Gerardo Pelosi

ABSTRACT Data outsourcing has recently emerged as a successful solution allowing individuals and organizations to delegate data and service management to external third parties. A major challenge in the data outsourcing scenario is how to guarantee proper privacy protection against the external server. Recent promising approaches rely on the organization of data in indexing structures that use encryption and the dynamic allocation of encrypted data to physical blocks for destroying the otherwise static relationship between data and the blocks in which they are stored. However, dynamic data allocation implies the need to re-write blocks at every read access, thus requesting exclusive locks that can affect concurrency. Also, these solutions only support search conditions on the values of the attribute used for building the indexing structure.In this paper, we present an approach that overcomes such limitations by extending the recently proposed shuffle index structure with support for concurrency and multiple indexes. Support for concurrency relies on the use of several differential versions of the data index that are periodically reconciled and applied to the main data structure. Support for multiple indexes relies on the definition of secondary shuffle indexes that are then combined with the primary index in a single data structure whose content and allocation is unintelligible to the server. We show how using such differential versions and combined index structure guarantees privacy, provides support for concurrent accesses and multiple search conditions, and considerably increases the performance of the system and the applicability of the proposed solution.

ABSTRACT The modern trend toward heterogeneous many-core architectures has led to high architectural diversity in both high performance and high-end embedded systems. To effectively exploit the computational resources of such a wide range of architectures, programming languages and APIs such as OpenCL have become increasingly popular. Although OpenCL provides functional code portability and the ability to fine tune the application to the target hardware, providing performance portability is still an open problem. Thus, many research works have investigated the optimization of specific combinations of application and target platform. In this paper, we aim at leveraging the experience obtained in the implementation of algorithms from the cryptography domain to provide a set of guidelines for modern many-core heterogeneous architecture performance portability and to establish a base on which domain-specific languages and compiler transformations could be built in the near future. We study algorithmic choices and the effect of compiler transformations on three representative applications in the chosen domain on a set of seven target platforms. To estimate how well the application fits the architecture, we define a metric of computational intensity both for the architecture and the application implementation. Besides being useful to compare either different implementation or algorithmic choices and their fitness to a specific architecture, it can also be useful to the compiler to guide the code optimization process. Copyright © 2014 John Wiley & Sons, Ltd.

Adding digital intelligence and two-way functionalities to the power grid is one of the most flourishing topics in both academic and public institution communities. Efficiency, improved reliability and safety are the benefits promised by the new smart grid at the price of privacy and security challenges which are only in part similar to the security issues of IT networks. We survey the current grid architecture and the relation among the smart grid operators to analyze the security and privacy threats which needs to be addressed to secure the smart grid digital infrastructure.

ABSTRACT The automatic identification of security vulnerabilities is a critical issue in the development of web-based applications. We present a methodology and tool for vulnerability identification based on symbolic code execution exploiting Static Taint Analysis to improve the efficiency of the analysis. The tool targets PHP web applications, and demonstrates the effectiveness of our approach in identifying cross-site scripting and SQL injection vulnerabilities on both NIST synthetic benchmarks and real world applications. It proves to be faster and more effective than its main competitors, both open source and commercial.

ABSTRACT In this paper, we face the problem of P-equivalence Boolean match-ing. We outline a formal framework that unifies some of the canon-ical form-based approaches to the problem. As a first major contribution, we show how these approaches are particular ...

Applications for Location-based Services (LBS) are becoming more and more popular. However, the continuous access to the wireless internet to get map tiles from servers can significantly affect the quality of the user experience, or might be too expensive. In this paper, we present SMaC, Spatial Map Caching, a caching technique devised for storing map tiles on the secondary memory