focus on techniques for the protection of data in use via TEE, and apply them to challenging use cases in realistic setups, within the context of research projects funded by the European Commission, including CERTIFY, ENCRYPT, CyberSEAS, and INCISIVE.

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023

Websites: https://di.unipi.it/

Description

The overall aim of the PhD project is concerned with defining methodologies and tools to govern the design, development, and maintenance of secure ICT infrastructures. The project involves the design of innovative solutions to govern both the management process and the development of secure ICT infrastructure, through the use of a variety of techniques ranging from static analysis to dynamic analysis, from probabilistic to symbolic methods, to the adoption of digital twin and distributed ledger with the goal of detecting possible malicious activities, preventing or limiting their impact, according to a self-defence and autonomic paradigm. The PhD project aims to significantly extend the power and scalability of currently available techniques to make them applicable to real-world infrastructure in several application fields.

Curriculum: Software, System and Infrastructure Security

Funds: University

Description

Nowadays, Intrusion Detection Systems represent a fundamental research subject in the field of cyber security. To overcome the problem of recognizing new types of attacks, increasingly frequent in recent years, it is important to design and develop new unsupervised machine learning models capable of detecting anomalies in computer networks. Among other issues, a problem is that most attacks to computer networks are rare events, with respect to the whole (legit) traffic; moreover, attackers constantly change the pattern of their actions, in order to hide from IDSs. The PhD research activities will be focalized on new unsupervised approaches with continuous learning capabilities for anomaly detection; in particular, the proposed study should consider recent neural network architectures such as SF-SOINN for efficient continuous learning. The proposed systems must be tested on important benchmark datasets (e.g., NSL-KDD, etc.) in order to demonstrate its ability in detecting new attacks, learning them and imtevolving its knowledge to increase system robustness to multiple attacks.

Curriculum: Software, System and Infrastructure Security

Funds: DM MUR 118/2023

Additional benefits: Students are offered free on-campus housing and free meals at the IMT canteen for three years

Website: https://sysma.imtlucca.it/

Description

Information and communications technologies (ICT) form a vital part of our society, providing essential goods and services. Critical information infrastructures (CIIs) are ICT platforms that enable other critical infrastructures whose disruption may affect the safety of citizens. Security engineering for CIIs is a multidisciplinary field involving various topics, from secure software development and cryptography to embedded systems and network security. Formal modelling and verification techniques have the potential to provide strong security guarantees and support vulnerability detection. However, developing effective formal methods-based tools for CIIs is still open. This project aims to provide new methodologies and tools for the security assessment of CIIs that could support Macro-regional CSIRT in their activities. The research could focus on different aspects, such as network security, protocol security, and application security, and can consider different verification techniques.

Curriculum: Software, System and Infrastructure Security

Funds: DM MUR 118/2023

Additional benefits: Students are offered free on-campus housing and free meals at the IMT canteen for three years

Website: https://sysma.imtlucca.it/

Description

Cyber ranges are highly sophisticated infrastructures that serve as battlegrounds for cybersecurity activities including, e.g., training, testing, and incident simulation. Although modern virtualization and simulation technologies provide the building blocks for cyber ranges, scalability, re-usability, and affordability are still open issues. As a matter of fact, the access to cyber ranges is today limited and the benefit for the society at large is only marginal. 

The goal of this project is to investigate state-of-the-art technologies and methodologies for making cyber ranges accessible to a wider class of users. The candidate will have access to cyber range technologies currently available and will have to investigate innovative approaches to improve their usability and scalability. These approaches include (but are not limited to): infrastructure design languages, orchestration, vulnerability testing, red team automation, exploitability, gamification techniques, attack strategies generation and execution.

Curriculum: Foundational Aspects in Cybersecurity 

Funds: DM MUR 118/2023

Website: www.unica.it, www.pralab.diee.unica.it

Description

The trend in the development of cyber threats is characterised by the exploitation of latent vulnerabilities and by the stealthiness of the techniques used to attack systems and sensors, designed to evade sensing and detection tools. This research project is aimed at devising effective machine learning models based on the recent advances in other fields such as image and natural language understanding. The goal is to spot even small signals of suspicious activities while keeping the rate of false alarms small. Recent advances in deep learning models, as well as the use of ensemble methods, will be leveraged to build a novel framework. In particular, a huge effort will be spent in investigating different models to represent either source code or binaries that can reveal potential vulnerabilities or malicious actions. To this end, recent advances in machine learning models for language modelling and multimedia processing will be analysed and tailored to the computing environment.

Curriculum: Foundational Aspects of Cybersecurity

Funds: DM MUR 118/2023

Website: https://cs.gssi.it

Description

Modern societies rely on infrastructures that are more and more connected through digital networks. This creates complex cyber-physical ecosystems that are vulnerable to many different types of attacks. A source of weakness is that this integration possibly involves systems that were originally designed to operate in (closed) trustworthy settings. In fact, some systems may not provide strong security guarantees (or satisfy only basic security requirements) because they are conceived to operate in non-hostile environments. Therefore, their integration with other systems, nowadays hardly negotiable, could easily introduce security breaches if done naively. This could possibly compromise sub-systems, including those designed to guarantee strong security requirements. This project aims to develop formal approaches to harness existing systems with security guarantees. The main idea is to analyse existing systems and identify weaknesses that could expose them to attacks. The project considers a case study involving a platform developed at Actyx (https://developer.actyx.com/) to support the coordination of factory production. The platform has been designed and implemented assuming a non-adversarial context. A crucial part of the project is to develop approaches to enforce security in systems that rely on the Actyx platform, whose formal modelling and analysis have been initiated in a recent publication.

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023 - M4C1-PNRR

Website: https://www.unisa.it/

Description

Generative Artificial Intelligence (GenAI) is a branch of Artificial Intelligence aimed at creating complex data, such as images, videos, audio, text, etc., from scratch, mimicking human creativity. The capabilities of emulating human language and interaction skills of Open AI ChatGPT and Bing Sydney are particularly impressive examples. The Large Language Models (LLMs) are revolutionizing the writing approach of journalists, writers, and researchers. However, LLMs are affected by two different issues: (1) biased data adopted for the training task can lead to demographic stereotypes and imprecise information; (2) the generated results can arbitrarily be true or not. As a consequence, the risk of spreading imprecise or false information is high with unchecked generated text. Moreover, presented weaknesses can be easily adopted in disinformation campaigns or political propaganda by, for example, fake persona creation, AI-generated imagery, deep fake for discrediting adversaries, etc.

This project aims to find methodologies able to identify and monitor disinformation phenomena nourished by LLMs. The objective is to let users use and exploit advantages associated with the employment of such innovative technologies, and work for their optimization in order to study solutions that could mitigate the negative effects of LLMs. Moreover, solutions to unmask voluntary or involuntarily generated disinformation content without censorship will be approached.

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023 - M4C1-PNRR

Website: https://www.unisa.it/

Description

Explainable AI (xAI) refers to strategies and procedures employing Artificial Intelligence technology (AI) that allow human experts to gain insight into the AI model outcomes. xAI is a powerful approach for spotting model defects and data biases, contributing to an increase in user trust. The interpretability achieved through xAI models can be exploited for generalization independently from training data issues, such as limited availability of labeled data and lack of domain-specific or multi-language information. In addition, the application of xAI can be a double-edged sword. It substantially improves cybersecurity practices but leaves, at the same time, the system vulnerable to adversary attacks. In this regard, xAI can be adopted to study the vulnerabilities of a system and, consequently, guide its strength or protection. Insights from cybersecurity can be studied to approach threats of the infodemic era, where disinformation attempts can undermine the role of institutions, national security, and democracy itself.

This project aims at studying xAI methodologies that support the definition of more powerful, robust, and generalizable models (in terms of propaganda, fake news, hate speech detection, etc.). The objective is to identify information disorder counterfeiting solutions where models

must be capable of dealing with ever-new challenges due to continuous technological evolution.

Curriculum: Software, System, and Infrastructure Security

Funds: DM 118/2023  - M4C1- Inv. 3.4

Additional benefits: The students will be trained in the industrial methodologies used by the industry partners and spend 6 months at Vrije Universiteit Amsterdam

Website: https://securitylab.disi.unitn.it

Description

Several methodologies exist for cybersecurity risk assessment of IT/OT infrastructures (such as ISO 27001, ISO 27002, ISO 27005, NIST SP 800-53, CIS Control v8). However, they are hardly automated and even less account for the presence of artificial intelligence or machine learning components.   To date, risk analysis is done by exploiting the experience of technical personnel and is based on beliefs and opinions rather than scientific theories. The result is that risk analysis, which should be a central activity of IT/OT infrastructures management, is found on the margins of corporate GRC (Governance, Risk, Compliance), being almost always evaluated as not very informative. The purpose of the research is the definition of an automatic or semi-automatic process for risk assessment (which includes the identification of threats with a relative estimate of impact and probability).  The project will be in cooperation with an innovative start-up company (https://www.v-research.it/) that will support the student in the concrete case studies and the activities for the technological transfer of the results of the project.

Curriculum: Software, System and Infrastructure Security

Funds: DM MUR 118/2023

Website: https://web.dmi.unict.it/it/content/dottorato-informatica

Description

Common media such as digital images, audio and video clips could be fake, namely generated by computer programs to resemble genuine ones, with the aim of offering altered contents to unaware users. At an extreme, such contents and the services delivering them could become fully malicious, so as to actively engage with other computer programs as well as with the users to craft cunning attack vectors. Even whole devices could be malicious, including modern Voice Personal Assistants and, more in general, widespread IoT devices – and the role itself of the user could be exploited, for example by mounting a self-issue attack on a voice channel.

The overarching goal of this research is to liberate the IoT from fake contents as well as from malicious activity. The technical objectives are: to promote a precise understanding of the scope and aims of fake contents and malicious activity in the IoT; to devise scalable approaches to thwart fake contents and malicious activity at all architectural layers of the IoT; to define algorithms to detect fake media and deep fakes in the context of the IoT; to implement such algorithms as viable and practical tools that are applicable to real-world scenarios; to tailor the novel algorithms and tools to the particular problem of user privacy preservation so as to make them fully compliant with the General Data Protection Regulation.

Curriculum: Software, system and infrastructure security

Funds: CNR 

Description

Design and implementation of techniques for detecting intrusions on mobile devices and IoT, through the use of federated machine learning techniques. Particular importance will be given to the explainability of the proposed models, in order to integrate the techniques developed in a real context, where they can be of support to the malware analyst. Solutions will also be designed for assessing the risk of being attacked by malware, also providing ad-hoc best practices to protect mobile/IoT devices from cyberattacks.

Curriculum: Data governance and protection

Funds: CNR

Description

The project focuses on the management of policies for digital sovereignty starting from regulations and laws till producing machine understandable, enforceable and verifiable policies. This entails the adoption of methodologies for automated policy generation from natural language, also including large language models. Such security policies will be used for data usage control and data sovereignty solutions that are main instruments of digital sovereignty. The policy management framework could be also adopted in several contexts from compliance to standards to fine grained and continuous control of data and systems in accordance to regulations, usage control policies and privacy preferences. Policy models may include

obligation management frameworks.

Curriculum: Human, Economic, and Legal Aspects in Cybersecurity

Funds:  DIRPOLIS INSTITUTE and prof. Gaetana Morgante

Additional benefits: Additional research contract within the context of the active project(s), to be negotiated on an individual basis.

Websites: https://www.santannapisa.it/en/istituto/dirpolis-institute

Description

Investigating, preventing and fighting cybercrimes is challenging the traditional categories of criminal law and procedure. The building of an efficient legal framework at a domestic, European and international level needs a strong multidisciplinary approach to the juridical, ethical, economical, political, social and human profiles of cybersecurity. The PhD program will concern the different forms of cybervictimization (individual and collective, public and private up to the CyberWar) and take into account the studies on Digital Criminology. The different models of prevention and repression of cybercrimes will also be studied in the light of the international obligations and cooperation (so-called Cyber-Diplomacy). The PhD program will also cover the procedural issues of Cybersecurity from the analysis of the multileveled legal framework up to the collection of the best investigative practices to balance cybersecurity and protection of the fundamental rights in cyberspace (so-called Digital forensics), and the questions related to the jurisdiction on crimes committed in the cyber- and transnational dimension.

Curriculum: Data Governance and Protection

Funds:   DM MUR 118/2023

Websites: https://samarati.di.unimi.it/

Description

Data are the central resource for any modern society. Also, the availability of highly performing systems and services (e.g., cloud/fog/edge/IoT) for gathering, storing, and processing data, as well as of efficient machine learning and AI-based solutions operating on large data collections, brings great benefits on a personal, business, economic and social level. On the other hand, data may be sensitive or company-confidential and cannot be shared openly, and their confidentiality, as well as their integrity, should be guaranteed even when non fully trusted parties are involved in data storage or processing. The goal of the project is to contribute to the development of advanced scientific and technological solutions enabling the different actors (e.g., individuals, companies, institutions) with control over their data in the various data release, sharing, and analysis scenarios. The research is in the area of computer science and can entail investigation of different scientific and technological issues contributing to solving the problem of protecting data in emerging scenarios. Technological aspects that can be investigated include: data modeling for enforcing security and privacy restrictions; access control languages and models; data protection in release, storage, or computation by untrusted parties; data integrity; data security and privacy in artificial intelligence scenarios; and AI-based security and privacy solutions. 

Curriculum: Software, system and infrastructure security

Funds: DM 117/2023

Websites: https://cybersecnatlab.it/

Description

A few years after the first European cybersecurity directive came into operation, a new directive (NIS 2) was published in January 2023, effectively replacing the first one. NIS 2 was the result of a major improvement process of the previous directive, with the goal of strengthening the security measures required and necessary for the protection of critical infrastructure. In fact, new application areas were added, in addition to those previously identified as critical, and the risk management measures to be taken by operators and providers of essential services were better detailed.

In the Italian context the "Framework Nazionale per la Cybersecurity e la Data Protection”, which outlines guidelines for the proper and effective cybersecurity management of systems. Accompanying this document is also the identification of a set of “essential controls”, that is, minimum security measures that are easily implemented that refer to the guidelines expressed within the Italian Cybersecurity Framework.

In both contexts, it becomes crucial to be able to provide tools that can enable a rigorous, objective, and quantitative approach to the assessment process that can be applicable not only by large organizations but also by small and medium-sized enterprises.

Curriculum: Software, system and infrastructure security

Funds: DM 117/2023

Websites: https://cybersecnatlab.it/

Description

Microphones are commonly installed in many devices, not just phones but also IoT and wearable devices. Most microphones are today based on MEMS sensors. 

Several cases have been reported in which microphones are used to violate privacy in order to fraudulently record private conversations.

Many papers have been published about attack techniques that resort to ultrasonic waves to prevent these attacks by creating a DoS on a microphone (i.e., the microphone cannot record any sound at all or the sound is extremely distorted and not intelligible).

In addition, other attack techniques exploit ultrasonic waves to activate voice commands on smart devices (e.g., SIRI, Google, Alexa): these commands cannot be heard by humans but can still be picked up by common microphones.

During the proposed thesis, we want to deeply analyze DoS attacks against microphones, from both red-teaming and blue-teaming perspectives, in different thread scenarios. In addition, we need to deeply investigate how different sound frequencies might affect electronic devices (i.e., disturbing them and creating unwanted DoS) and people (i.e., possible Impacts on health and safety). 

Curriculum: Software, System, and Infrastructure Security

Funds: DM MUR 118/2023

Website: http://rcl.dimai.unifi.it/,  https://www.unifi.it/p-doc2-0-0-A-3f2b342f372e2b.html 

Description

As systems are becoming massively distributed, interconnected, and evolutionary, the complexity of threats and attack paths is increasing. Models for the security and dependability assessment must take into consideration the multiplicity of components, which often share similarities, but at the same time exhibit variations due to different configurations or roles. Further, due to dynamicity and evolution, changes to configurations are introduced over time, and system models need to be updated to reflect such changes.

The proposed research focuses on selected aspects of the design and especially the evaluation of resilient and secure cyber-physical systems, with a particular preference for the security of critical infrastructures and systems of systems. The research shall investigate qualitative and/or quantitative methods for the identification, analysis, classification, and mitigation of threats and hazards, for example aiming to analyze and rank the most probable attack paths, identify the most critical components to be protected, or compare different architectural solutions with different defensive mechanisms.

Curriculum: Software, System, and Infrastructure Security

Funds: Serics - D.D. n. 341 del 15 marzo 2022

Website: https://www.csec.it/ 

Description

This research project focuses on the study of automated or semi-automated methodologies to assess the cyber risk exposure of complex application ecosystems. The candidate will explore emerging scenarios such as Mobile, Cloud, Fog, IoT (Internet of Things), and combinations thereof. Furthermore, all the solutions developed in the project will be evaluated in real-world industrial scenarios.

In detail, the project will be included in one of the following lines of research:

- the design of effective methods for analyzing and quantifying potential cyber risks exposure of complex application environments and the associated supply chain, with specific attention to CI/CD scenarios and the DevSecOps paradigms;

- the identification of proper digital twin technologies to create multi-domain scenarios for testing cyber risk resilience, identifying vulnerabilities, evaluating countermeasures against potential cyber-attacks, and assessing the effectiveness of existing procedures.

Curriculum: Human, Economic, and Legal Aspects in Cybersecurity

Funds: DM 118/2023

Description

The project aims to develop a new ‘regulatory sandbox’ for cybersecurity using a forward-looking approach to regulation, allowing minimal barriers by creating a controlled regulatory testing environment. The ‘regulatory sandbox’ is a way to connect innovators and regulators, providing a controlled environment for them to cooperate. It facilitates the development, testing and validation of innovative digital tools to ensure compliance with the requirements of existing regulations. The PhD candidate will focus her/his project on studying regulatory sandboxes as a way to co-regulate technological tools and participate in implementing a real regulatory sandbox on cybersecurity in Italy. For these purposes, the candidate will be asked to develop strong state of the art on regulatory sandboxes in Europe and be able to analyse and study relevant European use cases that serve as best practices in operational terms. Activities should also include analysis of legal issues, regulatory compliance and rules on technology. The research activities will be conducted within the Department of Legal Studies of the University of Florence.

Curriculum: Software, System, and Infrastructure Security

Funds:  DM 118/2023

Description

The research aims to develop novel techniques for the detection of new-generation malware that leverage artificial intelligence techniques.

Funds: DM MUR 118/2023

Website: https://www.diies.unirc.it/scheda_persona.php?id=576

Description

The project focuses on the context of cybersecurity and aims to secure services provided to citizens and organizations. In this scenario, securing communication and protecting digital identity deserve in-depth study. This requires (1) designing distributed solutions not to rely on trusted third parties, (2) guaranteeing that the service applicant is really who claims to be, (3) allowing an entity to communicate anonymously when admitted, (4) allowing disclosing the minimum personal data when required, and (5) providing accountability even if a service is accessed anonymously. The first requirement implicates the adoption of Distributed Ledger Technologies, requirements 2 and 3 involve network security, whereas the last two aspects address the data protection requirements imposed by the GDPR. The student will develop knowledge and skills useful for a wide range of

professional possibilities. Furthermore, the student will acquire professionals with solid scientific, methodological, and technological skills in cybersecurity.