theses.yml

# ===== template for a thesis =====
# - id:                 # ID of the thesis
#   author:             # ID of the student
#   title:              # Title of the thesis
#   type:               # B for bachelor, M for master, P for PhD, PG for Postgraduate Thesis
#   abstract: >
#     Textual abstract
#   supervisor:         # ID of supervisor
#   co-supervisor:      # List of IDs of co-supervisors
#     -
#   year:               # Year of the thesis ("YYYY")
#   awards:             # Eventual awards (e.g., CLUSIT)
#   institution:        # Institution (e.g., University of Trento)
#   link:               # Link to the thesis, if present (e.g., IRIS handle)

## 2026

- id: LucaBortolotti_BA
  author: LucaBortolotti_BA
  title: "Transparent proxy per CryptoAC: Design e implementazione di un meccanismo di transparent proxy in Kubernetes per CryptoAC"
  type: B
  abstract: >
    Il contesto di lavoro di questa tesi `e costituito dall’ambiente Linux e in particolare le funzionalit`a di rete e containerizzazione di tale sistema operativo, applicate nell’implementazione dell’infrastruttura che ospita le applicazioni cloud native. Un’applicazione cloud native `e un’applicazione che adotta i principi del cloud computing come scalabilit`a, automazione e resistenza. Sebbene contenga il termine cloud nel nome essa non necessariamente richiede l’utilizzo di un’infrastruttura cloud sofisticata per essere eseguita, ma pu`o anche essere ospitata su un unico computer. Le applicazioni cloud native spesso sono sviluppate seguendo i principi derivanti dall’architettura basata sui microservizi, in cui un’applicazione `e costituita da moduli isolati e indipendenti che interagiscono fra loro attraverso protocolli standard (ad esempio HTTP REST API o RPC). Ogni modulo ha un certo livello di isolamento (garantendo maggiore sicurezza), `e progettato per fare una specifica funzione bene (concetto ripreso dalla filosofia UNIX/POSIX) ed `e riutilizzabile (concetto ripreso dalla filosofia della programmazione orientata agli oggetti). Questo approccio architetturale permette di raggiungere: alti livelli di automazione (per- mettendo di definire le applicazioni attraverso linguaggi di configurazione e di gestire il control plane attraverso una API), un utilizzo granulare ed efficiente delle risorse (un passo ulteriore nella direzione della virtualizzazione gi`a iniziato con la virtualizzazione hardware), flessibilit`a e scalabilit`a. Siccome la tecnologia di base delle applicazioni cloud native `e la containerizzazione, ne vengono ereditati tutti i vantaggi, tra cui la possibilit`a da parte degli sviluppatori (Dev) di distribuire le proprie applicazioni complete di dependencies e configurazioni; gli operatori infrastrutturali (Ops) potranno trattare tut- te le applicazioni (impacchettate in un formato standard) allo stesso modo, indipendentemente dal sistema operativo utilizzato per i server. Da tale architettura deriva il fatto che la sicurezza di un’applicazione cloud native dipenda anche dalla sicurezza delle comunicazioni che avvengono tra i microservizi che a loro volta dipende dalla sicurezza della rete sottostante, su cui tali comunicazioni transitano. Tale rete pu`o essere confinata in una regione di un datacenter o anche svilupparsi su un’area geografica molto pi`u grande, per esempio nel caso di applicazioni cloud native costituite da componenti ospitate in datacenter diversi. Inoltre le comunicazione potrebbero transitare attraverso altri microservizi o message broker. In tutti questi casi la sicurezza di tali canali di comunicazione non `e garantita e potenziali attaccanti possono violare le propriet`a di sicurezza di integrity e confidentiality. A ci`o si aggiunge che il controllo degli accessi risulta particolarmente importante poich ́e spesso nelle applicazioni cloud native vengono generati e scambiati dati con diverse origini, ad esempio applicazioni, utenti, workload, etc. Il progetto CryptoAC, discusso da un punto di vista teorico nell’articolo dedicato [18], ha come obiettivo quello di garantire le propriet`a di integrity e confidentiality dei dati scambiati dai microservizi che costituiscono un’applicazione cloud native, senza doverne modificare il codice o la configurazione. Per raggiungere questo obiettivo CryptoAC viene posto come sidecar proxy nei microservizi (pod) che costituiscono l’applicazione cloud native e in modo completamente trasparente si occupa di intercettare il traffico ed applicarvi meccanismi di cifratura in base alle policy specificate dall’amministratore. Ci`o permette di avere una cifratura end-to-end. Le policy possono stabilire per esempio quali comunicazioni tra microservizi sono permesse e/o protette. Uno dei requisiti di questo progetto `e la possibilit`a di installare in modo agevole CryptoAC in un’applicazione cloud native, anche se originariamente non sviluppata considerando questa eventualit`a, mediante un metodo completamente automatizzato di injection del sidecar proxy nei pod. L’oggetto di questa tesi riguarda il design e l’implementazione della componente di CryptoAC che si occupa di intercettare tutto il traffico in uscita e in entrata da un pod (transparent proxy) con il fine di fornirlo alle altre componenti di CryptoAC che gestiscono aspetti come l’applicazione delle policy e la cifratura dei byte scambiati nelle comunicazioni tra microservizi. Nello specifico, l’obiettivo della tesi `e quello di: studiare nel dettaglio il funzionamento dello stack di networking di Linux e di Kubernetes; considerare i possibili approcci architetturali del transparent 2 proxy; scegliere un approccio architetturale motivando le scelte fatte tenendo conto dei requisiti deri- vanti dalle specifiche di CryptoAC (illustrate nell’articolo prima citato) e dei requisiti elicitati durante lo sviluppo; svilupparlo; implementare una demo funzionante con il fine di testare il reale funzio- namento dell’architettura scelta in un’applicazione cloud native rappresentativa; discuterne punti a favore e limiti; raccogliere alcuni dati relativi all’impatto prestazionale. Inoltre, in questa tesi viene discusso anche un metodo per l’injection automatica di un container nei pod che costituiscono un’ap- plicazione cloud native Kubernetes, il quale viene anche utilizzato per il test dell’implementazione del transparent proxy in un’applicazione cloud native di riferimento. I problemi affrontati sono molteplici e vari. L’apprendimento in rete e sui manuali di Linux del funzionamento dello stack di networking di Linux, Docker e Kubernetes, nonch ́e la pratica nella configurazione e nell’interfacciamento con tali sistemi. La ricerca delle metodologie adottabili per raggiungere l’obiettivo del transparent proxy. L’elicitazione dei requisiti sulla base dell’articolo di CryptoAC [18] e sulla base della comprensione del problema raggiunta attraverso lo studio e i test pratici effettuati sul sistema. L’implementazione del transparent proxy. La risoluzione dei numerosi problemi scoperti durante lo sviluppo, compresa la modifica dell’architettura sulla base delle nuove scoperte sperimentali e l’elicitazione di nuovi requisiti inizialmente non individuati. La scelta di un’applicazione cloud native che possa essere rappresentativa della maggior parte delle applicazioni cloud native e che fornisca strumenti utili all’osservabilit`a, generazione di traffico per il test delle prestazioni e raccolta dati. L’installazione di essa in Kubernetes. La ricerca di una metodologia per l’injection automatica di un container nei pod e la relativa implementazione. Il test del corretto funzionamento del transparent proxy nell’applicazione cloud native e la raccolta di dati relativi alle prestazioni del sistema sottoposto a traffico fornito da un load generator. Le metodologie e tecniche utilizzate per raggiungere gli obiettivi della tesi sono numerose. La ricerca e lo studio nelle documentazioni dei sistemi sui quali occorre operare. Creazione di uno sche- ma che rappresenti l’architettura del transparent proxy. L’installazione, la configurazione e l’utilizzo pratico di tali sistemi al fine di comprenderne a fondo il funzionamento ed essere in grado di svilup- pare una soluzione per il problema, nonch ́e implementare e testare tale soluzione per verificarne la validit`a. Programmazione in linguaggi come bash e python per sviluppare l’implementazione. Utilizzo dell’ambiente shell Linux per la configurazione, programmazione e risoluzione problemi. Utilizzo di tool come iptables per configurare netfilter e ip per configurare le routing table e il policy routing. Utilizzo di tool come netstat, tcpdump, strace per indagare e risolvere i problemi incontrati nel pro- cesso di sviluppo. Utilizzo dell’interfaccia socket fornita dal kernel Linux. Creazione e configurazione di immagini e container Docker. Utilizzo e configurazione di Kubernetes. Utilizzo di tool come Locust che permette di generare traffico similare al traffico generato da un gruppo di utenti e di raccogliere dati per misurarne l’impatto prestazionale. I dati elaborati riguardano principalmente due categorie. La prima `e la raccolta e interpretazione di log con il fine di verificare il corretto funzionamento e comportamento in molteplici scenari del sistema di transparent proxy sviluppato, con un focus sul funzionamento nel contesto di un’applicazione cloud native Kubernetes. La seconda `e la raccolta di misurazioni prestazionali con il tool di load generation Locust. Alcuni dei risultati raggiunti in questa tesi sono: le specifiche di un meccanismo di transparent proxy in Linux, con i relativi dettagli di funzionamento; il codice bash e python dell’implementazione di una demo di tale meccanismo di transparent proxy, sviluppato e discusso nel testo della tesi; i risultati di alcuni test di funzionamento e test di prestazioni, applicati in un’applicazione cloud native di riferimento.
  supervisor:
    - SilvioRanise
  co-supervisor:
    - StefanoBerlato
  year: 2026
  awards:             # Eventual awards (e.g., CLUSIT)
  institution: University of Trento
  link:               # Link to the thesis, if present (e.g., IRIS handle)

## 2025

- id: LiviaMarini_MA
  author: LiviaMarini_MA
  title: >
    Securing against the quantum threat: multilevel cybersecurity governance and implementation gaps in Italy
  type: M
#   abstract: >
#     Textual abstract
  supervisor:
    - AntoninoAlì
  co-supervisor:
    - AlessandroTomasi
    - PietroDeMatteis
    - GiovanniCorti
    - LucaPiras    
  year: 2025
#  awards:             # Eventual awards (e.g., CLUSIT)
  institution: University of Trento and Sant'Anna School of Advanced Studies

- id: RiccardoGennaro_MA
  author: RiccardoGennaro_MA
  title: "Revisiting the ETSI C-ITS Lifecycle with Cerificateless Authorization Based on Group Signatures"
  type: M
  abstract: >
    The current standards for Intelligent Transport Systems (ITSs) by the European Telecommunications Standards Institute (ETSI) rely heavily on Public Key Infrastructures (PKIs) and pseudonym-based digital certificates to provide message authenticity and user privacy in vehicular communications. Although effective, this approach introduces substantial complexity due to heavy certificate management and network overhead, particularly in cases of dense traffic. To simplify certificate management without sacrificing interoperability, this paper proposes a standard-compatible redesign of (part of) ETSI's authentication and authorization lifecycle that replaces pseudonym-based certificates with Group Signatures (GSs). Our redesign preserves the separation of duties between Enrollment Authorities (EAs) and Authorization Authorities (AAs), balancing authenticity, unlinkability, non-repudiation, and limited anonymity. Also, we implement a proof-of-concept within the open-source C2C-Common platform using IBM's libgroupsig library. Our benchmarks show that our redesign introduces substantial yet improvable signing and verification overheads — 3.7x and 10x, respectively — while maintaining comparable message sizes. Finally, we discuss a further ETSI-compatible extension with Attribute-Based Encryption (ABE) to introduce fine-grained access control aligned with ETSI's permission codes and C-Roads use cases.
  supervisor:
    - FlorianHahn
  co-supervisor:
    - AlessandroTomasi
    - StefanoBerlato
  year: 2025
  awards:             # Eventual awards (e.g., CLUSIT)
  institution: University of Trento and Twente

- id: ClaudioForoncelli_BA
  author: ClaudioForoncelli
  title: "Cryptography Bill of Materials: Inventory, Analysis and Risk Assessment of Cryptographic Components in Software"
  type: B
  abstract: >
     This thesis explores the role of Cryptography Bills of Materials (CBOMs) as a foundation for systematic cryptographic risk management, compliance verification, and preparation for the post-quantum cryptography (PQC) transition. A CBOM is a structured, machine-readable inventory that enumerates the algorithms, keys, certificates, and protocols used in a software system, providing the visibility needed to detect deprecated components and ensure alignment with regulatory guidelines. The research began with a survey of CBOM standards and related tools, identifying the software CBOMkit, originally developed by IBM, as the most complete open-source solution for cryptographic inventories. Building on this foundation, the thesis introduces a policy-driven evaluation engine, implemented in Java, capable of assessing CBOMs against customizable compliance policies expressed in a TOML format. The engine defines compliance and assessment levels to classify individual assets and aggregate them into an overall system posture. The extended framework is validated through experiments on a test CBOM and on the CBOM generated from Keycloak, a widely used open-source identity and access management platform. The results show that the system reliably identifies deprecated and disallowed primitives such as SHA-1, 3DES, and AES in ECB mode, and communicates these findings through compliance reports. These contributions demonstrate that CBOM inventories, coupled with automated evaluation, are important for compliance, security, and PQC migration. In particular, they highlight a key principle: organizations cannot effectively replace cryptography for the quantum era unless they first know precisely what is already in use.
  supervisor:
    - SilvioRanise
  co-supervisor:
    - AlessandroTomasi
    - PietroDeMatteis
    - LucaPiras
    - LuisAugustoDiasKnob
  year: 2025
  awards:             # Eventual awards (e.g., CLUSIT)
  institution: University of Trento

- id: ChiaraSpadafora_PhD
  author: ChiaraSpadafora
  title: "Combining cryptography, risk assessment and usability for secure e-voting systems"
  type: P
  abstract: >
     Remote electronic voting is a multi-faceted subject that cannot be fully addressed from a single perspective. The design of a secure and effective e-voting system requires a careful balance of mathematical rigor, robust information security measures, and usability considerations. In this thesis, I explore these interconnected dimensions to propose a comprehensive solution, which was called Vote App, that ensures both security and usability. In addition, this thesis introduces the Amun voting protocol, an improved voting protocol derived from the one developed during my master's thesis.
  supervisor:
    - SilvioRanise
  year: 2025
  awards:             # Eventual awards (e.g., CLUSIT)
  institution: University of Trento
  link: https://iris.unitn.it/retrieve/handle/11572/451451/1031735/

## 2024
- id: GiorgiaGabardi_BA
  author: GiorgiaGabardi_BA
  title: "Studio dei pattern di revoca nelle liste di revoca dei certificati digitali"
  type: B
  abstract: >
    L’integrità di Internet si basa in gran parte sulla fiducia garantita dai certificati X.509. Tuttavia, quando questi certificati sono compromessi o non sono più affidabili devono essere revocati. La ge- stione della revoca dei certificati è da tempo una componente di fondamentale importanza dell’attuale infrastruttura Web PKI. Molti metodi di revoca ampiamente riconosciuti e frequentemente utilizzati per i certificati X.509 presentano però delle limitazioni. Tali carenze comportano sfide rilevanti per garantire l’affidabilità e la trasparenza dell’infrastruttura di revoca. Questa tesi fornisce un’analisi dei meccanismi di revoca dei certificati più comuni, ponendo parti- colare attenzione sul metodo Certificate Revocation List (CRL). Lo studio inizia con un’analisi dello stato dell’arte nel campo della revoca dei certificati, partendo dai certificati X.509 fino ad arrivare ai principali meccanismi di revoca presenti, esaminandone le vulnerabilità e le limitazioni, ma evidenziando al contempo la loro rilevanza. Successivamente viene fornita una panoramica sulle motivazioni della revoca dei certificati, sull’importanza di un intervento tempestivo e sui diversi metodi disponibili per attuare la revoca. Segue poi un esame dettagliato del meccanismo CRL. Per analizzare il comportamento delle CRL e le loro prestazioni è stato sviluppato uno script personalizzato che utilizza e modifica alcune delle funzioni fornite dal repository tls-gen [25] di GitHub per generare certificati e CRL. Sono stati con- dotti una serie di test emettendo, e successivamente revocando, un sottoinsieme di certificati in ordine casuale e misurando varie metriche delle prestazioni, quali il tempo necessario per generare e leggere le CRL, nonché il tempo impiegato per verificarne la validità e cercare i certificati al loro interno. Sono state inoltre calcolate statistiche chiave, tra cui media, mediana e deviazione standard dei tempi di ricerca per certificati revocati e non revocati, per diverse dimensioni di CRL. Nella seconda parte della tesi è stata condotta un’analisi empirica dei dati relativi alla revoca dei certificati nel contesto reale. L’obiettivo è stato quello di esplorare e comprendere vari aspetti della revoca dei certificati, tra cui sono presenti i motivi specifici delle revoche, le date di emissione, di re- voca e di scadenza dei certificati, evidenziando le possibili correlazioni che possono essere presenti tra questi parametri. Questa indagine ha fornito importanti indicazioni sui fattori che portano alla revoca dei certificati, cosı̀ come sulle tempistiche che caratterizzano il loro intero ciclo di vita. Studiando questi dati è stato possibile ottenere una visione più chiara delle dinamiche e delle pratiche coinvolte nella gestione delle CRL, contribuendo cosı̀ ad una comprensione più completa delle procedure e delle sfide associate alla revoca dei certificati. Questo approfondimento è fondamentale per migliorare le pratiche correnti e per garantire una gestione più efficace e sicura delle infrastrutture a chiave pubblica. In termini di prestazioni e comportamento delle CRL, le visualizzazioni e i grafici derivati dai da- ti raccolti illustrano come i tempi medi varino all’aumentare delle dimensioni delle CRL, offrendo spunti preziosi sia per la comprensione teorica che per l’implementazione pratica dei meccanismi di revoca dei certificati. In aggiunta, l’analisi dei dati reali provenienti dal Web consente di ottenere una visione approfondita della validità dei certificati revocati e delle variazioni nella loro durata in relazione ai codici di motivo di revoca ad essi associati.
  supervisor: 
    - DomenicoSiracusa
    - AlessandroTomasi
  year: 2024
  awards: 
  institution: University of Trento

- id: LucaClaus_BA
  author: LucaClaus_BA
  title: "End-to-End Protection for Data Sharing Among Organizations in Cloud-Managed Blockchain Applications"
  type: B
  abstract: >
    With the development and widespread adoption of the Cloud, data sharing among individuals and organizations has become more convenient than ever before. However, one of the main obstacles that hinders the adoption of Cloud concerns data security and, in particular, data confidentiality and integrity, such as the risk of unauthorized access by third parties, data breaches due to vulnerabilities in the Cloud Service Provider (CSP)’s infrastructure, lack of control over data location, internal attackers and malicious users. Additionally, CSP are often considered “honest but curious”, meaning they might have the motivation or the technical ability to analyze and access to the data they store or process. The arrival of blockchain technology brought a new secure and decentralized approach ideal to guarantee the confidentiality and the integrity of sensitive data, especially in cross-organizational scenarios where multiple equally (dis)trusting parties need to collaborate and exchange data securely. Nonetheless, the blockchain is a difficulty technology to set-up, maintain, and use. For this reason, the adoption of blockchain technology in a serverless fashion is sometimes preferred, in which the duty to manage the blockchain is delegated to a partially-trusted third party, e.g. usually a CSP. The fact that organizations use Cloud-managed blockchains poses again a risk to the confidentiality of data, as the CSP — which handles the nodes composing the blockchain — has ideally access to the data contained within the transactions. In this thesis, we propose a solution for guaranteeing the confidentiality of sensitive data shared over a Cloud-managed blockchain network managed by a partially trusted CSP in cross-organizational scenarios. The solution ensures the confidentiality of the shared data by combining Cryptographic Access Control (CAC) — for end-to-end protection of the data according to Access Control (AC) policies internal to organizations — with Proxy Re-Encryption (PRE) — for achieving effective and secure revocation of access privileges. This project follows a deep analysis of a previous solution proposed by Enrico Marconi [11], which introduces a multi-admin data management system designed to ensure the confidentiality of sensistive data shared on a blockchain network managed by an honestbut-curious CSP. We identify its limitations, such as problems with collusions and the lack of a revocation mechanism, and outline the requirements that our solution must address. Finally, we implements a proof-of-concept to demonstrate the feasibility of the solution.
  supervisor: SilvioRanise
  co-supervisor:
    - StefanoBerlato
    - RiccardoLongo
  year: 2024
  awards: 
  institution: University of Trento

- id: MarcoSoldera_BA
  author: MarcoSoldera_BA
  title: "A Risk Assessment Methodology for VSNF Placement in Cloud Native Applications"
  type: B
  abstract: >
    In the 2010s, companies started migrating data and services from their private infrastructures to the cloud to gain more flexibility, security and global access. More recently, the evolution of cloud computing resulted in a growing diffusion of cloud native applications, i.e., software applications designed to run within cloud-based environments with benefits like flexibility, scalability, resilience and manageability. An aspect that is sometimes overlooked is that developers are not necessarily security experts and they may not know what Virtual Security Network Functions (VSNFs) are necessary to protect their cloud native application. Then also the placement inside the graph of the application of these VSNFs could be a critical task leaving space to threats and vulnerabilities, and could focus too much on performance. An automation of this process could improve security in cloud native applications. This thesis proposes a novel risk-based methodology to place VSNFs in cloud native applications. First of all, the methodology expects developers to define what assets need to be protected in their cloud native application. Then, the methodology identifies what VSNFs are required to protect these assets and where to place such VSNFs inside the graph of the cloud native application. Afterwards, the methodology proceeds in reducing the number of VSNFs to optimize the consumption of computational resources through the elimination of redundancies. To showcase the benefits of our methodology, we also provide a prototype implementation in Python language1 and a manual usage of it on an example cloud native application. The use of the methodology in the example shows how we arrived to a result that represents a graph ready to be deployed in a real application through a Virtual Network Embedding (VNE) algorithm. This results also in enhancing overall security in the final deployment of the cloud native application.
  supervisor: DomenicoSiracusa
  co-supervisor:
    - StefanoBerlato
    - SilvioCretti
  year: 2024
  awards: 
  institution: University of Trento

- id: SaraMontanari_MA
  author: SaraMontanari_MA
  title: "Refreshable and Extensible Verifiable Decentralized Secret Sharing for Threshold Access Trees"
  type: M
  abstract: >
    This thesis investigates decentralized threshold secret sharing protocols in cryptography, with a particular emphasis on improving key recovery mechanisms. The research is partially tied to an internship project at the Bruno Kessler Foundation in Trento, titled Key Recovery. Safeguarding private keys is a critical challenge, especially for the general public, as losing these keys can result in the permanent loss of valuable assets. Traditional methods, which involve entrusting keys to third-party custodians, present significant risks and may not be suitable for some use-cases, whereas secret sharing schemes allow trust to be distributed among multiple parties, without relying on third parties. Decentralized systems are increasingly being seen as an attractive alternative to centralized ones, due to their benefits in data management, such as avoiding single points of failure or securely storing crypto-assets. For these systems to be a viable alternative, secure decentralized cryptographic schemes are essential. In this context, secret sharing is used in wallet key management to improve the security and accessibility of private keys by splitting them into multiple shares, distributed among different participants or providers. No single participant holds the complete key, and access to the wallet requires a minimum number of shares to reconstruct it. An example of this application is illustrated in [7], where a decentralized wallet model is described from an engineering standpoint. This method reduces the risk of key loss or theft, as the key is never fully exposed in one location. It also enables decentralized management, distributing trust across multiple entities to ensure that even if some shares are compromised, the key remains secure. The starting point is a recently proposed cryptographic key recovery scheme, iii detailed in [6] that leverages distributed secret sharing based on the Shamir’s technique. In particular, the protocol is a totally decentralized version of [5], where a subset of participants plays the role of dealer. Moreover, it allows for the addition of new parties after the initial secret sharing and the possibility of having offline participants. Strategies for making a secret sharing protocol extensible are present in the state of the art, but they often require the presence of a dealer and are therefore centralized. The protocol also includes the verifiability property, meaning that the added participant can verify the correctness of the received share, thanks to the use of commitment schemes. Original Contributions In our work, we analyze the introduction of a refresh phase to the protocol, ensuring proactive security, i.e. the maintenance of security thresholds over time. Proactive security is based on the consideration that if the information stored by participants to share a secret remains unchanged throughout the system’s lifetime, an adversary could eventually breach enough participants to recover the secret, as explained in [8]. To counteract this risk, proactive security introduces the concept of dividing time into periods known as epochs. At the start of each epoch, the shares held by participants are updated, although the shared secret itself remains constant. This approach enhances protection for long-lived secrets, forcing the adversary to start its attack afresh with each new period. We consider a snapshot, mobile and adaptive adversary. A snapshot adversary captures and analyzes a single point in time or a specific snapshot of the system’s state; an adaptive adversary can adapt their strategy based on the information gathered during the protocol’s execution, and in particular a mobile adversary can move among players over time but can only control a limited subset of players at any given moment. The first method for refreshing the shares involves generating and adding a polynomial with a zero constant term to the Shamir polynomial, while the second method involves regenerating the Shamir polynomial while keeping the constant term fixed. These two strategies are shown to be equivalent and proactive-secure against the snapshot, mobile and adaptive adversary model. The third method involves periodically updating the matrix that encodes the secret. This can be underiv stood by observing the parallelism between MDS codes and secret sharing. This strategy, together with proactive security against the snapshot, mobile and adaptive adversary model, achieves also forward secrecy against an adversary that steals a sufficient number of old shares. However, unlike the first two methods, it is shown to be insecure against a continuous-shot, nonmobile, adaptive adversary, where continuous-shot means that the adversary can control the corrupt players continuously in time. Finally, we extend the protocol to integrate more complex access structures among parties, such as groups of participants being more powerful than others and collaborative relationships between them. Access structures define the specific sets of participants who are authorized to reconstruct a secret. Any monotone access structure can be realized by a linear secret sharing scheme, as shown in [12]. Moreover, the most efficient structure, encompassing all others, is the threshold access tree: participants are represented as leaves in a tree, and each internal node has a threshold that specifies the minimum number of child nodes that must be satisfied to activate that node. For this reason, we focus on extending the Secret Sharing protocol to threshold access trees, exploiting also the theory of monotone span programs, as explained in [11].
  supervisor: AlessioMeneghetti
  co-supervisor: RiccardoLongo
  year: 2024
  awards: 
  institution: University of Trento

- id: SimoneBrunello_BA
  author: SimoneBrunello_BA
  title: "Hybrid Enforcement for Role-based Cryptographic Access Control"
  type: B
  abstract: >
    Numerous companies are currently migrating (or have already migrated) their technological infrastructure along with their data and their customers' data to the cloud for, e.g., enhanced scalability, greater flexibility, and monetary cost savings. However, it is well-known that outsourcing the storage of (possibly sensitive) data to the cloud poses significant challenges to the confidentiality and integrity of the data themselves. Indeed, cloud-hosted data are exposed to a wide array of threats including external attackers, malicious insiders, and honest-but-curious cloud service providers (CSPs). In this context, cryptographic access control (CAC) — which consists in enforcing access control (AC) policies through cryptography — is the natural solution to regulate data sharing among authorized users (e.g., employees) while securing data and preventing unauthorized access. Nonetheless, the use of CAC entails the execution of several cryptographic computations (e.g., encryption and decryption computations), especially when considering dynamic AC policies requiring frequent distribution and revocation of users' privileges. Consequently, CAC is typically computationally demanding and may even result to be impractical in some real-world scenarios. In this thesis, we propose an extended role-based access control (RBAC) scheme to mitigate the computational overhead of CAC. Our extended RBAC scheme allows for expressing high-level RBAC policies which are automatically compiled into two sub-policies enforced in a hybrid fashion by a (computationally-light) centralized traditional RBAC enforcement mechanism and a (computationally-demanding) CAC scheme. The automatic compilation is controlled by a customizable security model defining the levels of trust assumed on, e.g., users and CSPs, an approach which allows to determine whether the execution of certain cryptographic computations is necessary or superfluous on a case-by-case basis. Moreover, we apply our extended RBAC scheme to a concrete CAC scheme and provide a proof-of-concept implementation in the Prolog language. Finally, we provide a practical application of our proof-of-concept implementation on a concrete scenario and analyze the cryptographic computational costs incurred.
  supervisor: SilvioRanise
  co-supervisor:
    - RobertoCarbone
    - StefanoBerlato
  year: 2024
  awards: 
  institution: University of Trento

- id: StefanoBerlato_PHD
  author: StefanoBerlato
  title: "A Security Service for Performance-Aware End-to-End Protection of Sensitive Data in Cloud Native Applications"
  type: P
  abstract: >
    The characteristics of cloud native applications — like decentralized architectures, high automation, and dynamic and interconnected microservices — bring forth a number of security challenges across both architectural design and lifecycle management. Some prominent challenges are authentication and authorization, real-time detection of security incidents, network security, microservice (as well as container) security, and, especially, data security. An ecosystem of security mechanisms already exists and provides excellent solutions addressing these challenges throughout the developing and operating of cloud native applications: identity and access management, monitoring and logging, intrusion prevention and detection systems, vulnerabilities assessment and hardening, and cryptography, to mention a few. Nonetheless, despite the availability of such a rich ecosystem, some cloud native applications entail additional considerations linked to the aforementioned challenges — and, in particular, to data security — which may need to be contemplated when evaluating the adoption of security mechanisms and their effectiveness. First, the level of trust assigned to participating parties within the scope of some cloud native applications is inherently limited — e.g., those aligning with the well-known security-by-design and zero trust principles. These cloud native applications confront a multifaceted threat landscape that extends beyond external attackers by including malicious insiders and honest-but-curious cloud providers which threaten the confidentiality and integrity of the (often sensitive) data managed by cloud native applications. Moreover, cloud native applications are frequently deployed in resource-constrained environments — e.g., the Internet of Things (IoT) — or operate in delicate fields (e.g., eHealth, automotive) offering critical functions (e.g., remote monitoring, cooperative vehicle maneuvering) where the quality of service may suffer from computationally or network heavy security mechanisms. In other words, security is not absolute, and its achievement must instead be balanced with that of performance requirements relevant to the underlying cloud native applications — e.g., low latency, minimal bandwidth utilization, and high scalability — underscoring the necessity for nuanced security mechanisms that are mindful of performance aspects. Therefore, in this thesis, we propose a security service addressing the convoluted dynamics of data security in cloud native applications. Our security service comprises four security mechanisms — namely CryptoAC, ACE and ACME, and MOMO — which implement the actual contributions of this thesis as we describe below. First, the threat model of cloud native applications requires preventing unauthorized access to data while offering strong guarantees of data confidentiality and integrity. To this end, we consider the use of cryptography to enforce Access Control (AC) policies — a combination usually called Cryptographic Access Control (CAC) — and propose the design of two CAC schemes, compatible with the aforementioned characteristics, for the end-to-end (E2E) protection of data both in transit and at rest in cloud native applications. We implement both CAC schemes — one for Role-Based Access Control (RBAC) and one Attribute-Based Access Control (ABAC) — into CryptoAC , discuss its security, and conduct a thorough performance evaluation. Then, we propose a methodology for evaluating the performance of generic AC enforcement mechanisms — hence, applicable to both CAC and centralized AC — starting from realistic workloads expressed as Business Process Model and Notation (BPMN) workflows. In detail, our methodology comprises a procedure deriving sequences of AC requests (e.g., access data, distribute permission) which are representative of the scenarios in which a cloud native application is deployed, and an evaluator executing these sequences against the AC enforcement mechanisms under test; we implement the procedure and the evaluator into ACE and ACME, respectively. Finally, we define an architectural model that identifies the common base building blocks of CAC over which we formalize a Multi-Objective Combinatorial Optimization Problem (MOCOP) to balance the achievement of security and performance in cloud native applications. Consequently, we implement an algorithm to solve the aforementioned MOCOP in MOMO, for which we provide both a conceptual application and a proof-of-concept application.
  supervisor:
    - SilvioRanise
    - RobertoCarbone
  year: 2024
  awards: 
  institution: University of Genoa
  link: https://iris.unige.it/handle/11567/1174596

- id: ValeriaVicard_MA
  author: ValeriaVicard_MA
  title: "Searchable Encryption and Attributed-based encryption: theoretical and practical aspects"
  type: M
  abstract: >
    missing
  supervisor: MarinoMiculan
  co-supervisor: RiccardoLongo
  year: 2024
  awards: 
  institution: University of Udine

## 2023
- id: IonAndyDitu_BA
  author: IonAndyDitu_BA
  title: "Leveraging Trusted Execution Environment for Efficient Revocation and Security in Cryptographic Access Control"
  type: B
  abstract: >
    The Cloud has become an increasingly popular solution for data sharing and storage due to its inher- ent convenience, scalability, and cost-effectiveness qualities. However, outsourcing (possibly sensitive) data to Cloud Service Providers (CSPs) raises concerns about data privacy and security, as it leaves the data exposed to a heterogeneous set of threats such as external attackers, malicious insiders, miscon- figurations of Cloud services and honest but curious CSPs. To address these concerns, cryptography is usually employed to make the data unreadable by external attackers, while Access Control (AC) policies are defined and enforced to ensure that the data can be accessed by authorized users only. In this context, Cryptographic Access Control (CAC) is the natural solution to enable secure and controlled sharing of (encrypted) data. Essentially, CAC enforces AC policies through cryptography by (i) using cryptographic keys to encrypt data and then (ii) distributing these keys to authorized users. By doing so, CAC ensures that Cloud-hosted data remains protected — i.e., confidentiality and integrity of data are guaranteed — even in the presence of malicious insiders and partially trusted CSPs. In other words, CAC allows organizations to leverage the benefits of the Cloud for data sharing and storage while maintaining a high level of data security and privacy. Nonetheless, aside from its many benefits, CAC comes with its own challenges, especially for what concerns its practicality. In particular, achieving a reasonable efficiency while preserving security during user revocation — that is, the process of revoking the privileges or permissions granted to a user over some data — is a critical challenge in CAC. Indeed, traditional approaches for implementing user revocation in CAC consist in renewing and redistributing cryptographic material (e.g., new keys used to encrypt data) and re-encrypting existing data with the new keys to prevent revoked users from still accessing (i.e., decrypting) the data using cached old keys. Intuitively, the user revocation process incurs noticeable computational costs that hinder the scalability and responsiveness of CAC even to the point of ques- tioning its usability in real-world scenarios. Therefore, in this thesis, we investigate the use of popular hardware-based security technologies — such as Trusted Execution Environments (TEEs), Hardware Security Modules (HSMs), Secure Elements (SEs) and Trusted Platform Modules (TPMs) — as a solution to address the (currently almost prohibitive) computational overhead associated with tradi- tional user revocation in generic CAC schemes. In particular, we explore the functional characteristics and the security features of these hardware technologies to find the one most suitable for CAC, analyz- ing advantages and disadvantages of client-side and server-side use. Then, we design a methodology that employs client-side TEEs as a mean to mitigate the computational burden of traditional user revocation in CAC. Our intuition consists in exploiting the secure and isolated execution environment of TEEs to perform the cryptographic operations expected by CAC schemes (e.g., en/decrypt data) at the client-side while concealing cryptographic keys from users — who, consequently, cannot cache such keys. In this way, we remove the need for renewing keys and re-encrypting data after a user revocation, significantly reducing the associated computational overhead. We define in detail the flow of operations in our methodology, which encompasses 4 phases, namely onboarding, data upload, data download, and user revocation. In the onboarding phase — executed only once when configuring user' accounts — users are registered in the CAC scheme, while in the data upload and download phases users en/decrypt data according to the CAC scheme being used; in other words, besides for being run within TEEs, our methodology poses no (or minimal) modifications to the logic of the CAC scheme. Lastly, during user revocation, we just need to remove the revoked user's permissions from the AC policy, as the TEE automatically disposes of the keys from the revoked user's device.
  supervisor: SilvioRanise
  co-supervisor:
    - RobertoCarbone
    - StefanoBerlato
  year: 2023
  awards: 
  institution: University of Trento