A Design Methodology for Computer Security Testing

The field of "computer security" is often considered something in between Art and Science. This is partly due to the lack of widely agreed and standardized methodologies to evaluate the degree of the security of a system. This dissertation intends to contribute to this area by investigating the most common security testing strategies applied nowadays and by proposing an enhanced methodology that may be effectively applied to different threat scenarios with the same degree of effectiveness. Security testing methodologies are the first step towards standardized security evaluation processes and understanding of how the security threats evolve over time. This dissertation analyzes some of the most used identifying differences and commonalities, useful to compare them and assess their quality. The dissertation then proposes a new enhanced methodology built by keeping the best of every analyzed methodology. The designed methodology is tested over different systems with very effective results, which is the main evidence that it could really be applied in practical cases. Most of the dissertation discusses and proves how the presented testing methodology could be applied to such different systems and even to evade security measures by inverting goals and scopes. Real cases are often hard to find in methodology' documents, in contrary this dissertation wants to show real and practical cases offering technical details about how to apply it. Electronic voting systems are the first field test considered, and Pvote and Scantegrity are the two tested electronic voting systems. The usability and effectiveness of the designed methodology for electronic voting systems is proved thanks to this field cases analysis. Furthermore reputation and anti virus engines have also be analyzed with similar results. The dissertation concludes by presenting some general guidelines to build a coordination-based approach of electronic voting systems to improve the security without decreasing the system modularity.

Development of bionanotechnological strategies for signal enhancement in nucleic acids biosensors

Nucleic acid biosensors represent a powerful tool for clinical and environmental pathogens detection. For applications such as point-of-care biosensing, it is fundamental to develop sensors that should be automatic, inexpensive, portable and require a professional skill of the user that should be as low as possible. With the goal of determining the presence of pathogens when present in very small amount, such as for the screening of pathogens in drinking water, an amplification step must be implemented. Often this type of determinations should be performed with simple, automatic and inexpensive hardware: the use of a chemical (or nanotechnological) isothermal solution would be desirable. My Ph.D. project focused on the study and on the testing of four isothermal reactions which can be used to amplify the nucleic acid analyte before the binding event on the surface sensor or to amplify the signal after that the hybridization event with the probe. Recombinase polymerase amplification (RPA) and ligation-mediated rolling circle amplification (L-RCA) were investigated as methods for DNA and RNA amplification. Hybridization chain reaction (HCR) and Terminal deoxynucleotidil transferase-mediated amplification were investigated as strategies to achieve the enhancement of the signal after the surface hybridization event between target and probe. In conclusion, it can be said that only a small subset of the biochemical strategies that are proved to work in solution towards the amplification of nucleic acids does truly work in the context of amplifying the signal of a detection system for pathogens. Amongst those tested during my Ph.D. activity, recombinase polymerase amplification seems the best candidate for a useful implementation in diagnostic or environmental applications.