Topic: GDPR
Published:
2026
- DetailsCampanile, L., Iacono, M., Mastroianni, M., Riccio, C., & Viscardi, B. (2026). A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation [Conference paper]. Lecture Notes in Computer Science, 15893 LNCS, 303–316. https://doi.org/10.1007/978-3-031-97645-2_20
Abstract
Adapting or designing a system which operates on personal data in EU is impacted by the privacy-by-design and privacy-by-default principles because of the prescriptions of the GDPR. In this paper we propose an approach to decision making which is based on TOPSIS (Technique for Order Preference by Similarity to Ideal Solution). The approach is applied to a GDPR system compliance design process, based on a case study about system performance evaluation by means of queuing networks, but is absolutely general with respect to analogous problems, in which cost issues should be balanced with technical performances and risk exposure. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.
2025
- DetailsDi Giovanni, M., Verde, L., Campanile, L., Romoli, M., Sabbarese, C., & Marrone, S. (2025). Assessing Safety and Sustainability of a Monitoring System for Nuclear Waste Management [Article]. IEEE Access, 13, 120486–120505. https://doi.org/10.1109/ACCESS.2025.3586735
Abstract
Nowadays, nuclear technologies are increasingly being integrated into industry, healthcare and manufacturing. As a side effect, waste materials are produced according to standard processes which are subject to international regulations. One of the most critical phases is the pre-disposal, due to the uncertainty related to the evolution of the materials and their potential impact on environmental protection. This paper introduces the architecture of a monitoring system able to accomplish safety goals and to guarantee energetic sustainability. The possibility of defining different system configurations (e. g., sensor scheduling policies, geometry of the sites, trustworthiness of the sensors) fosters a high adaptability to several monitoring scenarios, being characterised by different safety and sustainability levels. A methodology, integrating a model-based approach with data collection and processing, is proposed to quantitatively evaluate system configurations. This methodology is based on the definition of two metrics — one for safety and one for sustainability — and an assessment model. The model computes the metrics considering geometry of the place, scheduling and trustworthiness of monitoring sensors. This is a first step in the construction of a Decision Support System able to aid human operators in assessing system configurations and finding possible safety/sustainability trade-offs. A case study is used to show the feasibility of the approach: some configurations are evaluated on the real plant, placed at Řež in the Czech Republic, assessing them on the base of the defined metrics. © 2025 The Authors. - DetailsMarulli, F., Campanile, L., Ragucci, G., Carbone, S., & Bifulco, M. (2025). Data Generation and Cybersecurity: A Major Opportunity or the Next Nightmare? [Conference paper]. Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025, 969–974. https://doi.org/10.1109/CSR64739.2025.11130069
Abstract
In recent years, the proliferation of synthetic data generation techniques-driven by advances in artificial intelli-gence-has opened new possibilities across a wide range of fields, from healthcare to autonomous systems, by addressing critical data scarcity issues. However, this technological progress also brings with it a growing concern: the dual-use nature of synthetic data. While it offers powerful tools for innovation, it simultaneously introduces significant risks related to information disorder and cybersecurity. As AI systems become increasingly capable of producing highly realistic yet entirely fabricated content, the boundaries between authentic and artificial information blur, making it more difficult to detect manipulation, protect digital infrastructures, and maintain public trust. This work undertakes a preliminary exploration of the evolving nexus between Generative AI, Information Disorder, and Cybersecurity: it aims to investigate the complex interplay among these three and to map their dynamic interactions and reciprocal influences, highlighting both the potential benefits and the looming challenges posed by this evolving landscape. Moreover, it seeks to propose a conceptual framework for assessing these interdependencies through a set of indicative metrics, offering a foundation for future empirical evaluation and strategic response. © 2025 IEEE. - DetailsCampanile, L., Iacono, M., Mastroianni, M., & Riccio, C. (2025). Performance Evaluation of an Edge-Blockchain Architecture for Smart City [Conference paper]. Proceedings - European Council for Modelling and Simulation, ECMS, 2025-June, 620–627. https://doi.org/10.7148/2025-0620
Abstract
This paper presents a simulation-based methodology to evaluate the performance of a privacy-compliant edge-blockchain architecture for smart city environments. The proposed model combines edge computing with a private, permissioned blockchain to ensure low-latency processing, secure data management, and verifiable transactions. Using a discrete-event simulation framework, we analyze the behavior of the system under realistic workloads and time-varying traffic conditions. The model captures edge operations, including preprocessing and cryptographic tasks, as well as blockchain validation using Proof of Stake consensus. Several experiments explore saturation thresholds, resource utilization, and latency dynamics, under both synthetic and realistic traffic profiles. Results reveal how architectural bottlenecks shift depending on resource allocation and input rate, and demonstrate the importance of balanced dimensioning between edge and blockchain layers. © ECMS Marco Scarpa, Salvatore Cavalieri, Salvatore Serrano, Fabrizio De Vita (Editors) 2025.
2023
- DetailsCampanile, L., de Fazio, R., Di Giovanni, M., Marrone, S., Marulli, F., & Verde, L. (2023). Inferring Emotional Models from Human-Machine Speech Interactions [Conference paper]. Procedia Computer Science, 225, 1241–1250. https://doi.org/10.1016/j.procs.2023.10.112
Abstract
Human-Machine Interfaces (HMIs) are getting more and more important in a hyper-connected society. Traditional HMIs are built considering cognitive features while emotional ones are often neglected, bringing sometimes such interfaces to misuse. As a part of a long run research, oriented to the definition of an HMI engineering approach, this paper concretely proposes a method to build an emotional-aware explicit model of the user starting from the behaviour of the human with a virtual agent. The paper also proposes an instance of this model inference process in voice assistants in an automatic depression context, which can constitute the core phase to realize a Human Digital Twin of a patient. The case study generated a model composed of Fluid Stochastic Petri Net sub-models, achieved after the data analysis by a Support Vector Machine. © 2023 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0) - DetailsBobbio, A., Campanile, L., Gribaudo, M., Iacono, M., Marulli, F., & Mastroianni, M. (2023). A cyber warfare perspective on risks related to health IoT devices and contact tracing [Article]. Neural Computing and Applications, 35(19), 13823–13837. https://doi.org/10.1007/s00521-021-06720-1
Abstract
The wide use of IT resources to assess and manage the recent COVID-19 pandemic allows to increase the effectiveness of the countermeasures and the pervasiveness of monitoring and prevention. Unfortunately, the literature reports that IoT devices, a widely adopted technology for these applications, are characterized by security vulnerabilities that are difficult to manage at the state level. Comparable problems exist for related technologies that leverage smartphones, such as contact tracing applications, and non-medical health monitoring devices. In analogous situations, these vulnerabilities may be exploited in the cyber domain to overload the crisis management systems with false alarms and to interfere with the interests of target countries, with consequences on their economy and their political equilibria. In this paper we analyze the potential threat to an example subsystem to show how these influences may impact it and evaluate a possible consequence. © 2021, The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature. - DetailsDi Giovanni, M., Campanile, L., D’Onofrio, A., Marrone, S., Marulli, F., Romoli, M., Sabbarese, C., & Verde, L. (2023). Supporting the Development of Digital Twins in Nuclear Waste Monitoring Systems [Conference paper]. Procedia Computer Science, 225, 3133–3142. https://doi.org/10.1016/j.procs.2023.10.307
Abstract
In a world whose attention to environmental and health problems is very high, the issue of properly managing nuclear waste is of a primary importance. Information and Communication Technologies have the due to support the definition of the next-generation plants for temporary storage of such wasting materials. This paper investigates on the adoption of one of the most cutting-edge techniques in computer science and engineering, i.e. Digital Twins, with the combination of other modern methods and technologies as Internet of Things, model-based and data-driven approaches. The result is the definition of a methodology able to support the construction of risk-aware facilities for storing nuclear waste. © 2023 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0) - DetailsConference Merging Model-Based and Data-Driven Approaches for Resilient Systems Digital Twins DesignCampanile, L., De Biase, M. S., De Fazio, R., Di Giovanni, M., Marulli, F., & Verde, L. (2023). Merging Model-Based and Data-Driven Approaches for Resilient Systems Digital Twins Design [Conference paper]. Proceedings of the 2023 IEEE International Conference on Cyber Security and Resilience, CSR 2023, 301–306. https://doi.org/10.1109/CSR57506.2023.10224945
Abstract
Nowadays, the problem of system robustness, es-pecially in critical infrastructures, is a challenging open question. Some systems provide crucial services continuously failing, threatening the availability of the provided services. By designing a robust architecture, this criticality could be overcome or limited, ensuring service continuity. The definition of a resilient system involves not only its architecture but also the methodology implemented for the calculation and analysis of some indices, quantifying system performance. This study provides an innovative architecture for Digital Twins implementation based on a hybrid methodology for improving the control system in realtime. The introduced approach brings together different techniques. In particular, the work combines the point of strengths of Model-based methods and Data-driven ones, aiming to improve system performances. © 2023 IEEE.
2022
- DetailsCampanile, L., Iacono, M., & Mastroianni, M. (2022). Towards privacy-aware software design in small and medium enterprises. Proceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022. https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927958
Abstract
The legal definition of privacy regulations, like GDPR in the European Union, significantly impacted on the way in which software, systems and organizations should be designed or maintained to be compliant to rules. While the privacy community stated proper risk assessment and mitigation approaches to be applied, literature seems to suggest that the software engineering community, with special reference to companies, did actually concentrate on the specification phase, with less attention for the test phase of products. In coherence with the privacy-by-design approach, we believe that a bigger methodological effort must be put in the systematic adaptation of software development cycles to privacy regulations, and that this effort might be promoted in the industrial community by focusing on the relation between organizational costs vs technical features, also leveraging the benefits of targeted testing as a mean to lower operational privacy enforcement costs. © 2022 IEEE. - DetailsCampanile, L., Forgione, F., Mastroianni, M., Palmiero, G., & Sanghez, C. (2022). Evaluating the Impact of Data Anonymization in a Machine Learning Application [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13380 LNCS, 389–400. https://doi.org/10.1007/978-3-031-10542-5_27
Abstract
The data protection impact assessment is used to verify the necessity, proportionality and risks of data processing. Our work is based on the data processed by the technical support of a Wireless Service Provider. The team of WISP tech support uses a machine learning system to predict failures. The goal of our the experiments was to evaluate the DPIA with personal data and without personal data. In fact, in a first scenario, the experiments were conducted using a machine learning application powered by non-anonymous personal data. Instead in the second scenario, the data was anonymized before feeding the machine learning system. In this article we evaluate how much the Data Protection Impact Assessment changes when moving from a scenario with raw data to a scenario with anonymized data. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG. - DetailsCampanile, L., Iacono, M., Marulli, F., Gribaudo, M., & Mastroianni, M. (2022). A DSL-based modeling approach for energy harvesting IoT/WSN [Conference paper]. Proceedings - European Council for Modelling and Simulation, ECMS, 2022-May, 317–323. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85130645195&partnerID=40&md5=f2d475b445f76d3b5f49752171c0fada
Abstract
The diffusion of intelligent services and the push for the integration of computing systems and services in the environment in which they operate require a constant sensing activity and the acquisition of different information from the environment and the users. Health monitoring, domotics, Industry 4.0 and environmental challenges leverage the availability of cost-effective sensing solutions that allow both the creation of knowledge bases and the automatic process of them, be it with algorithmic approaches or artificial intelligence solutions. The foundation of these solutions is given by the Internet of Things (IoT), and the substanding Wireless Sensor Networks (WSN) technology stack. Of course, design approaches are needed that enable defining efficient and effective sensing infrastructures, including energy related aspects. In this paper we present a Domain Specific Language for the design of energy aware WSN IoT solutions, that allows domain experts to define sensor network models that may be then analyzed by simulation-based or analytic techniques to evaluate the effect of task allocation and offioading and energy harvesting and utilization in the network. The language has been designed to leverage the SIMTHESys modeling framework and its multiformalism modeling evaluation features. ©ECMS Ibrahim A. Hameed, Agus Hasan, Saleh Abdel-Afou Alaliyat (Editors) 2022 - DetailsCampanile, L., Marrone, S., Marulli, F., & Verde, L. (2022). Challenges and Trends in Federated Learning for Well-being and Healthcare [Conference paper]. Procedia Computer Science, 207, 1144–1153. https://doi.org/10.1016/j.procs.2022.09.170
Abstract
Currently, research in Artificial Intelligence, both in Machine Learning and Deep Learning, paves the way for promising innovations in several areas. In healthcare, especially, where large amounts of quantitative and qualitative data are transferred to support studies and early diagnosis and monitoring of any diseases, potential security and privacy issues cannot be underestimated. Federated learning is an approach where privacy issues related to sensitive data management can be significantly reduced, due to the possibility to train algorithms without exchanging data. The main idea behind this approach is that learning models can be trained in a distributed way, where multiple devices or servers with decentralized data samples can provide their contributions without having to exchange their local data. Recent studies provided evidence that prototypes trained by adopting Federated Learning strategies are able to achieve reliable performance, thus by generating robust models without sharing data and, consequently, limiting the impact on security and privacy. This work propose a literature overview of Federated Learning approaches and systems, focusing on its application for healthcare. The main challenges, implications, issues and potentials of this approach in the healthcare are outlined. © 2022 The Authors. Published by Elsevier B.V. - DetailsConference Sensitive Information Detection Adopting Named Entity Recognition: A Proposed MethodologyCampanile, L., de Biase, M. S., Marrone, S., Marulli, F., Raimondo, M., & Verde, L. (2022). Sensitive Information Detection Adopting Named Entity Recognition: A Proposed Methodology [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13380 LNCS, 377–388. https://doi.org/10.1007/978-3-031-10542-5_26
Abstract
Protecting and safeguarding privacy has become increasingly important, especially in recent years. The increasing possibilities of acquiring and sharing personal information and data through digital devices and platforms, such as apps or social networks, have increased the risks of privacy breaches. In order to effectively respect and guarantee the privacy and protection of sensitive information, it is necessary to develop mechanisms capable of providing such guarantees automatically and reliably. In this paper we propose a methodology able to automatically recognize sensitive data. A Named Entity Recognition was used to identify appropriate entities. An improvement in the recognition of these entities is achieved by evaluating the words contained in an appropriate context window by assessing their similarity to words in a domain taxonomy. This, in fact, makes it possible to refine the labels of the recognized categories using a generic Named Entity Recognition. A preliminary evaluation of the reliability of the proposed approach was performed. In detail, texts of juridical documents written in Italian were analyzed. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG. - DetailsConference A Federated Consensus-Based Model for Enhancing Fake News and Misleading Information DebunkingMarulli, F., Verde, L., Marrore, S., & Campanile, L. (2022). A Federated Consensus-Based Model for Enhancing Fake News and Misleading Information Debunking [Conference paper]. Smart Innovation, Systems and Technologies, 309, 587–596. https://doi.org/10.1007/978-981-19-3444-5_50
Abstract
Misinformation and Fake News are hard to dislodge. According to experts on this phenomenon, to fight disinformation a less credulous public is needed; so, current AI techniques can support misleading information debunking, given the human tendency to believe “facts” that confirm biases. Much effort has been recently spent by the research community on this plague: several AI-based approaches for automatic detection and classification of Fake News have been proposed; unfortunately, Fake News producers have refined their ability in eluding automatic ML and DL-based detection systems. So, debunking false news represents an effective weapon to contrast the users’ reliance on false information. In this work, we propose a preliminary study aiming to approach the design of effective fake news debunking systems, harnessing two complementary federated approaches. We propose, firstly, a federation of independent classification systems to accomplish a debunking process, by applying a distributed consensus mechanism. Secondly, a federated learning task, involving several cooperating nodes, is accomplished, to obtain a unique merged model, including features of single participants models, trained on different and independent data fragments. This study is a preliminary work aiming to to point out the feasibility and the comparability of these proposed approaches, thus paving the way to an experimental campaign that will be performed on effective real data, thus providing an evidence for an effective and feasible model for detecting potential heterogeneous fake news. Debunking misleading information is mission critical to increase the awareness of facts on the part of news consumers. © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. - DetailsCampanile, L., Biase, M. S. de, Marrone, S., Raimondo, M., & Verde, L. (2022). On the Evaluation of BDD Requirements with Text-based Metrics: The ETCS-L3 Case Study [Conference paper]. Smart Innovation, Systems and Technologies, 309, 561–571. https://doi.org/10.1007/978-981-19-3444-5_48
Abstract
A proper requirement definition phase is of a paramount importance in software engineering. It is the first and prime mean to realize efficient and reliable systems. System requirements are usually formulated and expressed in natural language, given its universality and ease of communication and writing. Unfortunately, natural language can be a source of ambiguity, complexity and omissions, which may cause system failures. Among the different approaches proposed by the software engineering community, Behavioural-Driven Development (BDD) is affirming as a valid, practical method to structure effective and non-ambiguous requirement specifications. The paper tackles with the problem of measuring requirements in BDD by assessing some traditional Natural Language Processing-related metrics with respect to a sample excerpt of requirement specification rewritten according to the BDD criteria. This preliminary assessment is made on the ERTMS-ETCS Level 3 case study whose specification, up to this date, is not managed by a standardisation body. The paper demonstrates the necessity of novel metrics able to cope with the BDD specification paradigms. © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
2021
- DetailsBarbierato, E., Campanile, L., Gribaudo, M., Iacono, M., Mastroianni, M., & Nacchia, S. (2021). Performance evaluation for the design of a hybrid cloud based distance synchronous and asynchronous learning architecture [Article]. Simulation Modelling Practice and Theory, 109. https://doi.org/10.1016/j.simpat.2021.102303
Abstract
The COVID-19 emergency suddenly obliged schools and universities around the world to deliver on-line lectures and services. While the urgency of response resulted in a fast and massive adoption of standard, public on-line platforms, generally owned by big players in the digital services market, this does not sufficiently take into account privacy-related and security-related issues and potential legal problems about the legitimate exploitation of the intellectual rights about contents. However, the experience brought to attention a vast set of issues, which have been addressed by implementing these services by means of private platforms. This work presents a modeling and evaluation framework, defined on a set of high-level, management-oriented parameters and based on a Vectorial Auto Regressive Fractional (Integrated) Moving Average based approach, to support the design of distance learning architectures. The purpose of this framework is to help decision makers to evaluate the requirements and the costs of hybrid cloud technology solutions. Furthermore, it aims at providing a coarse grain reference organization integrating low-cost, long-term storage management services to implement a viable and accessible history feature for all materials. The proposed solution has been designed bearing in mind the ecosystem of Italian universities. A realistic case study has been shaped on the needs of an important, generalist, polycentric Italian university, where some of the authors of this paper work. © 2021 Elsevier B.V. - DetailsCampanile, L., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Designing a GDPR compliant blockchain-based IoV distributed information tracking system [Article]. Information Processing and Management, 58(3). https://doi.org/10.1016/j.ipm.2021.102511
Abstract
Blockchain technologies and distributed ledgers enable the design and implementation of trustable data logging systems that can be used by multiple parties to produce a non-repudiable database. The case of Internet of Vehicles may greatly benefit of such a possibility to track the chain of responsibility in case of accidents or damages due to bad or omitted maintenance, improving the safety of circulation and helping granting a correct handling of related legal issues. However, there are privacy issues that have to be considered, as tracked information potentially include data about private persons (position, personal habits), commercially relevant information (state of the fleet of a company, freight movement and related planning, logistic strategies), or even more critical knowledge (e.g., considering vehicles belonging to police, public authorities, governments or officers in sensible positions). In the European Union, all this information is covered by the General Data Protection Regulation (GDPR). In this paper we propose a reference model for a system that manages relevant information to show how blockchain can support GDPR compliant solutions for Internet of Vehicles, taking as a reference an integrated scenario based on Italy, and analyze a subset of its use cases to show its viability with reference to privacy issues. © 2021 Elsevier Ltd - DetailsCampanile, L., Cantiello, P., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12956 LNCS, 3–14. https://doi.org/10.1007/978-3-030-87010-2_1
Abstract
Blockchains provide a valid and profitable support for the implementation of trustable and secure distributed ledgers, in support to groups of subjects that are potentially competitors in conflict of interest but need to share progressive information recording processes. Blockchains prevent data stored in blocks from being altered or deleted, but there are situations in which stored information must be deleted or made inaccessible on request or periodically, such as the ones in which GDPR is applicable. In this paper we present literature solutions and design an implementation in the context of a traffic management system for the Internet of Vehicles based on the Pseudonymization/Cryptography solution, evaluating its viability, its GDPR compliance and its level of risk. © 2021, Springer Nature Switzerland AG. - DetailsJournal Privacy regulations, smart roads, blockchain, and liability insurance: Putting technologies to workCampanile, L., Iacono, M., Levis, A. H., Marulli, F., & Mastroianni, M. (2021). Privacy regulations, smart roads, blockchain, and liability insurance: Putting technologies to work [Article]. IEEE Security and Privacy, 19(1), 34–43. https://doi.org/10.1109/MSEC.2020.3012059
Abstract
Smart streets promise widely available traffic information to help improve people’s safety. Unfortunately, gathering that data may threaten privacy. We describe an architecture that exploits a blockchain and the Internet of Vehicles and show its compliance with the General Data Protection Regulation. © 2003-2012 IEEE. - DetailsCampanile, L., Gribaudo, M., Iacono, M., & Mastroianni, M. (2021). Hybrid Simulation of Energy Management in IoT Edge Computing Surveillance Systems [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13104 LNCS, 345–359. https://doi.org/10.1007/978-3-030-91825-5_21
Abstract
Internet of Things (IoT) is a well established approach used for the implementation of surveillance systems that are suitable for monitoring large portions of territory. Current developments allow the design of battery powered IoT nodes that can communicate over the network with low energy requirements and locally perform some computing and coordination task, besides running sensing and related processing: it is thus possible to implement edge computing oriented solutions on IoT, if the design encompasses both hardware and software elements in terms of sensing, processing, computing, communications and routing energy costs as one of the quality indices of the system. In this paper we propose a modeling approach for edge computing IoT-based monitoring systems energy related characteristics, suitable for the analysis of energy levels of large battery powered monitoring systems with dynamic and reactive computing workloads. © 2021, Springer Nature Switzerland AG.
2020
- DetailsCampanile, L., Iacono, M., Marrone, S., & Mastroianni, M. (2020). On Performance Evaluation of Security Monitoring in Multitenant Cloud Applications [Article]. Electronic Notes in Theoretical Computer Science, 353, 107–127. https://doi.org/10.1016/j.entcs.2020.09.020
Abstract
In this paper we present a modeling approach suitable for practical evaluation of the delays that may affect security monitoring systems in (multitenant) cloud based architecture, and in general to support professionals in planning and evaluating relevant parameters in dealing with new designs or migration projects. The approach is based on modularity and multiformalism techniques to manage complexity and guide designers in an incremental process, to help transferring technical knowledge into modeling practice and to help easing the use of simulation. We present a case study based on a real experience, triggered by a new legal requirement that Italian Public Administration should comply about their datacenters. © 2020 The Author(s) - DetailsCampanile, L., Gribaudo, M., Iacono, M., & Mastroianni, M. (2020). Modelling performances of an autonomic router running under attack [Conference paper]. International Journal of Embedded Systems, 12(4), 458–466. https://doi.org/10.1504/IJES.2020.107645
Abstract
Modern warehouse-scale computing facilities, seamlessly enabled by virtualisation technologies, are based on thousands of independent computing nodes that are administered according to efficiency criteria that depend on workload. Networks play a pivotal role in these systems, as they are likely to be the performance bottleneck, and because of the high variability of data and management traffic. Because of the scale of the system, the prevalent network management model is based on autonomic networking, a paradigm based on self-regulation of the networking subsystem, that requires routers capable of adapting their policies to traffic by a local or global strategy. In this paper we focus on performance modelling of autonomic routers, to provide a simple, yet representative elementary performance model to provide a starting point for a comprehensive autonomic network modelling approach. The proposed model is used to evaluate the behaviour of a router under attack under realistic workload and parameters assumptions. Copyright © 2020 Inderscience Enterprises Ltd. - DetailsConference Privacy regulations challenges on data-centric and iot systems: A case study for smart vehiclesCampanile, L., Iacono, M., Marulli, F., & Mastroianni, M. (2020). Privacy regulations challenges on data-centric and iot systems: A case study for smart vehicles [Conference paper]. IoTBDS 2020 - Proceedings of the 5th International Conference on Internet of Things, Big Data and Security, 507–520. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85089476036&partnerID=40&md5=c18dd73c221ec312a330521bf03d332e
Abstract
Internet of Things (IoTs) services and data-centric systems allow smart and efficient information exchanging. Anyway, even if existing IoTs and cyber security architectures are enforcing, they are still vulnerable to security issues, as unauthorized access, data breaches, intrusions. They can’t provide yet sufficiently robust and secure solutions to be applied in a straightforward way, both for ensuring privacy preservation and trustworthiness of transmitted data, evenly preventing from its fraudulent and unauthorized usage. Such data potentially include critical information about persons’ privacy (locations, visited places, behaviors, goods, anagraphic data and health conditions). So, novel approaches for IoTs and data-centric security are needed. In this work, we address IoTs systems security problem focusing on the privacy preserving issue. Indeed, after the European Union introduced the General Data Protection Regulation (GDPR), privacy data protection is a mandatory requirement for systems producing and managing sensible users’ data. Starting from a case study for the Internet of Vehicles (IoVs), we performed a pilot study and DPIA assessment to analyze possible mitigation strategies for improving the compliance of IoTs based systems to GDPR requirements. Our preliminary results evidenced that the introduction of blockchains in IoTs systems architectures can improve significantly the compliance to privacy regulations. Copyright © 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved. - DetailsCampanile, L., Iacono, M., Marulli, F., & Mastroianni, M. (2020). A simulation study on a WSN for emergency management [Conference paper]. Proceedings - European Council for Modelling and Simulation, ECMS, 34(1), 384–392. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85094937629&partnerID=40&md5=69ee7b771d76c72bd5012883b86e67ca
Abstract
Wireless Sensors Networks (WSN) are one of the ways to provide the communication infrastructure for advanced applications based on the Internet of Things (IoT) paradigm. IoT supports high level applications over WSN to provide services in a number of fields. WSN are also suitable to support critical applications, as the supporting technologies are consolidated and standard network services can be used on top of the specific layers. Furthermore, generic distributed or network-enabled software can be run over the nodes of a WSN. In this paper we evaluate and compare performances of IEEE 802.llg and 802.1 In, two implementations of the popular Wi-Fi technology, to support the deployment and utilization of an energy management support system, used to monitor the field by a team of firefighters during a mission. Evaluation on an example scenario is done by using ns-3, an open network simulator characterized by its realistic details, to understand the actual limitations of the two standards besides theoretical limits. © ECMS Mike Steglich, Christian Mueller, Gaby Neumann, Mathias Walther. - DetailsCampanile, L., Iacono, M., Martinelli, F., Marulli, F., Mastroianni, M., Mercaldo, F., & Santone, A. (2020). Towards the Use of Generative Adversarial Neural Networks to Attack Online Resources [Conference paper]. Advances in Intelligent Systems and Computing, 1150 AISC, 890–901. https://doi.org/10.1007/978-3-030-44038-1_81
Abstract
The role of remote resources, such as the ones provided by Cloud infrastructures, is of paramount importance for the implementation of cost effective, yet reliable software systems to provide services to third parties. Cost effectiveness is a direct consequence of a correct estimation of resource usage, to be able to define a budget and estimate the right price to put own services on the market. Attacks that overload resources with non legitimate requests, being them explicit attacks or just malicious, non harmful resource engagements, may push the use of Cloud resources beyond estimation, causing additional costs, or unexpected energy usage, or a lower overall quality of services, so intrusion detection devices or firewalls are set to avoid undesired accesses. We propose the use of Generative Adversarial Neural Networks (GANs) to setup a method for shaping request based attacks capable of reaching resources beyond defenses. The approach is studied by using a publicly available traffic data set, to test the concept and demonstrate its potential applications. © 2020, Springer Nature Switzerland AG.
2019
- DetailsGribaudo, M., Campanile, L., Iacono, M., & Mastroianni, M. (2019). Performance modeling and analysis of an autonomic router [Conference paper]. Proceedings - European Council for Modelling and Simulation, ECMS, 33(1), 441–447. https://doi.org/10.7148/2019-0441
Abstract
Modern networking is moving towards exploitation of autonomic features into networks to reduce management effort and compensate the increasing complexity of network infrastructures, e.g. in large computing facilities such the data centers that support cloud services delivery. Autonomicity provides the possibility of reacting to anomalies in network traffic by recognizing them and applying administrator defined reactions without the need for human intervention, obtaining a quicker response and easier adaptation to network dynamics, and letting administrators focus on general system-wide policies, rather than on each component of the infrastructure. The process of defining proper policies may benefit from adopting model-based design cycles, to get an estimation of their effects. In this paper we propose a model-based analysis approach of a simple autonomic router, using Stochastic Petri Nets, to evaluate the behavior of given policies designed to react to traffic workloads. The approach allows a detailed analysis of the dynamics of the policy and is suitable to be used in the preliminary phases of the design cycle for a Software Defined Networks compliant router control plane. ©ECMS Mauro Iacono, Francesco Palmieri, Marco Gribaudo, Massimo Ficco (Editors).
2026
- DetailsCampanile, L., Iacono, M., Mastroianni, M., Riccio, C., & Viscardi, B. (2026). A TOPSIS-Based Approach to Evaluate Alternative Solutions for GDPR-Compliant Smart-City Services Implementation [Conference paper]. Lecture Notes in Computer Science, 15893 LNCS, 303–316. https://doi.org/10.1007/978-3-031-97645-2_20
Abstract
Adapting or designing a system which operates on personal data in EU is impacted by the privacy-by-design and privacy-by-default principles because of the prescriptions of the GDPR. In this paper we propose an approach to decision making which is based on TOPSIS (Technique for Order Preference by Similarity to Ideal Solution). The approach is applied to a GDPR system compliance design process, based on a case study about system performance evaluation by means of queuing networks, but is absolutely general with respect to analogous problems, in which cost issues should be balanced with technical performances and risk exposure. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.
2025
- DetailsDi Giovanni, M., Verde, L., Campanile, L., Romoli, M., Sabbarese, C., & Marrone, S. (2025). Assessing Safety and Sustainability of a Monitoring System for Nuclear Waste Management [Article]. IEEE Access, 13, 120486–120505. https://doi.org/10.1109/ACCESS.2025.3586735
Abstract
Nowadays, nuclear technologies are increasingly being integrated into industry, healthcare and manufacturing. As a side effect, waste materials are produced according to standard processes which are subject to international regulations. One of the most critical phases is the pre-disposal, due to the uncertainty related to the evolution of the materials and their potential impact on environmental protection. This paper introduces the architecture of a monitoring system able to accomplish safety goals and to guarantee energetic sustainability. The possibility of defining different system configurations (e. g., sensor scheduling policies, geometry of the sites, trustworthiness of the sensors) fosters a high adaptability to several monitoring scenarios, being characterised by different safety and sustainability levels. A methodology, integrating a model-based approach with data collection and processing, is proposed to quantitatively evaluate system configurations. This methodology is based on the definition of two metrics — one for safety and one for sustainability — and an assessment model. The model computes the metrics considering geometry of the place, scheduling and trustworthiness of monitoring sensors. This is a first step in the construction of a Decision Support System able to aid human operators in assessing system configurations and finding possible safety/sustainability trade-offs. A case study is used to show the feasibility of the approach: some configurations are evaluated on the real plant, placed at Řež in the Czech Republic, assessing them on the base of the defined metrics. © 2025 The Authors. - DetailsMarulli, F., Campanile, L., Ragucci, G., Carbone, S., & Bifulco, M. (2025). Data Generation and Cybersecurity: A Major Opportunity or the Next Nightmare? [Conference paper]. Proceedings of the 2025 IEEE International Conference on Cyber Security and Resilience, CSR 2025, 969–974. https://doi.org/10.1109/CSR64739.2025.11130069
Abstract
In recent years, the proliferation of synthetic data generation techniques-driven by advances in artificial intelli-gence-has opened new possibilities across a wide range of fields, from healthcare to autonomous systems, by addressing critical data scarcity issues. However, this technological progress also brings with it a growing concern: the dual-use nature of synthetic data. While it offers powerful tools for innovation, it simultaneously introduces significant risks related to information disorder and cybersecurity. As AI systems become increasingly capable of producing highly realistic yet entirely fabricated content, the boundaries between authentic and artificial information blur, making it more difficult to detect manipulation, protect digital infrastructures, and maintain public trust. This work undertakes a preliminary exploration of the evolving nexus between Generative AI, Information Disorder, and Cybersecurity: it aims to investigate the complex interplay among these three and to map their dynamic interactions and reciprocal influences, highlighting both the potential benefits and the looming challenges posed by this evolving landscape. Moreover, it seeks to propose a conceptual framework for assessing these interdependencies through a set of indicative metrics, offering a foundation for future empirical evaluation and strategic response. © 2025 IEEE. - DetailsCampanile, L., Iacono, M., Mastroianni, M., & Riccio, C. (2025). Performance Evaluation of an Edge-Blockchain Architecture for Smart City [Conference paper]. Proceedings - European Council for Modelling and Simulation, ECMS, 2025-June, 620–627. https://doi.org/10.7148/2025-0620
Abstract
This paper presents a simulation-based methodology to evaluate the performance of a privacy-compliant edge-blockchain architecture for smart city environments. The proposed model combines edge computing with a private, permissioned blockchain to ensure low-latency processing, secure data management, and verifiable transactions. Using a discrete-event simulation framework, we analyze the behavior of the system under realistic workloads and time-varying traffic conditions. The model captures edge operations, including preprocessing and cryptographic tasks, as well as blockchain validation using Proof of Stake consensus. Several experiments explore saturation thresholds, resource utilization, and latency dynamics, under both synthetic and realistic traffic profiles. Results reveal how architectural bottlenecks shift depending on resource allocation and input rate, and demonstrate the importance of balanced dimensioning between edge and blockchain layers. © ECMS Marco Scarpa, Salvatore Cavalieri, Salvatore Serrano, Fabrizio De Vita (Editors) 2025.
2023
- DetailsCampanile, L., de Fazio, R., Di Giovanni, M., Marrone, S., Marulli, F., & Verde, L. (2023). Inferring Emotional Models from Human-Machine Speech Interactions [Conference paper]. Procedia Computer Science, 225, 1241–1250. https://doi.org/10.1016/j.procs.2023.10.112
Abstract
Human-Machine Interfaces (HMIs) are getting more and more important in a hyper-connected society. Traditional HMIs are built considering cognitive features while emotional ones are often neglected, bringing sometimes such interfaces to misuse. As a part of a long run research, oriented to the definition of an HMI engineering approach, this paper concretely proposes a method to build an emotional-aware explicit model of the user starting from the behaviour of the human with a virtual agent. The paper also proposes an instance of this model inference process in voice assistants in an automatic depression context, which can constitute the core phase to realize a Human Digital Twin of a patient. The case study generated a model composed of Fluid Stochastic Petri Net sub-models, achieved after the data analysis by a Support Vector Machine. © 2023 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0) - DetailsBobbio, A., Campanile, L., Gribaudo, M., Iacono, M., Marulli, F., & Mastroianni, M. (2023). A cyber warfare perspective on risks related to health IoT devices and contact tracing [Article]. Neural Computing and Applications, 35(19), 13823–13837. https://doi.org/10.1007/s00521-021-06720-1
Abstract
The wide use of IT resources to assess and manage the recent COVID-19 pandemic allows to increase the effectiveness of the countermeasures and the pervasiveness of monitoring and prevention. Unfortunately, the literature reports that IoT devices, a widely adopted technology for these applications, are characterized by security vulnerabilities that are difficult to manage at the state level. Comparable problems exist for related technologies that leverage smartphones, such as contact tracing applications, and non-medical health monitoring devices. In analogous situations, these vulnerabilities may be exploited in the cyber domain to overload the crisis management systems with false alarms and to interfere with the interests of target countries, with consequences on their economy and their political equilibria. In this paper we analyze the potential threat to an example subsystem to show how these influences may impact it and evaluate a possible consequence. © 2021, The Author(s), under exclusive licence to Springer-Verlag London Ltd., part of Springer Nature. - DetailsDi Giovanni, M., Campanile, L., D’Onofrio, A., Marrone, S., Marulli, F., Romoli, M., Sabbarese, C., & Verde, L. (2023). Supporting the Development of Digital Twins in Nuclear Waste Monitoring Systems [Conference paper]. Procedia Computer Science, 225, 3133–3142. https://doi.org/10.1016/j.procs.2023.10.307
Abstract
In a world whose attention to environmental and health problems is very high, the issue of properly managing nuclear waste is of a primary importance. Information and Communication Technologies have the due to support the definition of the next-generation plants for temporary storage of such wasting materials. This paper investigates on the adoption of one of the most cutting-edge techniques in computer science and engineering, i.e. Digital Twins, with the combination of other modern methods and technologies as Internet of Things, model-based and data-driven approaches. The result is the definition of a methodology able to support the construction of risk-aware facilities for storing nuclear waste. © 2023 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license (https://creativecommons.org/licenses/by-nc-nd/4.0) - DetailsConference Merging Model-Based and Data-Driven Approaches for Resilient Systems Digital Twins DesignCampanile, L., De Biase, M. S., De Fazio, R., Di Giovanni, M., Marulli, F., & Verde, L. (2023). Merging Model-Based and Data-Driven Approaches for Resilient Systems Digital Twins Design [Conference paper]. Proceedings of the 2023 IEEE International Conference on Cyber Security and Resilience, CSR 2023, 301–306. https://doi.org/10.1109/CSR57506.2023.10224945
Abstract
Nowadays, the problem of system robustness, es-pecially in critical infrastructures, is a challenging open question. Some systems provide crucial services continuously failing, threatening the availability of the provided services. By designing a robust architecture, this criticality could be overcome or limited, ensuring service continuity. The definition of a resilient system involves not only its architecture but also the methodology implemented for the calculation and analysis of some indices, quantifying system performance. This study provides an innovative architecture for Digital Twins implementation based on a hybrid methodology for improving the control system in realtime. The introduced approach brings together different techniques. In particular, the work combines the point of strengths of Model-based methods and Data-driven ones, aiming to improve system performances. © 2023 IEEE.
2022
- DetailsCampanile, L., Iacono, M., & Mastroianni, M. (2022). Towards privacy-aware software design in small and medium enterprises. Proceedings of the 2022 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2022. https://doi.org/10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927958
Abstract
The legal definition of privacy regulations, like GDPR in the European Union, significantly impacted on the way in which software, systems and organizations should be designed or maintained to be compliant to rules. While the privacy community stated proper risk assessment and mitigation approaches to be applied, literature seems to suggest that the software engineering community, with special reference to companies, did actually concentrate on the specification phase, with less attention for the test phase of products. In coherence with the privacy-by-design approach, we believe that a bigger methodological effort must be put in the systematic adaptation of software development cycles to privacy regulations, and that this effort might be promoted in the industrial community by focusing on the relation between organizational costs vs technical features, also leveraging the benefits of targeted testing as a mean to lower operational privacy enforcement costs. © 2022 IEEE. - DetailsCampanile, L., Forgione, F., Mastroianni, M., Palmiero, G., & Sanghez, C. (2022). Evaluating the Impact of Data Anonymization in a Machine Learning Application [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13380 LNCS, 389–400. https://doi.org/10.1007/978-3-031-10542-5_27
Abstract
The data protection impact assessment is used to verify the necessity, proportionality and risks of data processing. Our work is based on the data processed by the technical support of a Wireless Service Provider. The team of WISP tech support uses a machine learning system to predict failures. The goal of our the experiments was to evaluate the DPIA with personal data and without personal data. In fact, in a first scenario, the experiments were conducted using a machine learning application powered by non-anonymous personal data. Instead in the second scenario, the data was anonymized before feeding the machine learning system. In this article we evaluate how much the Data Protection Impact Assessment changes when moving from a scenario with raw data to a scenario with anonymized data. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG. - DetailsCampanile, L., Iacono, M., Marulli, F., Gribaudo, M., & Mastroianni, M. (2022). A DSL-based modeling approach for energy harvesting IoT/WSN [Conference paper]. Proceedings - European Council for Modelling and Simulation, ECMS, 2022-May, 317–323. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85130645195&partnerID=40&md5=f2d475b445f76d3b5f49752171c0fada
Abstract
The diffusion of intelligent services and the push for the integration of computing systems and services in the environment in which they operate require a constant sensing activity and the acquisition of different information from the environment and the users. Health monitoring, domotics, Industry 4.0 and environmental challenges leverage the availability of cost-effective sensing solutions that allow both the creation of knowledge bases and the automatic process of them, be it with algorithmic approaches or artificial intelligence solutions. The foundation of these solutions is given by the Internet of Things (IoT), and the substanding Wireless Sensor Networks (WSN) technology stack. Of course, design approaches are needed that enable defining efficient and effective sensing infrastructures, including energy related aspects. In this paper we present a Domain Specific Language for the design of energy aware WSN IoT solutions, that allows domain experts to define sensor network models that may be then analyzed by simulation-based or analytic techniques to evaluate the effect of task allocation and offioading and energy harvesting and utilization in the network. The language has been designed to leverage the SIMTHESys modeling framework and its multiformalism modeling evaluation features. ©ECMS Ibrahim A. Hameed, Agus Hasan, Saleh Abdel-Afou Alaliyat (Editors) 2022 - DetailsCampanile, L., Marrone, S., Marulli, F., & Verde, L. (2022). Challenges and Trends in Federated Learning for Well-being and Healthcare [Conference paper]. Procedia Computer Science, 207, 1144–1153. https://doi.org/10.1016/j.procs.2022.09.170
Abstract
Currently, research in Artificial Intelligence, both in Machine Learning and Deep Learning, paves the way for promising innovations in several areas. In healthcare, especially, where large amounts of quantitative and qualitative data are transferred to support studies and early diagnosis and monitoring of any diseases, potential security and privacy issues cannot be underestimated. Federated learning is an approach where privacy issues related to sensitive data management can be significantly reduced, due to the possibility to train algorithms without exchanging data. The main idea behind this approach is that learning models can be trained in a distributed way, where multiple devices or servers with decentralized data samples can provide their contributions without having to exchange their local data. Recent studies provided evidence that prototypes trained by adopting Federated Learning strategies are able to achieve reliable performance, thus by generating robust models without sharing data and, consequently, limiting the impact on security and privacy. This work propose a literature overview of Federated Learning approaches and systems, focusing on its application for healthcare. The main challenges, implications, issues and potentials of this approach in the healthcare are outlined. © 2022 The Authors. Published by Elsevier B.V. - DetailsConference Sensitive Information Detection Adopting Named Entity Recognition: A Proposed MethodologyCampanile, L., de Biase, M. S., Marrone, S., Marulli, F., Raimondo, M., & Verde, L. (2022). Sensitive Information Detection Adopting Named Entity Recognition: A Proposed Methodology [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13380 LNCS, 377–388. https://doi.org/10.1007/978-3-031-10542-5_26
Abstract
Protecting and safeguarding privacy has become increasingly important, especially in recent years. The increasing possibilities of acquiring and sharing personal information and data through digital devices and platforms, such as apps or social networks, have increased the risks of privacy breaches. In order to effectively respect and guarantee the privacy and protection of sensitive information, it is necessary to develop mechanisms capable of providing such guarantees automatically and reliably. In this paper we propose a methodology able to automatically recognize sensitive data. A Named Entity Recognition was used to identify appropriate entities. An improvement in the recognition of these entities is achieved by evaluating the words contained in an appropriate context window by assessing their similarity to words in a domain taxonomy. This, in fact, makes it possible to refine the labels of the recognized categories using a generic Named Entity Recognition. A preliminary evaluation of the reliability of the proposed approach was performed. In detail, texts of juridical documents written in Italian were analyzed. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG. - DetailsConference A Federated Consensus-Based Model for Enhancing Fake News and Misleading Information DebunkingMarulli, F., Verde, L., Marrore, S., & Campanile, L. (2022). A Federated Consensus-Based Model for Enhancing Fake News and Misleading Information Debunking [Conference paper]. Smart Innovation, Systems and Technologies, 309, 587–596. https://doi.org/10.1007/978-981-19-3444-5_50
Abstract
Misinformation and Fake News are hard to dislodge. According to experts on this phenomenon, to fight disinformation a less credulous public is needed; so, current AI techniques can support misleading information debunking, given the human tendency to believe “facts” that confirm biases. Much effort has been recently spent by the research community on this plague: several AI-based approaches for automatic detection and classification of Fake News have been proposed; unfortunately, Fake News producers have refined their ability in eluding automatic ML and DL-based detection systems. So, debunking false news represents an effective weapon to contrast the users’ reliance on false information. In this work, we propose a preliminary study aiming to approach the design of effective fake news debunking systems, harnessing two complementary federated approaches. We propose, firstly, a federation of independent classification systems to accomplish a debunking process, by applying a distributed consensus mechanism. Secondly, a federated learning task, involving several cooperating nodes, is accomplished, to obtain a unique merged model, including features of single participants models, trained on different and independent data fragments. This study is a preliminary work aiming to to point out the feasibility and the comparability of these proposed approaches, thus paving the way to an experimental campaign that will be performed on effective real data, thus providing an evidence for an effective and feasible model for detecting potential heterogeneous fake news. Debunking misleading information is mission critical to increase the awareness of facts on the part of news consumers. © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. - DetailsCampanile, L., Biase, M. S. de, Marrone, S., Raimondo, M., & Verde, L. (2022). On the Evaluation of BDD Requirements with Text-based Metrics: The ETCS-L3 Case Study [Conference paper]. Smart Innovation, Systems and Technologies, 309, 561–571. https://doi.org/10.1007/978-981-19-3444-5_48
Abstract
A proper requirement definition phase is of a paramount importance in software engineering. It is the first and prime mean to realize efficient and reliable systems. System requirements are usually formulated and expressed in natural language, given its universality and ease of communication and writing. Unfortunately, natural language can be a source of ambiguity, complexity and omissions, which may cause system failures. Among the different approaches proposed by the software engineering community, Behavioural-Driven Development (BDD) is affirming as a valid, practical method to structure effective and non-ambiguous requirement specifications. The paper tackles with the problem of measuring requirements in BDD by assessing some traditional Natural Language Processing-related metrics with respect to a sample excerpt of requirement specification rewritten according to the BDD criteria. This preliminary assessment is made on the ERTMS-ETCS Level 3 case study whose specification, up to this date, is not managed by a standardisation body. The paper demonstrates the necessity of novel metrics able to cope with the BDD specification paradigms. © 2022, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
2021
- DetailsBarbierato, E., Campanile, L., Gribaudo, M., Iacono, M., Mastroianni, M., & Nacchia, S. (2021). Performance evaluation for the design of a hybrid cloud based distance synchronous and asynchronous learning architecture [Article]. Simulation Modelling Practice and Theory, 109. https://doi.org/10.1016/j.simpat.2021.102303
Abstract
The COVID-19 emergency suddenly obliged schools and universities around the world to deliver on-line lectures and services. While the urgency of response resulted in a fast and massive adoption of standard, public on-line platforms, generally owned by big players in the digital services market, this does not sufficiently take into account privacy-related and security-related issues and potential legal problems about the legitimate exploitation of the intellectual rights about contents. However, the experience brought to attention a vast set of issues, which have been addressed by implementing these services by means of private platforms. This work presents a modeling and evaluation framework, defined on a set of high-level, management-oriented parameters and based on a Vectorial Auto Regressive Fractional (Integrated) Moving Average based approach, to support the design of distance learning architectures. The purpose of this framework is to help decision makers to evaluate the requirements and the costs of hybrid cloud technology solutions. Furthermore, it aims at providing a coarse grain reference organization integrating low-cost, long-term storage management services to implement a viable and accessible history feature for all materials. The proposed solution has been designed bearing in mind the ecosystem of Italian universities. A realistic case study has been shaped on the needs of an important, generalist, polycentric Italian university, where some of the authors of this paper work. © 2021 Elsevier B.V. - DetailsCampanile, L., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Designing a GDPR compliant blockchain-based IoV distributed information tracking system [Article]. Information Processing and Management, 58(3). https://doi.org/10.1016/j.ipm.2021.102511
Abstract
Blockchain technologies and distributed ledgers enable the design and implementation of trustable data logging systems that can be used by multiple parties to produce a non-repudiable database. The case of Internet of Vehicles may greatly benefit of such a possibility to track the chain of responsibility in case of accidents or damages due to bad or omitted maintenance, improving the safety of circulation and helping granting a correct handling of related legal issues. However, there are privacy issues that have to be considered, as tracked information potentially include data about private persons (position, personal habits), commercially relevant information (state of the fleet of a company, freight movement and related planning, logistic strategies), or even more critical knowledge (e.g., considering vehicles belonging to police, public authorities, governments or officers in sensible positions). In the European Union, all this information is covered by the General Data Protection Regulation (GDPR). In this paper we propose a reference model for a system that manages relevant information to show how blockchain can support GDPR compliant solutions for Internet of Vehicles, taking as a reference an integrated scenario based on Italy, and analyze a subset of its use cases to show its viability with reference to privacy issues. © 2021 Elsevier Ltd - DetailsCampanile, L., Cantiello, P., Iacono, M., Marulli, F., & Mastroianni, M. (2021). Risk Analysis of a GDPR-Compliant Deletion Technique for Consortium Blockchains Based on Pseudonymization [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 12956 LNCS, 3–14. https://doi.org/10.1007/978-3-030-87010-2_1
Abstract
Blockchains provide a valid and profitable support for the implementation of trustable and secure distributed ledgers, in support to groups of subjects that are potentially competitors in conflict of interest but need to share progressive information recording processes. Blockchains prevent data stored in blocks from being altered or deleted, but there are situations in which stored information must be deleted or made inaccessible on request or periodically, such as the ones in which GDPR is applicable. In this paper we present literature solutions and design an implementation in the context of a traffic management system for the Internet of Vehicles based on the Pseudonymization/Cryptography solution, evaluating its viability, its GDPR compliance and its level of risk. © 2021, Springer Nature Switzerland AG. - DetailsJournal Privacy regulations, smart roads, blockchain, and liability insurance: Putting technologies to workCampanile, L., Iacono, M., Levis, A. H., Marulli, F., & Mastroianni, M. (2021). Privacy regulations, smart roads, blockchain, and liability insurance: Putting technologies to work [Article]. IEEE Security and Privacy, 19(1), 34–43. https://doi.org/10.1109/MSEC.2020.3012059
Abstract
Smart streets promise widely available traffic information to help improve people’s safety. Unfortunately, gathering that data may threaten privacy. We describe an architecture that exploits a blockchain and the Internet of Vehicles and show its compliance with the General Data Protection Regulation. © 2003-2012 IEEE. - DetailsCampanile, L., Gribaudo, M., Iacono, M., & Mastroianni, M. (2021). Hybrid Simulation of Energy Management in IoT Edge Computing Surveillance Systems [Conference paper]. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 13104 LNCS, 345–359. https://doi.org/10.1007/978-3-030-91825-5_21
Abstract
Internet of Things (IoT) is a well established approach used for the implementation of surveillance systems that are suitable for monitoring large portions of territory. Current developments allow the design of battery powered IoT nodes that can communicate over the network with low energy requirements and locally perform some computing and coordination task, besides running sensing and related processing: it is thus possible to implement edge computing oriented solutions on IoT, if the design encompasses both hardware and software elements in terms of sensing, processing, computing, communications and routing energy costs as one of the quality indices of the system. In this paper we propose a modeling approach for edge computing IoT-based monitoring systems energy related characteristics, suitable for the analysis of energy levels of large battery powered monitoring systems with dynamic and reactive computing workloads. © 2021, Springer Nature Switzerland AG.
2020
- DetailsCampanile, L., Iacono, M., Marrone, S., & Mastroianni, M. (2020). On Performance Evaluation of Security Monitoring in Multitenant Cloud Applications [Article]. Electronic Notes in Theoretical Computer Science, 353, 107–127. https://doi.org/10.1016/j.entcs.2020.09.020
Abstract
In this paper we present a modeling approach suitable for practical evaluation of the delays that may affect security monitoring systems in (multitenant) cloud based architecture, and in general to support professionals in planning and evaluating relevant parameters in dealing with new designs or migration projects. The approach is based on modularity and multiformalism techniques to manage complexity and guide designers in an incremental process, to help transferring technical knowledge into modeling practice and to help easing the use of simulation. We present a case study based on a real experience, triggered by a new legal requirement that Italian Public Administration should comply about their datacenters. © 2020 The Author(s) - DetailsCampanile, L., Gribaudo, M., Iacono, M., & Mastroianni, M. (2020). Modelling performances of an autonomic router running under attack [Conference paper]. International Journal of Embedded Systems, 12(4), 458–466. https://doi.org/10.1504/IJES.2020.107645
Abstract
Modern warehouse-scale computing facilities, seamlessly enabled by virtualisation technologies, are based on thousands of independent computing nodes that are administered according to efficiency criteria that depend on workload. Networks play a pivotal role in these systems, as they are likely to be the performance bottleneck, and because of the high variability of data and management traffic. Because of the scale of the system, the prevalent network management model is based on autonomic networking, a paradigm based on self-regulation of the networking subsystem, that requires routers capable of adapting their policies to traffic by a local or global strategy. In this paper we focus on performance modelling of autonomic routers, to provide a simple, yet representative elementary performance model to provide a starting point for a comprehensive autonomic network modelling approach. The proposed model is used to evaluate the behaviour of a router under attack under realistic workload and parameters assumptions. Copyright © 2020 Inderscience Enterprises Ltd. - DetailsConference Privacy regulations challenges on data-centric and iot systems: A case study for smart vehiclesCampanile, L., Iacono, M., Marulli, F., & Mastroianni, M. (2020). Privacy regulations challenges on data-centric and iot systems: A case study for smart vehicles [Conference paper]. IoTBDS 2020 - Proceedings of the 5th International Conference on Internet of Things, Big Data and Security, 507–520. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85089476036&partnerID=40&md5=c18dd73c221ec312a330521bf03d332e
Abstract
Internet of Things (IoTs) services and data-centric systems allow smart and efficient information exchanging. Anyway, even if existing IoTs and cyber security architectures are enforcing, they are still vulnerable to security issues, as unauthorized access, data breaches, intrusions. They can’t provide yet sufficiently robust and secure solutions to be applied in a straightforward way, both for ensuring privacy preservation and trustworthiness of transmitted data, evenly preventing from its fraudulent and unauthorized usage. Such data potentially include critical information about persons’ privacy (locations, visited places, behaviors, goods, anagraphic data and health conditions). So, novel approaches for IoTs and data-centric security are needed. In this work, we address IoTs systems security problem focusing on the privacy preserving issue. Indeed, after the European Union introduced the General Data Protection Regulation (GDPR), privacy data protection is a mandatory requirement for systems producing and managing sensible users’ data. Starting from a case study for the Internet of Vehicles (IoVs), we performed a pilot study and DPIA assessment to analyze possible mitigation strategies for improving the compliance of IoTs based systems to GDPR requirements. Our preliminary results evidenced that the introduction of blockchains in IoTs systems architectures can improve significantly the compliance to privacy regulations. Copyright © 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved. - DetailsCampanile, L., Iacono, M., Marulli, F., & Mastroianni, M. (2020). A simulation study on a WSN for emergency management [Conference paper]. Proceedings - European Council for Modelling and Simulation, ECMS, 34(1), 384–392. https://www.scopus.com/inward/record.uri?eid=2-s2.0-85094937629&partnerID=40&md5=69ee7b771d76c72bd5012883b86e67ca
Abstract
Wireless Sensors Networks (WSN) are one of the ways to provide the communication infrastructure for advanced applications based on the Internet of Things (IoT) paradigm. IoT supports high level applications over WSN to provide services in a number of fields. WSN are also suitable to support critical applications, as the supporting technologies are consolidated and standard network services can be used on top of the specific layers. Furthermore, generic distributed or network-enabled software can be run over the nodes of a WSN. In this paper we evaluate and compare performances of IEEE 802.llg and 802.1 In, two implementations of the popular Wi-Fi technology, to support the deployment and utilization of an energy management support system, used to monitor the field by a team of firefighters during a mission. Evaluation on an example scenario is done by using ns-3, an open network simulator characterized by its realistic details, to understand the actual limitations of the two standards besides theoretical limits. © ECMS Mike Steglich, Christian Mueller, Gaby Neumann, Mathias Walther. - DetailsCampanile, L., Iacono, M., Martinelli, F., Marulli, F., Mastroianni, M., Mercaldo, F., & Santone, A. (2020). Towards the Use of Generative Adversarial Neural Networks to Attack Online Resources [Conference paper]. Advances in Intelligent Systems and Computing, 1150 AISC, 890–901. https://doi.org/10.1007/978-3-030-44038-1_81
Abstract
The role of remote resources, such as the ones provided by Cloud infrastructures, is of paramount importance for the implementation of cost effective, yet reliable software systems to provide services to third parties. Cost effectiveness is a direct consequence of a correct estimation of resource usage, to be able to define a budget and estimate the right price to put own services on the market. Attacks that overload resources with non legitimate requests, being them explicit attacks or just malicious, non harmful resource engagements, may push the use of Cloud resources beyond estimation, causing additional costs, or unexpected energy usage, or a lower overall quality of services, so intrusion detection devices or firewalls are set to avoid undesired accesses. We propose the use of Generative Adversarial Neural Networks (GANs) to setup a method for shaping request based attacks capable of reaching resources beyond defenses. The approach is studied by using a publicly available traffic data set, to test the concept and demonstrate its potential applications. © 2020, Springer Nature Switzerland AG.
2019
- DetailsGribaudo, M., Campanile, L., Iacono, M., & Mastroianni, M. (2019). Performance modeling and analysis of an autonomic router [Conference paper]. Proceedings - European Council for Modelling and Simulation, ECMS, 33(1), 441–447. https://doi.org/10.7148/2019-0441
Abstract
Modern networking is moving towards exploitation of autonomic features into networks to reduce management effort and compensate the increasing complexity of network infrastructures, e.g. in large computing facilities such the data centers that support cloud services delivery. Autonomicity provides the possibility of reacting to anomalies in network traffic by recognizing them and applying administrator defined reactions without the need for human intervention, obtaining a quicker response and easier adaptation to network dynamics, and letting administrators focus on general system-wide policies, rather than on each component of the infrastructure. The process of defining proper policies may benefit from adopting model-based design cycles, to get an estimation of their effects. In this paper we propose a model-based analysis approach of a simple autonomic router, using Stochastic Petri Nets, to evaluate the behavior of given policies designed to react to traffic workloads. The approach allows a detailed analysis of the dynamics of the policy and is suitable to be used in the preliminary phases of the design cycle for a Software Defined Networks compliant router control plane. ©ECMS Mauro Iacono, Francesco Palmieri, Marco Gribaudo, Massimo Ficco (Editors).