Federica Paci scite author profile

Cyber attacks are increasing in number and sophistication, causing organisations to continuously adapt management strategies for cyber security risks. As a key risk mitigation policy, organisations are investing in professional training courses for their employees to raise awareness on cyber attacks and related defences. Serious games have emerged as a new approach that can complement instruction-led or computer-based security training by providing a fun environment where players learn and practice cyber security concepts through the game. In this paper we propose Riskio, a tabletop game to increase cyber security awareness for people with no-technical background working in organisations. Riskio provides an active learning environment where players build knowledge on cyber security attacks and defences by playing both the role of the attacker and the defender of critical assets in a fictitious organisation.

show abstract

Security for Web Services and Service-Oriented Architectures

Bertino

Martino

Paci

et al. 2010

View full text Add to dashboard Cite

Access control in Internet-of-Things: A survey

Ravidas

Lekidis

Paci

et al. 2019

Journal of Network and Computer Applications

111

View full text Add to dashboard Cite

A privacy-preserving approach to policy-based content dissemination

Shang

Nabeel

Paci

et al. 2010

View full text Add to dashboard Cite

We propose a novel scheme for selective distribution of content, encoded as documents, that preserves the privacy of the users to whom the documents are delivered and is based on an efficient and novel group key management scheme.Our document broadcasting approach is based on access control policies specifying which users can access which documents, or subdocuments. Based on such policies, a broadcast document is segmented into multiple subdocuments, each encrypted with a different key. In line with modern attribute-based access control, policies are specified against identity attributes of users. However our broadcasting approach is privacy-preserving in that users are granted access to a specific document, or subdocument, according to the policies without the need of providing in clear information about their identity attributes to the document publisher. Under our approach, not only does the document publisher not learn the values of the identity attributes of users, but it also does not learn which policy conditions are verified by which users, thus inferences about the values of identity attributes are prevented. Moreover, our key management scheme on which the proposed broadcasting approach is based is efficient in that it does not require to send the decryption keys to the users along with the encrypted document. Users are able to reconstruct the keys to decrypt the authorized portions of a document based on subscription information they have received from the document publisher. The scheme also efficiently handles new subscription of users and revocation of subscriptions.

show abstract

An experiment on comparing textual vs. visual industrial methods for security risk assessment

Labunets

Paci

Massacci

et al. 2014

View full text Add to dashboard Cite

An Experimental Comparison of Two Risk-Based Security Methods

Labunets

Massacci

Paci

et al. 2013

View full text Add to dashboard Cite

Access Control and Authorization Constraints for WS-BPEL

Bertino

Crampton

Paci

2006

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Federica Paci

Collective privacy management in social networks

Riskio: A Serious Game for Cyber Security Awareness and Education

Security for Web Services and Service-Oriented Architectures

Access control in Internet-of-Things: A survey

A privacy-preserving approach to policy-based content dissemination

An experiment on comparing textual vs. visual industrial methods for security risk assessment

An Experimental Comparison of Two Risk-Based Security Methods

Access Control and Authorization Constraints for WS-BPEL

Contact Info

Product

Resources

About