Prof. Dr. Gabriele Lenzini
|
|
||||
| Faculté ou Centre | Interdisciplinary Centre for Security, Reliability and Trust | ||||
| Department | IRiSC | ||||
| Adresse postale |
Université du Luxembourg Maison du Nombre 6, Avenue de la Fonte L-4364 Esch-sur-Alzette |
||||
| Bureau sur le campus | MNO, E02 0215-100 | ||||
|
|||||
| Téléphone | (+352) 46 66 44 5778 | ||||
Prof. Dr. Gabriele Lenzini has decennial expertise in the design of security and privacy for socio-technical systems, studying how security and privacy can be achieved beyond the technical dimension and when systems are deployed in an environment where human factors, user experience, and legal compliance also contribute to the system’s security and privacy.
He has a PhD, in Computer Science (2005, University of Twente, The Netherlands) and two MSc, respectively in Computer Science and in Information Technologies (University of Pisa, Italy).
He has worked at the University of Pisa and at the Italian National Council of Research (CNR), in Italy, and at the University of Twente, and at Telematica Institute, in the Netherlands. He participated in the development and execution of numerous national and international projects, most of them with a strong industrial participation.
In February 2010 he joined the SnT. He is now Head of the IRiSC research group (Interdisciplinary Research in Socio-Technical Cybersecurity).
He works on electronic voting security, and on location and privacy assurance, and in socio-technical security: he is chair of one of the few workshops in this area (www.stast.uni.lu)
Last updated on: lundi 21 septembre 2020
Sous presse
Which Properties has an Icon? A Critical Discussion on Evaluation Methods for Standardised Data Protection Iconography;
in Proceedings of the 8th Workshop on Socio-Technical Aspects in Security and Trust (STAST) (in press)
2021
"I am definitely manipulated, even when I am aware of it. It’s ridiculous!" - Dark Patterns from the End-User Perspective; ; ; ; ;
in Proceedings of ACM DIS Conference on Designing Interactive Systems (2021)
Cut-and-Mouse and Ghost Control: Exploiting Antivirus Software with Synthesized Inputs; ;
in Digital Threats: Research and Practice (2021), 2(1),
Addressing Hate Speech with Data Science: An Overview from Computer Science Perspective; ; ;
E-print/Working paper (2021)
"I Personally Relate It to the Traffic Light": A User Study on Security & Privacy Indicators in a Secure Email System Committed to Privacy by Default; ;
in Proceedings of the 36th Annual ACM Symposium on Applied Computing (2021)
2020
The Framework of Security-Enhancing Friction: How UX Can Help Users Behave More Securely; ; ;
in New Security Paradigms Workshop (2020, October 26)
Dual-Use Research In Ransomware Attacks: A Discussion on Ransomware Defence Intelligence;
in Proceedings of the 6th International Conference on Information Systems Security and Privacy (2020)
Transparency by Design in Data-Informed Research: a Collection of Information Design Patterns;
in Computer Law and Security Review (2020), 37(105402),
Making the Case for Evidence-based Standardization of Data Privacy and Data Protection Visual Indicators;
in Journal of Open Access to Law (JOAL) (2020), 8(1),
Qualifying and Measuring Transparency: A Medical Data System Case Study; ;
in Computers and Security (2020)
Evaluating ambiguity of privacy indicators in a secure email app;
in Loreti, Michele; Spalazzi, Luca (Eds.) Proceedings of the Fourth Italian Conference on Cyber Security, Ancona Italy, February 4th to 7th, 2020 (2020)
Systematization of threats and requirements for private messaging with untrusted servers. The case of E-mailing and instant messaging;
in International Conference on Information Systems Security and Privacy, Malta 25-27 February 2020 (2020, February)
Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy Secrets; ;
in Proceedings of the 17th International Joint Conference on e-Business and Telecommunications (2020)
2019
Sistemi Medici e Conformità Legale;
in Rivista Italiana di Medicina Legale: Dottrina, Casistica, Ricerca Sperimentale, Giurisprudenza e Legislazione (2019), XLI(1/2019), 225-242
The DAta Protection REgulation COmpliance Model; ;
in IEEE Security and Privacy (2019), 17(6), 37-45
An Agile Approach to Validate a Formal Representation of the GDPR; ;
in JSAI International Symposium on Artificial Intelligence (2019), 11717
NoCry: No More Secure Encryption Keys for Cryptographic Ransomware; ;
in Proceedings of the Second International Workshop on Emerging Technologies for Authorization and Authentication (2019)
A Critical Security Analysis of the Password-Based Authentication Honeywords System Under Code-Corruption Attack; ; ;
in Information Systems Security and Privacy (2019, July)
On Deception-Based Protection Against Cryptographic Ransomware; ;
in Proceedings of the 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (2019)
Case Study: Analysis and Mitigation of a Novel Sandbox-Evasion Technique; ;
in Proceedings of the Third Central European Cybersecurity Conference (2019)
A Game of "Cut and Mouse": Bypassing Antivirus by Simulating User Inputs; ;
in Proceedings of the 35th Annual Computer Security Applications Conference (2019)
Modelling of Railways Signalling System Requirements by Controlled Natural Languages: A Case Study;
in From Software Engineering to Formal Methods and Tools, and Back (2019)
Formalizing GDPR provisions in reified I/O logic: the DAPRECO knowledge base; ; ; ; ;
in Journal of Logic, Language and Information (2019)
Detecting misalignments between system security and user perceptions: a preliminary socio-technical analysis of an E2E email encryption system; ;
in 4th European Workshop on Usable Security - 2019 IEEE European Symposium on Security and Privacy Workshops (2019)
A Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email;
in Emerging Technologies for Authorization and Authentication (2019)
2018
An Interdisciplinary Methodology to Validate Formal Representations of Legal Text Applied to the GDPR; ;
Scientific Conference (2018, November 12)
No Random, No Ransom: A Key to Stop Cryptographic Ransomware; ;
in Proceedings of the 15th Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (2018)
Security Analysis of Key Acquiring Strategies Used by Cryptographic Ransomware; ;
in Advances in Cybersecurity 2018 (2018)
A Security Analysis, and a Fix, of a Code-Corrupted Honeywords System; ; ;
in Proceedings of the 4th International Conference on Information Systems Security and Privacy (2018)
Cholesteric Liquid Crystal Shells as Enabling Material for Information-Rich Design and Architecture.; ; ; ; ;
in Advanced Materials (2018)
Experience report: How to extract security protocols’ specifications from C libraries;
in 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Volume 2 (2018, June)
A Protocol to Strengthen Password-Based Authentication; ;
in Emerging Technologies for Authorization and Authentication (2018, November)
2017
Towards legal compliance by correlating Standards and Laws with a semi-automated methodology; ; ;
in Bosse, Tibor; Bredeweg, Bert (Eds.) Communications in Computer and Information Science (2017)
The Cipher, the Random and the Ransom: A Survey on Current and Future Ransomware; ;
in Advances in Cybersecurity 2017 (2017)
Privacy-Preserving Verifiability: A Case for an Electronic Exam Protocol; ;
in Giustolisi, Rosario; Iovino, Vincenzo; Lenzini, Gabriele (Eds.) Privacy-Preserving Verifiability: A Case for an Electronic Exam Protocol (2017)
From Situation Awareness to Action: An Information Security Management Toolkit for Socio-Technical Security Retrospective and Prospective Analysis;
in Proceedings of the 3rd International Conference on Information Systems Security and Privacy (2017)
Security in the Shell : An Optical Physical Unclonable Function made of Shells of Cholesteric Liquid Crystals; ; ; ; ; ;
in Proc. of the 9th IEEE Workshop on Information Forensics and Security (2017, October 02)
Modelling Metrics for Transparency in Medical Systems; ;
in Proceedings of TrustBus 2017 (2017, July)
Insider Threats to Information Security, Digital Espionage, and Counter-Intelligence; ;
in IEEE Systems Journal (2017), 11(2),
2016
A Framework to Reason about the Legal Compliance of Security Standards; ; ;
in Proceedings of the Tenth International Workshop on Juris-informatics (JURISIN) (2016, November)
Towards legal compliance by correlating Standards and Laws with a semi-automated methodology; ;
in Proceedings of the 28 Benelux Conference on Artificial Intelligence (BNAIC) (2016, November)
Comparing and Integrating Break-the-Glass and Delegation in Role-based Access Control for Healthcare;
in Proc. of the nd Int. Conference on International Conference in Information Systems Security and Privacy (ICISSP) (2016)
High-fidelity spherical cholesteric liquid crystal Bragg reflectors generating unclonable patterns for secure authentication; ; ; ; ;
in Scientific Reports (2016), 6(26840), 1-8
Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems; ;
in Barthe, Gilles; Markatos, Evangelos (Eds.) Security and Trust Management - STM 2016 (2016)
Patient-Centred Transparency Requirements for Medical Data Sharing Systems;
in Proceedings of the 4th World Conference on Information Systems and Technologies (2016)
2015
Service security and privacy as a socio-technical problem; ;
in JOURNAL OF COMPUTER SECURITY (2015), 23(5), 563-585
A Secure Exam Protocol Without Trusted Parties; ; ;
in ICT Systems Security and Privacy Protection. 30th IFIP TC 11 International Conference, SEC 2015, Hamburg, Germany, May 26-28, 2015 (2015)
2015 Workshop on Socio-Technical Aspects in Security and Trust, STAST 2015, Verona, Italy, July 13, 2015;
Scientific Conference (2015, July 13)
4.2 Social Dynamics Metrics-Working Group Report; ; ; ; ; ; ; ; ; ;
in Socio-Technical Security Metrics (2015)
Maybe Poor Johnny Really Cannot Encrypt - The Case for a Complexity Theory for Usable Security; ; ; ;
in Proc. of the New Security Paradigm Workshop (2015)
Maybe Poor Johnny Really Cannot Encrypt - The Case for a Complexity Theory for Usable Security; ; ; ;
in Maybe Poor Johnny Really Cannot Encrypt - The Case for a Complexity Theory for Usable Security (2015)
A Framework for Analyzing Verifiability in Traditional and Electronic Exams.; ; ; ;
in Information Security Practice and Experience 11th International Conference, ISPEC 2015, Beijing, China, May 5-8, 2015 (2015)
Formal Security Analysis of Traditional and Electronic Exams; ; ; ; ;
in Communications in Computer and Information Science (2015), 554
In Cyber-Space No One Can Hear You S·CREAM, A Root Cause Analysis for Socio-Technical Security; ; ;
in Foresti, Sara (Ed.) Security and Trust Management (2015)
Do graphical cues effectively inform users? A Socio-Technical Security Study in Accessing Wifi Networks; ; ; ;
in Proc. of the International Conference on Human Aspects of Information Security, Privacy, and Trust (2015, July 21)
Do graphical cues effectively inform users? A socio-technical security study in accessing wifi networks.; ; ; ;
in Lecture Notes in Computer Science (2015), 9190
An Analysis of Social Engineering Principles in Effective Phishing;
in Proc. of the 5th International Workshop on Socio-Technical Security and Trust (2015)
Principles of Persuasion in Social Engineering and Their Use in Phishing; ;
in T. Tryfonas, I. Askoxylakis (Ed.) Human Aspects of Information Security, Privacy, and Trust Third International Conference, HAS 2015 (2015)
Can Transparency Enhancing Tools support patient's accessing Electronic Health Records?;
in Advances in Intelligent Systems and Computing (2015)
Generating attacks in SysML activity diagrams by detecting attack surfaces;
in Journal of Ambient Intelligence and Humanized Computing (2015), 6(3), 361-373
2014
A Socio-Technical Methodology for the Security and Privacy Analysis of Services; ; ;
in IEEE 38th Annual International Computers, Software and Applications Conference Workshops, 27–29 July 2014, Västerås, Sweden (2014)
Secure exams despite malicious management; ;
in Twelfth Annual International Conference on Privacy, Security and Trust (PST), Ryerson University, Toronto, July 23-24, 2014 (2014)
Proceedings of the 2014 Workshop on Socio-Technical Aspects in Security and Trust, STAST 2014;
Scientific Conference (2014)
Formal Analysis of Electronic Exams; ; ; ; ;
in SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Vienna, Austria, 28-30 August, 2014 (2014)
A Conceptual Framework to Study Socio-Technical Security; ; ;
in Lecture Notes in Computer Science (2014)
Socio-technical Security Analysis of Wireless Hotspots; ; ;
in Lecture Notes in Computer Science (2014)
Envisioning secure and usable access control for patients; ; ; ;
in IEEE 3rd International Conference on Serious Games and Applications in Healthcare (2014, May)
Remark!: A Secure Protocol for Remote Exams; ;
in Security Protocols XXII - Lecture Notes in Computer Science (2014)
2013
DEMO: Demonstrating a Trust Framework for Evaluating GNSS Signal Integrity; ; ; ; ;
in Proceedings of 20th ACM Conference on Computer and Communications Security (CCS'13) (2013, November)
A trust framework for evaluating GNSS signal integrity; ; ; ;
in Proceedings of 26th IEEE Computer Security Foundations Symposium (CSF'13) (2013)
Design and formal analysis of a group signature based electronic toll pricing system; ; ;
in Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (2013), 4(1), 55-75
Studies in Socio-Technical Security Analysis: Authentication of Identities with TLS Certificates; ; ; ;
in IEEE TrustCom (2013)
Socio-Technical Study On the Effect of Trust and Context when Choosing WiFi Names; ; ; ;
in Lecture Notes in Computer Science (2013), 8203
What Security for Electronic Exams?; ;
in 8th International Conference onRisk and Security of Internet and Systems (CRiSIS), 2013 (2013)
2012
Implementation and Validation of a Localisation Assurance Service Provider; ; ; ; ;
in Proc. 6th ESA Workshop on Satellite Navigation Technologies (2012)
A group signature based electronic toll pricing system; ; ;
in Proc. 7th International Conference on Availability, Reliability and Security (2012)
STAST 2012 Proc. of the 2nd Int. Workshop on Socio-Technical Aspects in Security and Trust;
Book published by IEEE (2012)
Trustworthy agent-based recommender system in a mobile P2P environment; ;
in Lecture Notes in Computer Science (2012), 6573 LNAI
Defending against insider threats and internal data leakage; ; ;
in SECURITY AND COMMUNICATION NETWORKS (2012), 5(8), 831-833
2011
STAST 2011 Proc. of the 1st Workshop on Socio-Technical Aspects in Security and Trust; ; ;
Book published by IEEE (2011)
Selective location blinding using hash chains; ;
in Proc. 19th International Workshop on Security Protocols (2011)
Adaptive Trust Management; ;
in Serugendo, Giovanna Di Marzo; Gleizes, Marie-Pierre; Karageorgos, Anthony (Eds.) Self-Organizing Software - From Natural to Artificial Adaptation (2011)
2010
Contextual biometric-based authentication for ubiquitous services; ;
in Proc. of the 7th International Conference on Ubiquitous Intelligence and Computing (UIC 2010) (2010)
2009
Trust-Based and Context-Aware Authentication in a Software Architecture for Context and Proximity-Aware Servicesin de Lemos, R.; Fabre, J. C.; Gacek, C.; Gadducci, F.; ~ter Beek, M. H. (Eds.) Architecting Dependable Systems VI 2018-09-18 22:51:18 +0000 2019-06-15 18:11:00 +0200 (2009)
2000
A Formal Specification and Validation of a Control System in Presence of Byzantine Errors; ; ; ; ;
in Proc.~of the 6th Int. Conference Tool and Algorithms for the Construction and Analysis of Systems (TACAS 2000), in ETAPS 2000 -- March 25 - April 2, 2000, Berlin, Germany (2000)
1999
Model Checking of Cryptographic Protocols using HD-Automata; ;
in 4th Italian Workshop on Sistemi Distribuiti: Algoritmi, Architetture e Linguaggi (WSDAAL'99), June 13-15, 1999, Fonte Cerreto (L'Aquila), Italy 2018-09-18 22:51:18 +0000 2019-06-15 18:31:23 +0200 (1999)
1998
Sequence Comparison: Close and Open problemsin Proc.~of Workshop ``La matematizzazione della Biologia: storia e problematiche attuali'', Arcidosso (GR), Italy (1998)
1997
Algorithms For Phylogeny Reconstruction In a New Mathematical Model;
in Calcolo (1997), 1-4(34), 1-24
1996
Undated
Accomplishing transparency within the General Data Protection Regulation (Auxiliary material); ;
Learning material (n.d.)
