research

Today the Web is the main means by which companies and organizations are carrying on their business. The central role that the Web is currently playing in business world has forced many companies to reorganize their businesses by adopting the Web service paradigm. For this reason a strong effort of our research is devoted to investigate security issues in Web services. The research activities in this area follow two main directions.

The first is related to security issues in Web service composition. The idea is that both Web services requestors and providers may have security requirements and properties that must be taken into account when composing Web services. We refer to Web service composition driven by security requirements as security conscious composition. Such constraints must be carefully considered when composing Web services, since they can drive the composition process. A result of the research efforts devoted to this problem is the definition of a brokered architecture for composing Web services according to the specified security constraints. Related to the Web service composition, we have investigate also the problem to enforce a correct deployment of the composition. Typically, a composite web service provider exposes the workflow description and it is responsible for the centralized execution of the overall process which is described. The aim of this research activities is to provide a decentralized mechanism and a related supporting framework according to which the execution of the overall process is not always in charge of a single entity, rather the execution is as much as possible delegated to participating web services, by at the same time ensuring the correctness of the control flow as well as the main security requirements.

Another area is due the increasing discussions on privacy in Web as well as in Web services architecture. We have investigated these issues in Web services discovery agencies in the context of publish and find Web services paradigm. As results we have proposed different technical approaches to tackle the privacy issues of publishing service descriptions at UDDI registries.

In many applications, data arrive in the form of high speed data streams. Examples of such applications include telecommunication, battle field monitoring, network monitoring, financial monitoring, sensor networks, and so on. These data typically contain information that is sensitive and thus unauthorized accesses should be avoided. As an example, consider battle field monitoring, where the positions of soldiers are protected information that should only be accessible to the battleground commanders.

Clearly, there is a need to integrate access control mechanisms into data stream processing systems to achieve a controlled and selective access to data streams. However, to our knowledge, there has been no reported work that offers access control over data streams. From the data stream community, many data stream processing systems have been developed both academically (e.g., Aurora, Borealis, STREAM, TelegraphCQ) and commercially (e.g., StreamBase), but the focus in these systems has been on performance issues.

On the other hand, though the data security community has a very rich history in developing access control models, these models are largely tailored to traditional DBMSs. Thus, they cannot be readily adapted to data stream applications, mainly because: (a) traditional databases are static and bounded while data streams are unbounded and infinite; (b) queries in traditional DBMSs are one time and ad-hoc but queries over data streams are typically continuous and long running; (c) in traditional DBMSs access control is enforced when users access the data; in data stream applications, access control enforcement is data-driven (i.e., whenever data arrive); (d) because of (c), access control is more computational intensive in data stream applications and specific techniques to handle it efficiently should be devised; (e) as data are streaming, temporal constraints (e.g., sliding windows) become more critical in data stream applications than in traditional DBMSs. To cope with all these new requirements, in this project, we investigate a novel access control model for data stream applications based on the Aurora model.

Web-based social networks (WBSNs) are online communities where participants can establish relationships and share resources across the Web with other users. In recent years, several WBSNs have been adopting Semantic Web technologies, such as FOAF, for representing users' data and relationships, making it possible to enforce information interchange across multiple WBSNs. Despite its advantages in terms of information diffusion, this raised the need of giving content owners more control on the distribution of their resources, which may be accessed by a community far wider than they expected.

So far, this issue has been addressed by some of the available Social Network Management Systems (SNMSs) by allowing users to state whether a specific information (e.g., personal data and resources) should be public or accessible only by the users with whom the owner of such information has a direct relationship. Such simple access control strategies have the advantage of being straightforward, but, on one hand, they may grant access to non-authorized users, and, on the other hand, they are not flexible enough in denoting authorized users. In fact, they do not take into account the ‘type’ of relationship existing between users and, consequently, it is not possible to state that only, say, my “friends” can access a given information. Moreover, they do not allow to grant access to users who have an indirect relationship with the resource owner (e.g., the “friends of my friends”).

We think that more flexible mechanisms are needed, making a user able to decide which network participants are authorized to access his/her resources and personal information, which may be the basis for a more comprehensive privacy secure and private framework for social networks.

For these purposes, we are investigating how to address security issues in WBSNs along two complementary directions, namely, access control and privacy protection.

We defined an access control model for WBSNs, where policies are specified in terms of constraints on the type, depth, and trust level of relationships existing between users. Relevant features of our model are the use of certificates for granting relationships' authenticity, and the client-side enforcement of access control according to a rule-based approach, where a subject user requesting to access an object must demonstrate that it has the rights of doing that by means of a proof. We have also proposed a decentralized system architecture on support of access control enforcement, based on the interaction of two agents: the central node of the network, which stores and manages certificates specified by users, and a set of peripheral nodes, in charge of storing access rules and performing access control.

Relationships in a social network may give rise to some relevant privacy concerns. For instance, a user would like to keep private the fact that he/she has a relationship of a given type with a certain user. In other cases, a user would like to avoid other users know the existence of a relationship of a given type, independently from the user with whom it is established.

For this purpose, we have complemented our access control model with a mechanism able to enforce different privacy requirements on social network relationships. The key point is that, since relationships information is fundamental for access control, we have to devise a method able to protect the privacy of relationships and, at the same time, make such information usable for access control purposes.

In order to address this issue, we specify privacy requirements through a set of distribution rules, which basically state the protection requirements to be enforced on a relationship. Cryptographic-based techniques are then used to enforce distribution rules and to avoid privacy breaches that may arise when access control is carried out

Data outsourcing is today receiving growing attention due to its benefits in terms of cost reduction and better services. According to such paradigm, the data owner is no more responsible for data management, rather it outsources its data to one or more service providers (referred to as publishers) that provide management services and query processing functionalities.

Clearly, data outsourcing leads to many research challenges. One of the most significant is related to security. The key problem is that, since the owner does not anymore manage its data, it may potentially loose control over them. The challenge is therefore how to ensure the most important security properties (e.g., confidentiality, integrity, authenticity) even if data are managed by a third party.

A naive solution is to assume the publisher to be trusted, that is, to assume it always operates according to the owner's security policies. However, making this assumption is not realistic, especially for web-based systems that can be easily attacked and penetrated. Additionally, verifying that a publisher is trusted is a very costly operation.

Therefore, the research is now focusing on techniques to satisfy main security properties even in the presence of an untrusted publisher that can not always follow owner's security policies (for instance it can maliciously modify/delete the data it manages or it can send data to non authorized users).

In this project, we developed a comprehensive solution for ensuring authenticity, confidentiality and completeness of outsourced data, by focusing our attention on data expressed in XML