we have
about to publish four papers for which we would like to
acknowledge the SPARTA project.
Please, find the versions that we plan to submit in attachment
and a brief description of the content, the venue and the
relation with the activities of WP6 below.
Please let us know if you have any objections or comments.
Best
regards
Gabriele Costa
===
Title:
Natural Projection as Partial Model Checking
Venue: Journal of Automated Reasoning
Relationship with SPARTA: The paper presents a theoretical
result showing that partial model checking and natural
projection are equivalent. Based on this result we developed
an algorithm and a tool for the automatic synthesis of
controllers and sub-modules. This technique is well integrated
in WP6 and, in particular, in Task 6.3 as it may serve as for
the generation of orchestrators directly from high level
security policies.
Title:
WAF-A-MoLE: An adversarial tool for assessing ML-based WAFs
Venue: SoftwareX
Relationship with SPARTA: The paper presents a tool for
automatically generating adversarial attacks able to bypass
ML-based web application firewalls (WAFs). WAFs are often
deployed in modern II as a line of protection against
injection attacks. This work shows that using ML for this
purpose is not secure in general. The activity is related to
the identification and evaluation of the state-of-the-art
technologies adopted in the IIs.
Title: A
Survey on Multi-Factor Authentication for Online Banking in
the Wild
Venue: Computers and Security
Relationship with SPARTA: The paper presents a survey on the
multi-factor authentication platforms used by a number of
banks worldwide. Also, we carried out a systematic review of
regulations and guidelines and we evaluated how the MFA
solutions cope with them. This activity is strongly related to
WP6 as we carried out an in depth evaluation of the service
infrastructures used for implementing the authentication of
customers in the bank sector.
Title:
Building Next Generation Cyber Ranges with CRACK
Venue: Computers and Security
Relationship with SPARTA: The paper introduces a virtual
infrastructure implementing a cyber range. Its purpose is to
run virtual infrastructures where security training exercises
can be executed. The technology developed for this purpose is
the same that will support the orchestration framework that
CINI will provide in Task 6.3
===