Research

Online Privacy

Preserving online privacy ensures that individuals can control the information they share online, protecting them from identity theft, financial fraud, and other cyber threats. My recent research has been focused on the design of a privacy-aware monitoring system in an Industry 4.0 setting that relies on context-based model to detect emergency situations and discosles workers’ personal data to operators only when there is an emergency. Another reserach theme I’m currently investigating is related to empirically measure potential violations of the General Data Protection Regulation (GDPR) within web sites and mobile applications and design tools to automatically detect such violations.

  1. Federica Paci, Jacopo Pizzoli, Nicola Zannone. A Comprehensive Study on Third-Party User Tracking in Mobile Applications.In Proceedings of the 18th International Conference on Availability, Reliability and Security (ARES 2023) 97:1-97:8, 2023.
  2. Stephen Hart, Anna Lisa Ferrara, Federica Paci. Fuzzy-based approach to assess and prioritize privacy risks. Soft Comput. 24(3): 1553-1563, 2020.
  3. Federica Paci, Davide Bianchin, Elisa Quintarelli, Nicola Zannone. IFTTT Privacy Checker. In Proceedings of International Workshop on Emerging Technologies for Authorization and Authentication (ETAA@ESORICS) 90-107, 2020.
  4. Shorouq Alansari, Federica Paci, Andrea Margheri, Vladimiro Sassone.Privacy-Preserving Access Control in Cloud Federations. In Proceedings of IEEE International Conference on Cloud Computing (CLOUD 2017), 757-760, 2017.
  5. Shorouq Alansari, Federica Paci, Vladimiro Sassone. A Distributed Access Control System for Cloud Federations. In Proceedings of International Conference on Distributed Computing Systems (ICDCS) 2131-2136, 2017.
  1. Samuele Tremolini. Privacy nelle Applicazioni Mobile: Studio sul Tracciamento degli Utenti in Android e iOS.MSc in Computer Science and Engineering, University of Verona, 2024.
  2. Mattia Carra. An empirical evaluation of IOS Transparency and Choice Features On App Tracking.MSc in Computer Science and Engineering, University of Verona, 2024.
  3. Francesca Annibaletti. Uno studio sulla trasparenza delle funzionalita’ di privacy di IOS.MSc in Computer Science and Engineering, University of Verona, 2023.
  4. Massimo Onisto. Uno studio empirico sulla trasparenza dell’ esercizio del diritto di accesso.MSc in Computer Science and Engineering, University of Verona,2023.
  5. Niek Muijs. Context-Based Monitoring: Safeguarding Work Safety and Privacy in Industry 4.0 Factories. Department of Mathematics and Computer Science, Eindhoven University, 2023.
  6. Armando De Berti.Uno studio sperimentale sull’utilizzo di cookie e altre tecnologie di tracciamento di terze parti adottate dai siti web, MSc in Computer Science and Engineering, University of Verona, 2023.
  7. Maria Gioia Renoffio.Le icone grafiche migliorano la comprensione delle politiche diprivacy?. MSc in Computer Science and Engineering, University of Verona, 2023.
  8. Mohamed Chems Eddine Laoubi. Context aware privacy checker for Industry 4.0 application. MSc in Computer Engineering and Robotics, University of Verona, 2023.
  9. Jacopo Pizzoli.Uno studio sull’utilizzo di tecnologie di tracciamento in applicazioni Android e iOS. MSc in Computer Science and Engineering, University of Verona, 2023.
  10. Davide Bianchin. Un approccio per preservare la privacy nello sviluppo di applicazioni IFTTT.MSc in Computer Science and Engineering, University of Verona, 2020.

Identity and Access Management

Identity and Access Management is an important part of cybersecurity in that it helps an organization to manage who and what has access to an organization’s systems, important data and resources. Identity Management verifies that entity that’s attempting to access a resource matches their identity, while access management keeps track of which resources the entity has permission to access. My recent research has been focused on empirically investigating security vulnerabilities present in FIDO 2 authentication protocols real-word deployements, and devising approches based on machine learning to refine attribute-based access control policies in order to reduce the risks of users abusing their privileges.

  1. Gelareh Hasel Mehri, Inez L. Wester, Federica Paci, Nicola Zannone. Mitigating Privilege Misuse in Access Control through Anomaly Detection. In Proceeding of ARES 2023: 139:1-139:10
  2. Anna Lisa Ferrara, Federica Paci, Chiara Ricciardi: Verifiable Hierarchical Key Assignment Schemes. DBSec 2021: 357-376
  3. Sowmya Ravidas, Alexios Lekidis, Federica Paci, Nicola Zannone.Access control in Internet-of-Things: A survey. J. Netw. Comput. Appl. 144: 79-101 (2019)
  4. Federica Paci, Anna Cinzia Squicciarini, Nicola Zannone. Survey on Access Control for Community-Centered Collaborative Systems. ACM Comput. Surv. 51(1): 6:1-6:38 (2018)
  5. Luciano Argento, Andrea Margheri, Federica Paci, Vladimiro Sassone, Nicola Zannone.Towards Adaptive Access Control. DBSec 2018: 99-109
  1. Eric Bertolotti. WebAuthn Tester: un tool per la rilevazione automatica delle vulnerabilita’ nei protocolli FIDO2. MSc in Computer Science and Engineering, University of Verona, 2024.
  2. Geremia Furri. Studio delle vulnerabilita’ presenti nelle implementazioni del procollo WebAuthn. BSc in Computer Science, University of Verona, 2023.
  3. Giovanni Danieli. Uno studio sperimentale delle vulnerabilita’ presenti nell’ implementazione di protocolli di autenticazione passwordless MSc in Computer Science and Engineering, University of Verona, 2023.

Cyber Risk Assessment

Cyber risk assessment it’s crucial for all organizations to stay ahead of emerging cybersecurity trends and risks. It allows to identify, assess and mitigate risks posed by cybr attacks to an organization’s assets. It is also crucial component of the software develepoment life cycle (SDLC) that allows to design and build software that is secure by design. My recent research is focused on devising you approaches to estimate the security risks associated with the execution of a business process rather than with a single activity like most cyber risk assessment methodologies and standardss. I’m working on the design of novel approach based on Large Language Models (LLMs) to detect vulnerabilites in software and automatically fix the code.

  1. Katsiaryna Labunets, Fabio Massacci, Federica Paci, Katja Tuma. A new, evidence-based, theory for knowledge reuse in security risk analysis. Empir. Softw. Eng. 28(4): 90 (2023).
  2. Kate Labunets, Fabio Massacci, Federica Paci, Sabrina Marczak, Flavio, Moreira de Oliveira. Model comprehension for security risk assessment: an empirical comparison of tabular vs. graphical representations. Empirical Software Engineering, 22, 6, pp.3017-3056, 2017.
  3. Fabio Massacci, Federica Paci, Le Minh Sang Tran. A Requirements Evolution Approach: Empirical Studies in the Air Traffic Management Domain. Journal of Systems and Software, 94, pp. 70-88, 2014.
  4. Katsyarina Labunets, Fabio Massacci, Federica Paci, Le Minh Sang Tran. An Experimental Comparison of Two Risk-Based Security Methods. In Proceedings of 7th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), Baltimore, MD, pp. 163-172, 2013.
  1. Luca Gugole. Un’Applicazione per l’identificazione di vulnerabilita’ basata su LLMs. MSc in Computer Science and Engineering, University of Verona, 2024.
  2. Emauel Cirabisi. A methodology for the risk analysis of industrial control systems. MSc in Computer Science and Engineering, University of Verona, 2024.
  3. Luca Verdolini. Un Framework per la GAP Analysis rispetto al Digital Operational Resilience Act. MSc in Computer Science and Engineering, University of Verona, 2023.