Publications tagged with "Risk assessment"

1. A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation

   Campanile, L., Iacono, M., Mastroianni, M., Riccio, C., & Viscardi, B. (2026). A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation [Conference paper]. Lecture Notes in Computer Science, 15893 LNCS, 303–316. https://doi.org/10.1007/978-3-031-97645-2_20

   Abstract

   Adapting or designing a system which operates on personal data in EU is impacted by the privacy-by-design and privacy-by-default principles because of the prescriptions of the GDPR. In this paper we propose an approach to decision making which is based on TOPSIS (Technique for Order Preference by Similarity to Ideal Solution). The approach is applied to a GDPR system compliance design process, based on a case study about system performance evaluation by means of queuing networks, but is absolutely general with respect to analogous problems, in which cost issues should be balanced with technical performances and risk exposure. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Campanile2026303", "type"=>"Conference paper", "bibtex"=>"@article{Campanile2026303,\n  author = {Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele and Riccio, Christian and Viscardi, Bruna},\n  title = {A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation},\n  year = {2026},\n  journal = {Lecture Notes in Computer Science},\n  volume = {15893 LNCS},\n  pages = {303 – 316},\n  doi = {10.1007/978-3-031-97645-2_20}\n}\n", "author"=>"Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele and Riccio, Christian and Viscardi, Bruna", "author_array"=>[{"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Mauro", "last"=>"Iacono", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}, {"first"=>"Christian", "last"=>"Riccio", "prefix"=>"", "suffix"=>""}, {"first"=>"Bruna", "last"=>"Viscardi", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Lelio", "author_0_last"=>"Campanile", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Mauro", "author_1_last"=>"Iacono", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Michele", "author_2_last"=>"Mastroianni", "author_2_prefix"=>"", "author_2_suffix"=>"", "author_3_first"=>"Christian", "author_3_last"=>"Riccio", "author_3_prefix"=>"", "author_3_suffix"=>"", "author_4_first"=>"Bruna", "author_4_last"=>"Viscardi", "author_4_prefix"=>"", "author_4_suffix"=>"", "title"=>"A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation", "year"=>"2026", "journal"=>"Lecture Notes in Computer Science", "volume"=>"15893 LNCS", "pages"=>"303 – 316", "doi"=>"10.1007/978-3-031-97645-2_20", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-105010824131&doi=10.1007%2f978-3-031-97645-2_20&partnerID=40&md5=35e0e240c555d79f691963c61399c08b", "abstract"=>"Adapting or designing a system which operates on personal data in EU is impacted by the privacy-by-design and privacy-by-default principles because of the prescriptions of the GDPR. In this paper we propose an approach to decision making which is based on TOPSIS (Technique for Order Preference by Similarity to Ideal Solution). The approach is applied to a GDPR system compliance design process, based on a case study about system performance evaluation by means of queuing networks, but is absolutely general with respect to analogous problems, in which cost issues should be balanced with technical performances and risk exposure.   © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.", "author_keywords"=>"Data management; Decision support; GDPR; Information systems; Performance evaluation; Privacy; Queuing networks; Risk Analysis; Risk Assessment", "keywords"=>"Computer network performance evaluation; Decision making; Information management; Information systems; Information use; Risk analysis; Risk management; Alternative solutions; Decision supports; GDPR; Performances evaluation; Privacy; Queuing network; Risk analyze; Risks assessments; Solution based approaches; Technique for order preference by similarities to ideal solutions; Decision support systems; Risk assessment", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 0"}
       

   Details
2. Fuzzy-based Severity Evaluation in Privacy Problems: An Application to Healthcare

   Barzegar, A., Campanile, L., Marrone, S., Marulli, F., Verde, L., & Mastroianni, M. (2024). Fuzzy-based Severity Evaluation in Privacy Problems: An Application to Healthcare [Conference paper]. Proceedings - 2024 19th European Dependable Computing Conference, EDCC 2024, 147–154. https://doi.org/10.1109/EDCC61798.2024.00037

   Abstract

   The growing diffusion of smart pervasive applications is starting to mine personal privacy: from Internet of Things to Machine Learning, the opportunities for privacy loss are many. As for other concerns involving people and goods as financial, safety and security, researchers and practitioners have defined in time different risk assessment procedures to have repeatable and accurate ways of detecting, quantifying and managing the (possible) source of privacy loss. This paper defines a methodology to deal with privacy risk assessment, overcoming the traditional dichotomy between qualitative (easy to apply) and quantitative (accurate) approaches. The present paper introduces an approach based on fuzzy logic, able to conjugate the benefits of both techniques. The feasibility of the proposed methodology is demonstrated using a healthcare case study. © 2024 IEEE.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Barzegar2024147", "type"=>"Conference paper", "bibtex"=>"@conference{Barzegar2024147,\n  author = {Barzegar, Atrin and Campanile, Lelio and Marrone, Stefano and Marulli, Fiammetta and Verde, Laura and Mastroianni, Michele},\n  title = {Fuzzy-based Severity Evaluation in Privacy Problems: An Application to Healthcare},\n  year = {2024},\n  journal = {Proceedings - 2024 19th European Dependable Computing Conference, EDCC 2024},\n  pages = {147 – 154},\n  doi = {10.1109/EDCC61798.2024.00037}\n}\n", "author"=>"Barzegar, Atrin and Campanile, Lelio and Marrone, Stefano and Marulli, Fiammetta and Verde, Laura and Mastroianni, Michele", "author_array"=>[{"first"=>"Atrin", "last"=>"Barzegar", "prefix"=>"", "suffix"=>""}, {"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Stefano", "last"=>"Marrone", "prefix"=>"", "suffix"=>""}, {"first"=>"Fiammetta", "last"=>"Marulli", "prefix"=>"", "suffix"=>""}, {"first"=>"Laura", "last"=>"Verde", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Atrin", "author_0_last"=>"Barzegar", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Lelio", "author_1_last"=>"Campanile", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Stefano", "author_2_last"=>"Marrone", "author_2_prefix"=>"", "author_2_suffix"=>"", "author_3_first"=>"Fiammetta", "author_3_last"=>"Marulli", "author_3_prefix"=>"", "author_3_suffix"=>"", "author_4_first"=>"Laura", "author_4_last"=>"Verde", "author_4_prefix"=>"", "author_4_suffix"=>"", "author_5_first"=>"Michele", "author_5_last"=>"Mastroianni", "author_5_prefix"=>"", "author_5_suffix"=>"", "title"=>"Fuzzy-based Severity Evaluation in Privacy Problems: An Application to Healthcare", "year"=>"2024", "journal"=>"Proceedings - 2024 19th European Dependable Computing Conference, EDCC 2024", "pages"=>"147 – 154", "doi"=>"10.1109/EDCC61798.2024.00037", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85194891259&doi=10.1109%2fEDCC61798.2024.00037&partnerID=40&md5=8b12d5afe5d9ffb9fd8e34175a208ba6", "abstract"=>"The growing diffusion of smart pervasive applications is starting to mine personal privacy: from Internet of Things to Machine Learning, the opportunities for privacy loss are many. As for other concerns involving people and goods as financial, safety and security, researchers and practitioners have defined in time different risk assessment procedures to have repeatable and accurate ways of detecting, quantifying and managing the (possible) source of privacy loss. This paper defines a methodology to deal with privacy risk assessment, overcoming the traditional dichotomy between qualitative (easy to apply) and quantitative (accurate) approaches. The present paper introduces an approach based on fuzzy logic, able to conjugate the benefits of both techniques. The feasibility of the proposed methodology is demonstrated using a healthcare case study.  © 2024 IEEE.", "author_keywords"=>"Fuzzy Inference; Healthcare; Privacy Risk Assessment; Smart Pervasive Applications", "keywords"=>"Fuzzy inference; Health care; Fuzzy inferencer; Healthcare; Machine-learning; Personal privacy; Pervasive applications; Privacy problems; Privacy risk assessment; Privacy risks; Risks assessments; Smart pervasive application; Risk assessment", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 3"}
       

   Details
3. A cyber warfare perspective on risks related to health IoT devices and contact tracing

   Bobbio, A., Campanile, L., Gribaudo, M., Iacono, M., Marulli, F., & Mastroianni, M. (2023). A cyber warfare perspective on risks related to health IoT devices and contact tracing [Article]. Neural Computing and Applications, 35(19), 13823–13837. https://doi.org/10.1007/s00521-021-06720-1

   Abstract

   The wide use of IT resources to assess and manage the recent COVID-19 pandemic allows to increase the effectiveness of the countermeasures and the pervasiveness of monitoring and prevention. Unfortunately, the literature reports that IoT devices, a widely adopted technology for these applications, are characterized by security vulnerabilities that are difficult to manage at the state level. Comparable problems exist for related technologies that leverage smartphones, such as contact tracing applications, and non-medical health monitoring devices. In analogous situations, these vulnerabilities may be exploited in the cyber domain to overload the crisis management systems with false alarms and to interfere with the interests of target countries, with consequences on their economy and their political equilibria. In this paper we analyze the potential threat to an example subsystem to show how these influences may impact it and evaluate a possible consequence. © 2021, The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Bobbio202313823", "type"=>"Article", "bibtex"=>"@article{Bobbio202313823,\n  author = {Bobbio, Andrea and Campanile, Lelio and Gribaudo, Marco and Iacono, Mauro and Marulli, Fiammetta and Mastroianni, Michele},\n  title = {A cyber warfare perspective on risks related to health IoT devices and contact tracing},\n  year = {2023},\n  journal = {Neural Computing and Applications},\n  volume = {35},\n  number = {19},\n  pages = {13823 – 13837},\n  doi = {10.1007/s00521-021-06720-1}\n}\n", "author"=>"Bobbio, Andrea and Campanile, Lelio and Gribaudo, Marco and Iacono, Mauro and Marulli, Fiammetta and Mastroianni, Michele", "author_array"=>[{"first"=>"Andrea", "last"=>"Bobbio", "prefix"=>"", "suffix"=>""}, {"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Marco", "last"=>"Gribaudo", "prefix"=>"", "suffix"=>""}, {"first"=>"Mauro", "last"=>"Iacono", "prefix"=>"", "suffix"=>""}, {"first"=>"Fiammetta", "last"=>"Marulli", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Andrea", "author_0_last"=>"Bobbio", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Lelio", "author_1_last"=>"Campanile", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Marco", "author_2_last"=>"Gribaudo", "author_2_prefix"=>"", "author_2_suffix"=>"", "author_3_first"=>"Mauro", "author_3_last"=>"Iacono", "author_3_prefix"=>"", "author_3_suffix"=>"", "author_4_first"=>"Fiammetta", "author_4_last"=>"Marulli", "author_4_prefix"=>"", "author_4_suffix"=>"", "author_5_first"=>"Michele", "author_5_last"=>"Mastroianni", "author_5_prefix"=>"", "author_5_suffix"=>"", "title"=>"A cyber warfare perspective on risks related to health IoT devices and contact tracing", "year"=>"2023", "journal"=>"Neural Computing and Applications", "volume"=>"35", "number"=>"19", "pages"=>"13823 – 13837", "doi"=>"10.1007/s00521-021-06720-1", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85123074341&doi=10.1007%2fs00521-021-06720-1&partnerID=40&md5=11f2286bd8ccb5a72af96b02accea11a", "abstract"=>"The wide use of IT resources to assess and manage the recent COVID-19 pandemic allows to increase the effectiveness of the countermeasures and the pervasiveness of monitoring and prevention. Unfortunately, the literature reports that IoT devices, a widely adopted technology for these applications, are characterized by security vulnerabilities that are difficult to manage at the state level. Comparable problems exist for related technologies that leverage smartphones, such as contact tracing applications, and non-medical health monitoring devices. In analogous situations, these vulnerabilities may be exploited in the cyber domain to overload the crisis management systems with false alarms and to interfere with the interests of target countries, with consequences on their economy and their political equilibria. In this paper we analyze the potential threat to an example subsystem to show how these influences may impact it and evaluate a possible consequence. © 2021, The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature.", "author_keywords"=>"COVID-19; Cyber warfare; IoT; Risk analysis; Security", "keywords"=>"Cybersecurity; Health risks; Internet of things; Medical problems; Risk analysis; Risk assessment; Adopted technology; Contact tracing; Cyber warfare; Health monitoring devices; IoT; IT resources; Medical health; Security; Security vulnerabilities; Smart phones; COVID-19", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 11; All Open Access, Bronze Open Access, Green Open Access"}
       

   Details
4. Supporting the Development of Digital Twins in Nuclear Waste Monitoring Systems

   Di Giovanni, M., Campanile, L., D’Onofrio, A., Marrone, S., Marulli, F., Romoli, M., Sabbarese, C., & Verde, L. (2023). Supporting the Development of Digital Twins in Nuclear Waste Monitoring Systems [Conference paper]. Procedia Computer Science, 225, 3133–3142. https://doi.org/10.1016/j.procs.2023.10.307

   Abstract

   In a world whose attention to environmental and health problems is very high, the issue of properly managing nuclear waste is of a primary importance. Information and Communication Technologies have the due to support the definition of the next-generation plants for temporary storage of such wasting materials. This paper investigates on the adoption of one of the most cutting-edge techniques in computer science and engineering, i.e. Digital Twins, with the combination of other modern methods and technologies as Internet of Things, model-based and data-driven approaches. The result is the definition of a methodology able to support the construction of risk-aware facilities for storing nuclear waste. © 2023 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0)

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Di Giovanni20233133", "type"=>"Conference paper", "bibtex"=>"@conference{Di Giovanni20233133,\n  author = {Di Giovanni, Michele and Campanile, Lelio and D'Onofrio, Antonio and Marrone, Stefano and Marulli, Fiammetta and Romoli, Mauro and Sabbarese, Carlo and Verde, Laura},\n  title = {Supporting the Development of Digital Twins in Nuclear Waste Monitoring Systems},\n  year = {2023},\n  journal = {Procedia Computer Science},\n  volume = {225},\n  pages = {3133 – 3142},\n  doi = {10.1016/j.procs.2023.10.307}\n}\n", "author"=>"Di Giovanni, Michele and Campanile, Lelio and D’Onofrio, Antonio and Marrone, Stefano and Marulli, Fiammetta and Romoli, Mauro and Sabbarese, Carlo and Verde, Laura", "author_array"=>[{"first"=>"Michele", "last"=>"Di Giovanni", "prefix"=>"", "suffix"=>""}, {"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Antonio", "last"=>"D’Onofrio", "prefix"=>"", "suffix"=>""}, {"first"=>"Stefano", "last"=>"Marrone", "prefix"=>"", "suffix"=>""}, {"first"=>"Fiammetta", "last"=>"Marulli", "prefix"=>"", "suffix"=>""}, {"first"=>"Mauro", "last"=>"Romoli", "prefix"=>"", "suffix"=>""}, {"first"=>"Carlo", "last"=>"Sabbarese", "prefix"=>"", "suffix"=>""}, {"first"=>"Laura", "last"=>"Verde", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Michele", "author_0_last"=>"Di Giovanni", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Lelio", "author_1_last"=>"Campanile", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Antonio", "author_2_last"=>"D’Onofrio", "author_2_prefix"=>"", "author_2_suffix"=>"", "author_3_first"=>"Stefano", "author_3_last"=>"Marrone", "author_3_prefix"=>"", "author_3_suffix"=>"", "author_4_first"=>"Fiammetta", "author_4_last"=>"Marulli", "author_4_prefix"=>"", "author_4_suffix"=>"", "author_5_first"=>"Mauro", "author_5_last"=>"Romoli", "author_5_prefix"=>"", "author_5_suffix"=>"", "author_6_first"=>"Carlo", "author_6_last"=>"Sabbarese", "author_6_prefix"=>"", "author_6_suffix"=>"", "author_7_first"=>"Laura", "author_7_last"=>"Verde", "author_7_prefix"=>"", "author_7_suffix"=>"", "title"=>"Supporting the Development of Digital Twins in Nuclear Waste Monitoring Systems", "year"=>"2023", "journal"=>"Procedia Computer Science", "volume"=>"225", "pages"=>"3133 – 3142", "doi"=>"10.1016/j.procs.2023.10.307", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85183549313&doi=10.1016%2fj.procs.2023.10.307&partnerID=40&md5=3a8186d28d33ed5e4e3a6a62648616ef", "abstract"=>"In a world whose attention to environmental and health problems is very high, the issue of properly managing nuclear waste is of a primary importance. Information and Communication Technologies have the due to support the definition of the next-generation plants for temporary storage of such wasting materials. This paper investigates on the adoption of one of the most cutting-edge techniques in computer science and engineering, i.e. Digital Twins, with the combination of other modern methods and technologies as Internet of Things, model-based and data-driven approaches. The result is the definition of a methodology able to support the construction of risk-aware facilities for storing nuclear waste. © 2023 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0)", "author_keywords"=>"Digital Twins; Model-driven risk assessment; Nuclear Waste Monitoring; Physical Protection Systems", "keywords"=>"Digital storage; Radioactive waste storage; Radioactive wastes; Computer science and engineerings; Cutting edges; Information and Communication Technologies; Model-driven; Model-driven risk assessment; Monitoring system; Nuclear waste monitoring; Physical protection systems; Risks assessments; Temporary storage; Risk assessment", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 4; All Open Access, Gold Open Access"}
       

   Details
5. Towards privacy-aware software design in small and medium enterprises

   Campanile, L., Iacono, M., & Mastroianni, M. (2022). Towards privacy-aware software design in small and medium enterprises. Proceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022. https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927958

   Abstract

   The legal definition of privacy regulations, like GDPR in the European Union, significantly impacted on the way in which software, systems and organizations should be designed or maintained to be compliant to rules. While the privacy community stated proper risk assessment and mitigation approaches to be applied, literature seems to suggest that the software engineering community, with special reference to companies, did actually concentrate on the specification phase, with less attention for the test phase of products. In coherence with the privacy-by-design approach, we believe that a bigger methodological effort must be put in the systematic adaptation of software development cycles to privacy regulations, and that this effort might be promoted in the industrial community by focusing on the relation between organizational costs vs technical features, also leveraging the benefits of targeted testing as a mean to lower operational privacy enforcement costs. © 2022 IEEE.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Campanile2022", "type"=>"Conference paper", "bibtex"=>"@conference{Campanile2022,\n  author = {Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele},\n  title = {Towards privacy-aware software design in small and medium enterprises},\n  year = {2022},\n  journal = {Proceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022},\n  doi = {10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927958}\n}\n", "author"=>"Campanile, Lelio and Iacono, Mauro and Mastroianni, Michele", "author_array"=>[{"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Mauro", "last"=>"Iacono", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Lelio", "author_0_last"=>"Campanile", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Mauro", "author_1_last"=>"Iacono", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Michele", "author_2_last"=>"Mastroianni", "author_2_prefix"=>"", "author_2_suffix"=>"", "title"=>"Towards privacy-aware software design in small and medium enterprises", "year"=>"2022", "journal"=>"Proceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022", "doi"=>"10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927958", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85145353321&doi=10.1109%2fDASC%2fPiCom%2fCBDCom%2fCy55231.2022.9927958&partnerID=40&md5=708dacdf77560860b78f2fe0500d32d5", "abstract"=>"The legal definition of privacy regulations, like GDPR in the European Union, significantly impacted on the way in which software, systems and organizations should be designed or maintained to be compliant to rules. While the privacy community stated proper risk assessment and mitigation approaches to be applied, literature seems to suggest that the software engineering community, with special reference to companies, did actually concentrate on the specification phase, with less attention for the test phase of products. In coherence with the privacy-by-design approach, we believe that a bigger methodological effort must be put in the systematic adaptation of software development cycles to privacy regulations, and that this effort might be promoted in the industrial community by focusing on the relation between organizational costs vs technical features, also leveraging the benefits of targeted testing as a mean to lower operational privacy enforcement costs.  © 2022 IEEE.", "author_keywords"=>"Agile methodology; GDPR; Nonfunctional requirements; Privacy; Privacy-by-design; Risk analysis; Software design; Software development life cycle (SDLC)", "keywords"=>"Laws and legislation; Life cycle; Risk analysis; Risk assessment; Software testing; Agile Methodologies; GDPR; Legal definition; Non-functional requirements; Privacy; Privacy aware; Privacy regulation; Small-and-medium enterprise; Software development life cycle; Software development life-cycle; Software design", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 13"}
       

   Details
6. Evaluating the Impact of Data Anonymization in a Machine Learning Application

   Campanile, L., Forgione, F., Mastroianni, M., Palmiero, G., & Sanghez, C. (2022). Evaluating the Impact of Data Anonymization in a Machine Learning Application [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13380 LNCS, 389–400. https://doi.org/10.1007/978-3-031-10542-5_27

   Abstract

   The data protection impact assessment is used to verify the necessity, proportionality and risks of data processing. Our work is based on the data processed by the technical support of a Wireless Service Provider. The team of WISP tech support uses a machine learning system to predict failures. The goal of our the experiments was to evaluate the DPIA with personal data and without personal data. In fact, in a first scenario, the experiments were conducted using a machine learning application powered by non-anonymous personal data. Instead in the second scenario, the data was anonymized before feeding the machine learning system. In this article we evaluate how much the Data Protection Impact Assessment changes when moving from a scenario with raw data to a scenario with anonymized data. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Campanile2022389", "type"=>"Conference paper", "bibtex"=>"@article{Campanile2022389,\n  author = {Campanile, Lelio and Forgione, Fabio and Mastroianni, Michele and Palmiero, Gianfranco and Sanghez, Carlo},\n  title = {Evaluating the Impact of Data Anonymization in a Machine Learning Application},\n  year = {2022},\n  journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},\n  volume = {13380 LNCS},\n  pages = {389 – 400},\n  doi = {10.1007/978-3-031-10542-5_27}\n}\n", "author"=>"Campanile, Lelio and Forgione, Fabio and Mastroianni, Michele and Palmiero, Gianfranco and Sanghez, Carlo", "author_array"=>[{"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Fabio", "last"=>"Forgione", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}, {"first"=>"Gianfranco", "last"=>"Palmiero", "prefix"=>"", "suffix"=>""}, {"first"=>"Carlo", "last"=>"Sanghez", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Lelio", "author_0_last"=>"Campanile", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Fabio", "author_1_last"=>"Forgione", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Michele", "author_2_last"=>"Mastroianni", "author_2_prefix"=>"", "author_2_suffix"=>"", "author_3_first"=>"Gianfranco", "author_3_last"=>"Palmiero", "author_3_prefix"=>"", "author_3_suffix"=>"", "author_4_first"=>"Carlo", "author_4_last"=>"Sanghez", "author_4_prefix"=>"", "author_4_suffix"=>"", "title"=>"Evaluating the Impact of Data Anonymization in a Machine Learning Application", "year"=>"2022", "journal"=>"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)", "volume"=>"13380 LNCS", "pages"=>"389 – 400", "doi"=>"10.1007/978-3-031-10542-5_27", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85135904907&doi=10.1007%2f978-3-031-10542-5_27&partnerID=40&md5=b550cf760c368d94894bd31b11163284", "abstract"=>"The data protection impact assessment is used to verify the necessity, proportionality and risks of data processing. Our work is based on the data processed by the technical support of a Wireless Service Provider. The team of WISP tech support uses a machine learning system to predict failures. The goal of our the experiments was to evaluate the DPIA with personal data and without personal data. In fact, in a first scenario, the experiments were conducted using a machine learning application powered by non-anonymous personal data. Instead in the second scenario, the data was anonymized before feeding the machine learning system. In this article we evaluate how much the Data Protection Impact Assessment changes when moving from a scenario with raw data to a scenario with anonymized data. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.", "author_keywords"=>"Data disappearance; DPIA; GDPR; Illegitimate access to data; Privacy; Risks; Unwanted modification of data; WISP", "keywords"=>"Computer aided instruction; Machine learning; Risk assessment; Data disappearance; Data protection impact assessments; DPIA; GDPR; Illegitimate access to data; Machine learning applications; Machine learning systems; Privacy; Unwanted modification of data; WISP; Data privacy", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 1"}
       

   Details
7. Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization

   Campanile, L., Cantiello, P., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12956 LNCS, 3–14. https://doi.org/10.1007/978-3-030-87010-2_1

   Abstract

   Blockchains provide a valid and profitable support for the implementation of trustable and secure distributed ledgers, in support to groups of subjects that are potentially competitors in conflict of interest but need to share progressive information recording processes. Blockchains prevent data stored in blocks from being altered or deleted, but there are situations in which stored information must be deleted or made inaccessible on request or periodically, such as the ones in which GDPR is applicable. In this paper we present literature solutions and design an implementation in the context of a traffic management system for the Internet of Vehicles based on the Pseudonymization/Cryptography solution, evaluating its viability, its GDPR compliance and its level of risk. © 2021, Springer Nature Switzerland AG.

   DOI Publisher Details Copy BibTeX Download .bib

   {"key"=>"Campanile20213", "type"=>"Conference paper", "bibtex"=>"@article{Campanile20213,\n  author = {Campanile, Lelio and Cantiello, Pasquale and Iacono, Mauro and Marulli, Fiammetta and Mastroianni, Michele},\n  title = {Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization},\n  year = {2021},\n  journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},\n  volume = {12956 LNCS},\n  pages = {3 – 14},\n  doi = {10.1007/978-3-030-87010-2_1}\n}\n", "author"=>"Campanile, Lelio and Cantiello, Pasquale and Iacono, Mauro and Marulli, Fiammetta and Mastroianni, Michele", "author_array"=>[{"first"=>"Lelio", "last"=>"Campanile", "prefix"=>"", "suffix"=>""}, {"first"=>"Pasquale", "last"=>"Cantiello", "prefix"=>"", "suffix"=>""}, {"first"=>"Mauro", "last"=>"Iacono", "prefix"=>"", "suffix"=>""}, {"first"=>"Fiammetta", "last"=>"Marulli", "prefix"=>"", "suffix"=>""}, {"first"=>"Michele", "last"=>"Mastroianni", "prefix"=>"", "suffix"=>""}], "author_0_first"=>"Lelio", "author_0_last"=>"Campanile", "author_0_prefix"=>"", "author_0_suffix"=>"", "author_1_first"=>"Pasquale", "author_1_last"=>"Cantiello", "author_1_prefix"=>"", "author_1_suffix"=>"", "author_2_first"=>"Mauro", "author_2_last"=>"Iacono", "author_2_prefix"=>"", "author_2_suffix"=>"", "author_3_first"=>"Fiammetta", "author_3_last"=>"Marulli", "author_3_prefix"=>"", "author_3_suffix"=>"", "author_4_first"=>"Michele", "author_4_last"=>"Mastroianni", "author_4_prefix"=>"", "author_4_suffix"=>"", "title"=>"Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization", "year"=>"2021", "journal"=>"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)", "volume"=>"12956 LNCS", "pages"=>"3 – 14", "doi"=>"10.1007/978-3-030-87010-2_1", "url"=>"https://www.scopus.com/inward/record.uri?eid=2-s2.0-85115698960&doi=10.1007%2f978-3-030-87010-2_1&partnerID=40&md5=445c0e92ccab7722cfb6aa1c79f1802f", "abstract"=>"Blockchains provide a valid and profitable support for the implementation of trustable and secure distributed ledgers, in support to groups of subjects that are potentially competitors in conflict of interest but need to share progressive information recording processes. Blockchains prevent data stored in blocks from being altered or deleted, but there are situations in which stored information must be deleted or made inaccessible on request or periodically, such as the ones in which GDPR is applicable. In this paper we present literature solutions and design an implementation in the context of a traffic management system for the Internet of Vehicles based on the Pseudonymization/Cryptography solution, evaluating its viability, its GDPR compliance and its level of risk. © 2021, Springer Nature Switzerland AG.", "author_keywords"=>"Blockchain; GDPR; IoV; Privacy; Pseudonymization; Risk analysis", "keywords"=>"Blockchain; Data privacy; Risk assessment; Block-chain; Conflicts of interest; GDPR; Information recording; IoV; Privacy; Pseudonymization; Recording process; Traffic management systems; Risk analysis", "publication_stage"=>"Final", "source"=>"Scopus", "note"=>"Cited by: 95"}
       

   Details

← Back to all publications