MERLO , Alessio

This talk focuses on discussing a personal research experience through different, and, in principle, disconnected research topics. More specifically, the talk highlights a research path that started from HPC and Grid Computing and has lead to topics related to Computer Security and Privacy. The talk covers a period of 12 years, between 2005 and...

We introduce a novel architectural solution (BYODCert) for managing the Bring Your Own Device paradigm at a cross-organizational level by exploiting mobile device certifications. BYODCert acts as a trusted third party allowing organizations to verify the compliance of their employees' personal devices against BYOD security policies. BYO-DCert...

Risk analysis on Android is aimed at providing metrics to users for evaluating the trustworthiness of the apps they are going to install. Most of current proposals calculate a risk value according to the permissions required by the app through probabilistic functions that often provide unreliable risk values. To overcome such limitations, this...

No description

Pattern lock is a very popular mechanism to secure authenticated access to mobile terminals; this is mainly due to its ease of use and the fact that muscle memory endows it with an extreme memorability. Nonetheless, pattern lock is also very vulnerable to smudge and side channels attacks, thus its actual level of security has been often...

A very common approach adopted to fight the increasing sophistication and dangerousness of malware and hacking is to introduce more complex authentication mechanisms. This approach, however, introduces additional cognitive burdens for users and lowers the whole authentication mechanism acceptability to the point of making it unusable. On the...

No description

This paper introduces a proposal aimed at defining a novel methodology for run-time monitoring of Fog applications which is both policy-driven and app-agnostic. The first feature grants the possibility to define security policies that are enforced at run-time on a single or a set of Fog applications. The latter allows to enforce the security...