Flavio Toffalini

Alessandro Visintin, Flavio Toffalini, Mauro Conti et al.

The Internet of Things (IoT) is an emerging paradigm that allows to set large networks of small and independent devices. To ensure their integrity, practitioners employ so-called Remote Attestation (RA) schemes. Classic RA schemes require a central and powerful entity, called Verifier, that has mainly two duties: (i) it manages the entire process of attestation, and (ii) it contains all the proofs for validating the devices' integrity. However, having a central Verifier makes the network dependent upon an external entity and introduces a single point of failure for security. In this work, we propose SAFE^d: the first RA schema that allows a pair of IoT devices to validate their integrity without relying on an external Verifier. Our approach overcomes previous limitations by spreading the proofs among multiple IoT devices and using novel cryptographic mechanisms to ensure secure communications. Moreover, the entire IoT network can collaboratively isolate tampered devices and recover missing proofs in case of anomalies. We evaluate our schema through an implementation for Raspberry Pi platform and a network simulation. The results show that SAFE^d can detect infected devices and recover up to 99.9% of proofs in case of faults or attacks. Moreover, we managed to protect up to 10K devices with a logarithmic overhead on the network and on the devices' memory.

Flavio Toffalini, Eleonora Losiouk, Andrea Biondo et al.

The introduction of remote attestation (RA) schemes has allowed academia and industry to enhance the security of their systems. The commercial products currently available enable only the validation of static properties, such as applications fingerprint, and do not handle runtime properties, such as control-flow correctness. This limitation pushed researchers towards the identification of new approaches, called runtime RA. However, those mainly work on embedded devices, which share very few common features with complex systems, such as virtual machines in a cloud. A naive deployment of runtime RA schemes for embedded devices on complex systems faces scalability problems, such as the representation of complex control-flows or slow verification phase. In this work, we present ScaRR: the first Scalable Runtime Remote attestation schema for complex systems. Thanks to its novel control-flow model, ScaRR enables the deployment of runtime RA on any application regardless of its complexity, by also achieving good performance. We implemented ScaRR and tested it on the benchmark suite SPEC CPU 2017. We show that ScaRR can validate on average 2M control-flow events per second, definitely outperforming existing solutions.

Ivan Homoliak, Flavio Toffalini, Juan Guarnizo et al.

Insider threats are one of today's most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. Despite several scientific works published in this domain, we argue that the field can benefit from the proposed structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research, while leveraging existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include: 1) Incidents and datasets, 2) Analysis of attackers, 3) Simulations, and 4) Defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents, which is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers' efforts in the domain of insider threat, because it provides: a) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, b) an updated overview on publicly available datasets that can be used to test new detection solutions against other works, c) references of existing case studies and frameworks modeling insiders' behaviors for the purpose of reviewing defense solutions or extending their coverage, and d) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.