Research Project Proposals

Cybersecurity & Reliable AI

Title: Multi-domain Cyber Range and Cyber Resilience Testing of Cyber-physical Systems and Mission Critical Platforms, Assessment Tools and Procedures through Cyber Test Ranges


Proposer(s): Leonardo SpA Divisione Cyber & Security Solutions


Curriculum: Cybersecurity and Reliable AI


Description: Cyber-physical systems are being increasingly employed in everyday applications, including critical ones. This integration of operational technology systems, originally designed to operate in physical isolation -hence with no or little cyber security defences with information technology systems, by default meant to be networked, dramatically increases the cyber-attack surface of the resulting composite systems. Thus, the assessment of the security posture of cyber-physical systems, as well as the evaluation of the effectiveness and efficiency of the defensive mechanisms become of paramount importance. Unfortunately, testing cyber security in live real-world cyber-physical systems is not advisable, even when it is possible; hence, the use of testbeds is a necessary alternative.


A Cyber Physical Test Range needs to be a hybrid cyber range, i.e. a combined local and distributed (cloud) components environment, with traffic generation capabilities, emulation and simulation in its network, with red teaming automatically and dynamically driven, also by use of AI/ML. Such a range can support how organisations accept convergence between IT and OT, to ensure improved cyber security focus, enhance performance and productivity, reduce risk and cost, unlock operational potential, reduce the adversarial attack surfaces, learn how to prevent attacks in these converged environments, as well as learn to operate when these converged environments are degraded.


The PhD project will tackle the challenge of identifying key features to be subsequently used as input to the process of defining requirements for future cyber-physical testbeds with cyber security posture assessment

Capability, and a second challenge consisting of proposing a reference architecture for the next generation of cyber ranges, namely the cyber-physical ranges.


Link to the group or personal webpage


References

  1. G Kavallieratos, SK Katsikas, V Gkioulos. Towards a cyber-physical range. Proceedings of the 5th on Cyber-Physical System Security Workshop, 25-34

  2. R. V. Yohanandhan, R. M. Elavarasan, R. Pugazhendhi, M. Premkumar, L. Mihet-Popa, J. Zhao, V. Terzija. A specialized review on outlook of future Cyber-Physical Power System (CPPS) testbeds for securing electric power grid. International Journal of Electrical Power & Energy Systems 136, 107720

  3. M. M. Yamin, B. Katt, V. Gkioulos. Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Computers & Security. Volume 88, 2020.

Title: Security and Resilience of Orchestration Technologies, Software Defined Networking and Computing for certified application in Cloud and 5G


Proposer(s): Leonardo SpA Divisione Cyber & Security Solutions


Curriculum: Cybersecurity and Reliable AI


Description: Cloud infrastructures are the new data centres. But they are also an attacker’s playground. To protect them, attack surface must be reduced. Cloud infrastructure entitlements management solutions are specifically designed to tightly and consistently manage privilege in complex, dynamic environments. They apply the Principle of Least Privilege access to cloud infrastructure, providing IT and security organizations fine-grained control over cloud permissions and full visibility into entitlements. They help businesses strengthen security, reduce risks and accelerate the adoption of cloud-native applications and services by identifying and removing excessive permissions. CIEM solutions also provide tools to intelligently identify and rank risks associated with configuration errors, shadow admin accounts and excessive entitlements for human, application and machine identities. This helps cloud security teams prioritize remediation to tackle first while developing a proactive, well-informed phased approach to risk reduction. When environments are hybrid and not purely cloud based, security is even harder to be administered and assured. In those cases, usually size and requirements of on premises networks are huge. Software Defined Networking helps switches to be programmed and implemented independently. SDN is a way of providing programmability for network application development by separating the control plane from the data plane. Security of Software Defined Networking (SDN) is an open subject. Separating the control plane from the data plane opens up a number of security challenges such as a man-in-the-middle attack (MITM), a service denial (DoS), overload saturation attacks, etc.

Open RAN is a standard of the 5G framework that allows greater diversification of suppliers within networks in the same geographic area. Open RAN could also help increase visibility of the network thanks to the use of open interfaces and standards, reduce human errors through greater automation, and increase flexibility through the use of virtualisation and cloud-based solutions. The Open RAN concept still lacks maturity and cybersecurity remains a significant challenge. Especially in the short term, by increasing the complexity of networks, Open RAN would exacerbate a number of security risks. Open RAN could lead to new or increased critical dependencies, for example in the area of components and cloud.

The PhD project will tackle several challenges from different perspectives, including identification and assessment of key security requirements or conditions and focusing on the key features of an advanced Cloud Infrastructure Entitlements Management solution, whose domain can be extended to hybrid solutions, encompassing SDN management solutions and also large-scale deployments of open RAN based business private mobile 5G networks. The PhD will also encompass the identification of key technical controls such as authentication and authorisation, and adapting the monitoring design of large, complex heterogeneous infrastructures like infrastructures based on cloud, on premises datacentres and 5G based services to a modular environment where each component can be monitored and cyber threats promptly detected.


Link to the group or personal webpage


References

  1. Solutions to Vulnerabilities and Threats in Software Defined Networking (SDN) Aayush Pradhana , Rejo Mathewb (a) IT Department, Mukesh Patel School of Technology Management and Engineering, Mumbai 400056, India (b) IT Department, Mukesh Patel School of Technology Management and Engineering, Mumbai 400056, India

  2. https://ec.europa.eu/commission/presscorner/detail/en/IP_22_2881

  3. https://sysdig.com/learn-cloud-native/cloud-security/what-is-cloud-infrastructure-entitlements-management-ciem/

  4. https://ubuntu.com/engage/multi-cloud-guide?utm_source=google_ad&utm_medium=custom&utm_campaign=7014K000000UeaaQAC&gclid=Cj0KCQjwkruVBhCHARIsACVIiOyDhDaQbUCFvPPb8lI4o5dcyA2-C1C87OTj8kWrCJBoq5EFBmQUjCAaAkz_EALw_wcB

  5. https://www.zscaler.com/resources/security-terms-glossary/what-is-ciem

Title: User-driven App Data Anonymization on Mobile


Proposer(s): Alessio Merlo (DIBRIS), Francesco Pagano(DIBRIS), Antonio Ruggia (DIBRIS)


Curriculum: Cybersecurity and Reliable AI


Description: The amount of personal data collected and managed by mobile applications has significantly risen in the last few years. This is due to the fact that app developers need to constantly monitor the behavior of their users to define strategies aimed at improving the features of the app from both a commercial and a functional perspective. Google, Facebook and other main IT firms support such monitoring activity by providing proper analytic libraries that allow the application to log user’s events and send them to the application backend. In this game, the role of the user is rather marginal, as it is limited to the provisioning of new data while using the app, without any control over the events that are logged and the sharing of information with both the app developer and the firm backends.

As this has recently lead to severe privacy concerns, there is an urgent need for a novel solutions aimed at managing personal data on mobile in a way that allow to deal with two conflicting demands, namely allowing the user to enforce her privacy requirements (i.e., control the sharing of personal data and anonymize them accordingly), while granting the utility of the data gathered and delivered to the backends. Finally, as the final aim is to define and implement a solution that can be delivered on actual mobile devices in the wild, the proposed methodology must fit in the current mobile ecosystem, namely 1) be transparently applied on actual mobile devices, at least on the most recent version of the Android OS, 2) do not significantly affect the performance of the mobile device and the corresponding user experience, and 3) be able to deal with emerging privacy-related mobile technologies like app virtualization.

In this regard, the objectives of the PhD will be:

  • Perform an in-depth analysis of the current state of the art on both Android internals and data anonymization techniques

  • Carry out an extensive and statistically meaningful analysis in the wild on real mobile applications to empirically assess both the adoption of analytic libraries and the flow of personal data from the mobile app to the backends

  • Develop a novel methodology to “usefully anonymize” personal data on the fly, i.e., in a way that the maximum level of information can be granted when the user’s privacy requirements are applied.

  • Define a methodology to automatically recognize which user data an app can legitimately access to, based on the characteristics of the apppplication. This methodology should allow discriminating between data that can be transparently anonymized and those that cannot be modified without affecting the appplication functionality.

  • Define a methodology that generates a Domain Generalization Hierarchy (DGH) automatically from a specific domain. Creating a DGH is usually carried out manually based on the context. Still, this approach does not scale in the case of large domains like the mobile app one, and in the wild.

  • Implement the methodology in a tool and empirically validate the methodology in the wild on a statistically-significant set of real mobile applications.


Link to the group or personal webpage


References

[1] Caputo, D., Verderame, L., Merlo, A. (2020). MobHide: App-Level Runtime Data Anonymization on Mobile. In: , et al. Applied Cryptography and Network Security Workshops. ACNS 2020. Lecture Notes in Computer Science(), vol 12418. Springer, Cham. https://doi.org/10.1007/978-3-030-61638-0_27

[2] Caputo, D., Pagano, F., Bottino, G., Verderame, L., & Merlo, A. (2021). You can't always get what you want: towards user-controlled privacy on Android. arXiv preprint arXiv:2106.02483.

[3] Differential Privacy: https://privacytools.seas.harvard.edu/differential-privacy

[4] Vallina-Rodriguez, N. (2017, January). Illuminating the third party mobile ecosystem with the Lumen privacy monitor. In FTC PrivacyCon 2017.

Title: Explainable Machine Learning in Network Security

Proposer(s): Domenico Siracusa & Roberto Doriguzzi Corin

Curriculum: Cybersecurity and Reliable AI

Description:

Machine Learning (ML) is nowadays a consolidated technology embedded in various domains of computer science and information technology. In the recent past years, ML has revolutionised cybersecurity applications, with excellent results in various application areas such as: encrypted traffic classification, intrusion detection and prevention, anomaly detection in industrial control systems, identification of malicious software (or malware), among others.

One important research subfield of ML is called Explainable Machine Learning, which relates to understanding the ML model behaviour by means of various techniques such as feature importance scores, influential training data, etc,. Given the complexity of some black-box ML models, it is inherently difficult to understand why they behave the way they do. Understanding how a ML model works and how it takes its decisions is paramount in network security. Indeed, the ability to understand why an event is classified as benign or malicious by an ML-based intrusion detection system allows the ML practitioner to take the necessary counteractions to reduce false positive and false negatives rates, and to make the system more robust to Adversarial Machine Learning attacks.

The objective of this PhD project is to perform fundamental research in the field of ML explainability (understanding how ML algorithms reason their outputs) and to propose novel tools and methodologies for ensuring good performance of ML-based security systems under various working conditions.

Link to the group or personal webpage
https://ict.fbk.eu/units/rising

References:

  1. Dongqi Han, Zhiliang Wang, Wenqi Chen, Ying Zhong, Su Wang, Han Zhang, Jiahai Yang, Xingang Shi, and Xia Yin. 2021. DeepAID: Interpreting and Improving Deep Learning-based Anomaly Detection in Security Applications. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21). Association for Computing Machinery, New York, NY, USA, 3197–3217.

  2. R. Doriguzzi-Corin, S. Millar, S. Scott-Hayward, J. Martinez-del-Rincon, and D. Siracusa, "LUCID: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection", IEEE Transactions on Network and Service Management, 2020.

  3. M. Wang, K. Zheng, Y. Yang and X. Wang, "An Explainable Machine Learning Framework for Intrusion Detection Systems", IEEE Access, 2020.

  4. A. Hartl, M. Bachl, J. Fabini and T. Zseby, "Explainability and Adversarial Robustness for RNNs," IEEE Sixth International Conference on Big Data Computing Service and Applications (BigDataService), 2020.

  5. M. Abdelaty, R. Doriguzzi-Corin, and D.Siracusa, "DAICS: A Deep Learning Solution for Anomaly Detection in Industrial Control Systems", IEEE Transactions on Emerging Topics in Computing, 2021.

Title: Cyber Deception in Cloud-to-Edge Environments

Proposer(s): Domenico Siracusa & Marco Zambianco

Curriculum: Cybersecurity and Reliable AI

Description:

Cyber deception is a defense strategy, complementary to conventional approaches, used to enhance the security posture of a system. The basic idea of this technique is to deliberately conceal and/or falsify a part of such system by deploying and managing decoys (e.g. "honeypots", "honeynets", etc.), i.e., applications, data, network elements and protocols that appear to malicious actors as a legitimate part of the system, and to which their attacks are misdirected. The advantage of an effective cyber deception strategy is twofold: on one hand, it depletes attackers' resources while allowing system security tools to take necessary countermeasures; on the other hand, it provides valuable insights on attackers' tactics and techniques, which can be used to improve system's resilience to future attacks and upgrade security policies accordingly.

Although cyber deception has been successfully applied in some scenarios, existing deception approaches lack the flexibility to be seamlessly operated in highly distributed and resource-constrained environments. Indeed, if virtualisation and cloud-native design approaches paved the way for ubiquitous deployment of applications, they widened the attack surface that malicious actors might exploit. In such a scenario, it is practically unfeasible to try to deploy decoys for each and every system's service or application without dramatically depleting resources, especially in edge scenarios, where these are scarcely available.

This calls for a novel approach to cyber deception combining security, networking, cloud and AI technologies, that takes the tradeoff between security and efficiency into account and makes deception strategies more effective in cloud-to-edge environments. The PhD project will tackle the above mentioned challenges from different perspectives, including the dynamic and automated orchestration of decoys, the design and implementation of lightweight and flexible honeypots, the proposition and evaluation of relevant performance indicators and the integration and interaction with DevOps and SecOps tools.

Link to the group or personal webpage
https://ict.fbk.eu/units/rising

References:

  1. Wang, Cliff, and Zhuo Lu. "Cyber deception: Overview and the road ahead." IEEE Security & Privacy 16.2 (2018): 80-85.

  2. Li, Huanruo, et al. "An optimal defensive deception framework for the container‐based cloud with deep reinforcement learning." IET Information Security 16.3 (2022): 178-192.

  3. Sajid, Md Sajidul Islam, et al. "SODA: A System for Cyber Deception Orchestration and Automation." Annual Computer Security Applications Conference. 2021.

  4. Sayari, Amal, et al. "Attack Modeling and Cyber Deception Resources Deployment Using Multi-layer Graph." International Conference on Advanced Information Networking and Applications. Springer, Cham, 2022.

Title: Model-based safety assessment for hybrid systems

Proposer(s): Marco Bozzano, Stefano Tonetta

Curriculum: Cybersecurity and Reliable AI

Description:

Model-based safety assessment (MBSA) is a growing research area in the design of complex safety-critical systems. Starting from requirements and formal models of the system under analysis, automated techniques and tools are used to analyze system correctness and dependability, and to support its certification, automatically constructing safety artifacts such as Fault Trees and FMEA tables.

Objective of the study is to lift MBSA techniques from finite-state systems to the case of hybrid systems that include continuous time and complex dynamics. The study will investigate three related directions. First, model extension, i.e., the generation of models encompassing faulty behaviors from nominal models, based on a library of predefined faults, specifying the effects and dynamics of faults. Second, the design of engines for the verification and synthesis of safety-related artifacts, based on state-of-the-art parameter synthesis techniques. Finally, the use of contract-based analysis techniques, which exploit the system architecture to perform safety assessment hierarchically.

The Study will be conducted as part of several ongoing research projects carried out at FBK, such as VALU3S (EU funded) and COMPASTA (funded by the European Space Agency).

Link to the group or personal webpage:

References:

  1. M. Bozzano, A. Cimatti, M. Gario, D. Jones, C. Mattarei. Model-based Safety Assessment of a Triple Modular Generator with xSAP. In Formal Aspects of Computing 33(2):251-295, 2021.

  2. M. Bozzano, A. Cimatti, A.F. Pires, D. Jones, G. Kimberly, T. Petri, R. Robinson and S. Tonetta. Formal Design and Safety Analysis of AIR6110 Wheel Brake System. In Proceedings of CAV 2015.

  3. M. Bozzano, A. Cimatti, Alberto Griggio and Cristian Mattarei. Efficient Anytime Techniques for Model-Based Safety Analysis. In Proceedings of CAV 2015.

  4. Alessandro Cimatti, Alberto Griggio, Sergio Mover, Stefano Tonetta: HyComp: An SMT-Based Model Checker for Hybrid Systems. In Proceedings of TACAS 2015.

  5. M. Bozzano, A. Cimatti, J.-P. Katoen, P. Katsaros, K. Mokos, V.Y. Nguyen , T. Noll, B. Postma and M. Roveri. Spacecraft Early Design Validation using Formal Methods. Reliability Engineering & System Safety 132:20-35. December 2014.