Security control brought back to the user

The activity of the Ph.D. student Juri Luca De Coi involved the research field of policy languages and can be divided in three parts. The first part of the Ph.D. work investigated the state of the art in policy languages, ending up with: (i) identifying the requirements up-to-date policy languages have to fulfill; (ii) defining a policy language able to fulfill such requirements (namely, the Protune policy language); and (iii) implementing an infrastructure able to enforce policies expressed in the Protune policy language. The second part of the Ph.D. work focused on simplifying the activity of defining policies and ended up with: (i) identifying a subset of the controlled natural language ACE to express Protune policies; (ii) implementing a mapping between ACE policies and Protune policies; and (iii) adapting the ACE Editor to guide users step by step when defining ACE policies. The third part of the Ph.D. work tested the feasibility of the chosen approach by applying it to meaningful real-world problems, among which: (i) development of a security layer on top of RDF stores; and (ii) efficient policy-aware access to metadata stores. The research activity has been performed in tight collaboration with the Leibniz Universität Hannover and further European partners within the projects REWERSE, TENCompetence and OKKAM.

A Design Methodology for Computer Security Testing

The field of "computer security" is often considered something in between Art and Science. This is partly due to the lack of widely agreed and standardized methodologies to evaluate the degree of the security of a system. This dissertation intends to contribute to this area by investigating the most common security testing strategies applied nowadays and by proposing an enhanced methodology that may be effectively applied to different threat scenarios with the same degree of effectiveness. Security testing methodologies are the first step towards standardized security evaluation processes and understanding of how the security threats evolve over time. This dissertation analyzes some of the most used identifying differences and commonalities, useful to compare them and assess their quality. The dissertation then proposes a new enhanced methodology built by keeping the best of every analyzed methodology. The designed methodology is tested over different systems with very effective results, which is the main evidence that it could really be applied in practical cases. Most of the dissertation discusses and proves how the presented testing methodology could be applied to such different systems and even to evade security measures by inverting goals and scopes. Real cases are often hard to find in methodology' documents, in contrary this dissertation wants to show real and practical cases offering technical details about how to apply it. Electronic voting systems are the first field test considered, and Pvote and Scantegrity are the two tested electronic voting systems. The usability and effectiveness of the designed methodology for electronic voting systems is proved thanks to this field cases analysis. Furthermore reputation and anti virus engines have also be analyzed with similar results. The dissertation concludes by presenting some general guidelines to build a coordination-based approach of electronic voting systems to improve the security without decreasing the system modularity.

Assessing Food Security in Selected Mediterranean Countries

Food Security has become an important issue in the international debate, particularly during the latest economic crisis. It relevant issue also for the Mediterranean Countries (MCs), particularly those of the southern shore, as they are is facing complex economic and social changes. On the one hand there is the necessity to satisfy the increasing and changing food demand of the growing population; on the other hand it is important to promote economic growth and adjust the agricultural production to food demand in a sustainable perspective. The assessment of food security conditions is a challenging task due to the multi-dimensional nature and complexity of the matter. Many papers in the scientific literature focus on the nutritional aspects of food security, while its economic issues have been addressed less frequently and only in recent times. Thus, the main objective of the research is to assess food (in)security conditions in the MCs. The study intends to identify and implement appropriate theoretical concepts and methodological tools to be used in the assessment of food security, with a particular emphasis on its economic dimension within MCs. The study follows a composite methodological approach, based on the identification and selection of a number of relevant variables, a refined set of indicators is identified by means of a two-step Principal Component Analysis applied to 90 countries and the PCA findings have been studied with particular attention to the MCs food security situation. The results of the study show that MCs have an higher economic development compared to low-income countries, however the economic and social disparities of this area show vulnerability to food (in)security, due to: dependency on food imports, lack of infrastructure and agriculture investment, climate condition and political stability and inefficiency. In conclusion, the main policy implications of food (in)security conditions in MCs are discussed.

Building Peace and/or Gender Equality. Changing Attitudes around Peace, Development and Security in International Cooperation in Rwanda.

The times following international or civil conflicts but also violent revolutions often come with unequal share of the peace dividend for men and women. Delusions for women who gained freedom of movement and of roles during conflict but had to step back during reconstruction and peace have been recorded in all regions of the world. The emergence of peacebuilding as a modality for the international community to ensure peace and security has slowly incorporated gender sensitivity at the level of legal and policy instruments. Focusing on Rwanda, a country that has obtained significant gender advancement in the years after the genocide while also obtaining to not relapse into conflict, this research explores to what extent the international community has contributed to this transformation. From a review of evaluations, findings are that many of the interventions did not purse gender equality, and overall the majority understood gender and designed actions is a quite superficial way which would hardly account for the significative advancement in combating gender discrimination that the Government, for its inner political will, is conducting. Then, after a critique from a feminist standpoint to the concept of human security, departing from the assumption (sustained by the Governemnt of Rwanda as well) that domestic violence is a variable influencing level of security relevant at the national level, a review of available secondary data on GBV is conducted an trends over the years analysed. The emerging trends signal a steep increase in prevalence of GBV and in domestic violence in particular. Although no conclusive interpretation can be formulated on these data, there are elements suggesting the increase might be due to augmented reporting. The research concludes outlining possible further research pathways to better understand the link in Rwanda between the changing gender norms and the GBV.

Safety, Security And safeguards In GEN IV sodium fast reactors

This work presents first a study of the national and international laws in the fields of safety, security and safeguards. The international treaties and the recommendations issued by the IAEA as well as the national regulations in force in France, the United States and Italy are analyzed. As a result of this, a comparison among them is presented. Given the interest of the Japan Atomic Energy Agency for the aspects of criminal penalties and monetary, also the Japanese case is analyzed. The main part of this work was held at the JAEA in the field of proliferation resistance (PR) and physical protection (PP) of a GEN IV sodium fast reactor. For this purpose the design of the system is completed and the PR & PP methodology is applied to obtain data usable by designers for the improvement of the system itself. Due to the presence of sensitive data, not all the details can be disclosed. The reactor site of a hypothetical and commercial sodium-cooled fast neutron nuclear reactor system (SFR) is used as the target NES for the application of the methodology. The methodology is applied to all the PR and PP scenarios: diversion, misuse and breakout; theft and sabotage. The methodology is applied to the SFR to check if this system meets the target of PR and PP as described in the GIF goal; secondly, a comparison between the SFR and a LWR is performed to evaluate if and how it would be possible to improve the PR&PP of the SFR. The comparison is implemented according to the example development target: achieving PR&PP similar or superior to domestic and international ALWR. Three main actions were performed: implement the evaluation methodology; characterize the PR&PP for the nuclear energy system; identify recommendations for system designers through the comparison.