Il Sistema di Revenue Management strumento per lo sviluppo turistico sostenibile delle destinazioni

Businesses interact constantly with the environment, realizing several and heterogeneous exchanges. Organizations can be considered a system of different interests, frequently conflicting and the satisfaction of different stakeholders is a condition of success and survival. National and international literature attempts to explain the complex connection between companies and environment. In particular, the Stakeholder Theory considers crucial for businesses the identification of different stakeholders and their involvement in decision-making process. In this context, profit can not be considered the only purpose of companies existence and business aims become more numerous and different. The Stakeholder Theory is often utilized as framework for tourism studies, in particular in Sustainable Tourism Development research. In fact, authors consider sustainable the tourism development able to satisfy interests of different stakeholders, traditionally identified as local community and government, businesses, tourists and natural environment. Tourism businesses have to guarantee the optimal use of natural resources, the respect of socio-cultural tradition of local community and the creation of socio-economic benefits for all stakeholders in destinations. An obstacle to sustainable tourism development that characterizes a number of destinations worldwide is tourism demand seasonality. In fact, its negative impact on the environment, economy and communities may be highly significant. Pollution, difficulties in the use of public services, stress for residents, seasonal incomes, are all examples of the negative effects of seasonality. According to the World Tourism Organization (2004) the limitation of seasonality can favour the sustainability of tourism. Literature suggests private and public strategies to minimize the negative effects of tourism seasonality, as diversification of tourism products, identification of new market segments, launching events, application of public instruments like eco-taxes and use of differential pricing policies. Revenue Management is a managerial system based on differential pricing and able to affect price sensitive tourists. This research attempts to verify if Revenue Management, created to maximize profits in tourism companies, can also mitigate the seasonality of tourism demand, producing benefits for different stakeholders of destinations and contributing to Sustainable Tourism Development. In particular, the study attempts to answer the following research questions: 1) Can Revenue Management control the flow of tourist demand? 2) Can Revenue Management limit seasonality, producing benefits for different stakeholders of a destination? 3) Can Revenue Management favor the development of Sustainable Tourism? The literature review on Stakeholder Theory, Sustainable Tourism Development, tourism seasonality and Revenue Management forms the foundation of the research, based on a case study approach looking at a significant destination located in the Southern coast of Sardinia, Italy. A deductive methodology was applied and qualitative and quantitative methods were utilized. This study shows that Revenue Management has the potential to limit tourism seasonality, to mitigate negative impacts occurring from tourism activities, producing benefits for local community and to contribute to Sustainable Tourism Development.

Design and implementation of robust systems for secure malware detection

Malicious software (malware) have significantly increased in terms of number and effectiveness during the past years. Until 2006, such software were mostly used to disrupt network infrastructures or to show coders’ skills. Nowadays, malware constitute a very important source of economical profit, and are very difficult to detect. Thousands of novel variants are released every day, and modern obfuscation techniques are used to ensure that signature-based anti-malware systems are not able to detect such threats. This tendency has also appeared on mobile devices, with Android being the most targeted platform. To counteract this phenomenon, a lot of approaches have been developed by the scientific community that attempt to increase the resilience of anti-malware systems. Most of these approaches rely on machine learning, and have become very popular also in commercial applications. However, attackers are now knowledgeable about these systems, and have started preparing their countermeasures. This has lead to an arms race between attackers and developers. Novel systems are progressively built to tackle the attacks that get more and more sophisticated. For this reason, a necessity grows for the developers to anticipate the attackers’ moves. This means that defense systems should be built proactively, i.e., by introducing some security design principles in their development. The main goal of this work is showing that such proactive approach can be employed on a number of case studies. To do so, I adopted a global methodology that can be divided in two steps. First, understanding what are the vulnerabilities of current state-of-the-art systems (this anticipates the attacker’s moves). Then, developing novel systems that are robust to these attacks, or suggesting research guidelines with which current systems can be improved. This work presents two main case studies, concerning the detection of PDF and Android malware. The idea is showing that a proactive approach can be applied both on the X86 and mobile world. The contributions provided on this two case studies are multifolded. With respect to PDF files, I first develop novel attacks that can empirically and optimally evade current state-of-the-art detectors. Then, I propose possible solutions with which it is possible to increase the robustness of such detectors against known and novel attacks. With respect to the Android case study, I first show how current signature-based tools and academically developed systems are weak against empirical obfuscation attacks, which can be easily employed without particular knowledge of the targeted systems. Then, I examine a possible strategy to build a machine learning detector that is robust against both empirical obfuscation and optimal attacks. Finally, I will show how proactive approaches can be also employed to develop systems that are not aimed at detecting malware, such as mobile fingerprinting systems. In particular, I propose a methodology to build a powerful mobile fingerprinting system, and examine possible attacks with which users might be able to evade it, thus preserving their privacy. To provide the aforementioned contributions, I co-developed (with the cooperation of the researchers at PRALab and Ruhr-Universität Bochum) various systems: a library to perform optimal attacks against machine learning systems (AdversariaLib), a framework for automatically obfuscating Android applications, a system to the robust detection of Javascript malware inside PDF files (LuxOR), a robust machine learning system to the detection of Android malware, and a system to fingerprint mobile devices. I also contributed to develop Android PRAGuard, a dataset containing a lot of empirical obfuscation attacks against the Android platform. Finally, I entirely developed Slayer NEO, an evolution of a previous system to the detection of PDF malware. The results attained by using the aforementioned tools show that it is possible to proactively build systems that predict possible evasion attacks. This suggests that a proactive approach is crucial to build systems that provide concrete security against general and evasion attacks.