Some ideas for a Master thesis
If you are interested in the topics below, contact Nicola Zannone (email: n.zannone * tue.nl (replace * with @) )
Collaborative access control:
In the context of cooperative systems, data coming from multiple, autonomous, heterogeneous information sources, is processed and fused into new pieces of information that can be further processed by other entities participating in the cooperation. Controlling the access to such evolving and variegated data, often under the authority of different entities, is challenging.
Most of the existing access control mechanisms, however, assume that data objects are under the control of a single entity (e.g., the system or the owner), making them unsuitable to deal with collaborative systems where multiple users can contribute to the creation, governance and management of data.
This research line aims to design methods for collaborative decision making while ensuring an appropriate level of control to the different parties involved.
Possible projects includes (i) the definition of a framework for the design of data governance models and the specification of multi-party access control policies that determine how policy conflicts arising from conflicting access requirements should be solved, and (ii) a policy framework for data fusion and derived data control.
Federica Paci, Anna Cinzia Squicciarini, Nicola Zannone:
Survey on Access Control for Community-Centered Collaborative Systems. ACM Comput. Surv. 51(1): 6:1-6:38 (2018)
Rauf Mahmudlu, Jerry den Hartog, Nicola Zannone:
Data Governance and Transparency for Collaborative Systems. DBSec 2016: 199-216
Clara Bertolissi, Jerry den Hartog, Nicola Zannone: Using Provenance for Secure Data Fusion in Cooperative Systems. SACMAT 2019: 185-194
Policy evaluation under uncertainty:
Existing access control mechanisms typically assume a centralized view where all relevant attributes are stored in a policy information point and are retrieved by the policy decision point during policy evaluation.
This assumption, however, does not hold in modern IT systems like Internet of Things and building automation where authorization mechanisms increasingly rely on external sources for retrieving the attributes needed for policy evaluation.
The use of external sources for attribute retrieval can have a significant impact on policy evaluation as those sources might not be available at the time of policy evaluation or might provide incorrect values due to intrinsic limitations of the mechanism used for their retrieval.
This can lead an authorization system to make incorrect access decisions, thus affecting system security and business continuity.
While some approaches have been proposed to handle missing information, the current state-of-the-art is still far away from providing sufficient protection and existing access control mechanisms are vulnerable to attribute hiding attacks.
This research aims to devise novel access control models able to make reliable access decisions when the information needed for policy information is missing or incorrect.
Charles Morisset, Tim A. C. Willemse, Nicola Zannone:
A framework for the extended evaluation of ABAC policies. Cybersecurity 2(1): 6 (2019)
Jason Crampton, Charles Morisset, Nicola Zannone:
On Missing Attributes in Access Control: Non-deterministic and Probabilistic Attribute Retrieval. SACMAT 2015: 99-109
Insider threats detection:
This research line aims to devise new methods and tools to support organizations in the detection of security incidents characterized, for instance by insiders infringing security policy or misusing their privileges.
This can be achieved by monitoring user behavior and analyzing it against the "normal" user behavior, which can be specified on the basis of the security policies in place or learned from historical data.
This research aims at novel methods and frameworks for (i) behavioral analysis, (ii) anomaly detection and (iii) compliance checking.
Mahdi Alizadeh, Xixi Lu, Dirk Fahland, Nicola Zannone, Wil M. P. van der Aalst:
Linking data and process perspectives for conformance analysis. Computers & Security 73: 172-193 (2018)
Mahdi Alizadeh, Massimiliano de Leoni, Nicola Zannone:
Constructing Probable Explanations of Nonconformity: A Data-Aware and History-Based Approach. SSCI 2015: 1358-1365
Laura Genga, Mahdi Alizadeh, Domenico Potena, Claudia Diamantini, Nicola Zannone:
Discovering anomalous frequent patterns from partially ordered event logs. J. Intell. Inf. Syst. 51(2): 257-300 (2018)
Mahdi Alizadeh, Sander Peters, Sandro Etalle, Nicola Zannone:
Behavior analysis in the medical sector: theory and practice. SAC 2018: 1637-1646
Incident prioritization and response:
Data protection regulations like the GDPR strengthens the responsibility of data controllers and imposes strict requirements for organizations on the handling of security incidents.
To meet these requirements, it is necessary to design novel approaches able to investigate policy infringements before deciding the actions to be taken in order to properly respond to the security incidents.
Security and privacy applications, however, are especially weak in this respect due to the highly noisy data and large amount of false positives that the relevant `data generation processes' (e.g., network inspection by an Intrusion Detection System or human decision making) inject in the data.
These inherent biases in the data generation, regardless of whether they are systematically introduced
by data-crunching algorithms or humans, can be severely misleading for data analysts and decision makers.
Uncovering biases from observational data is a broad and still an open problem that requires a thorough exploratory analysis and understanding of the data, as well as rigorous estimations of effect sizes.
This line of research aims to devise metrics, methods and frameworks that assist analysts in the identification of systematic biases in decisional processes and risk quantification.