FARES

19th International Workshop on Frontiers in Availability, Reliability and Security
  • Date
    Jul 31, 2024
  • Location
    SR07
  • Duration
    13:15 — 16:45
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo
  • → Francesco Buccafurri
  • → Gianluca Lax

Accepted Paper

Enhancing Algorithmic Fairness: Integrative Approaches and Multi-Objective Optimization Application in Recidivism Models
Michael Farayola (Lero Research Centre, School of Computing, Dublin City University, Ireland), Malika Bendechache (Lero & ADAPT Research Centres, School of Computer Science, University of Galway, Ireland), Takfarinas Saber (Lero Reseach Centre, School of Computer Science, University of Galway, Ireland), Regina Connolly (Lero Research Centre, School of Business, Dublin City University, Ireland), Irina Tal (Lero Research Centre, School of Computing, Dublin City University, Ireland)
Full Paper
The fairness of Artificial Intelligence (AI) has gained tremendous attention within the criminal justice system in recent years, mainly when predicting the risk of recidivism. The primary reason is attributed to evidence of bias towards demographic groups when deploying these AI systems. Many proposed fairness-improving techniques applied at each of the three phases of the fairness pipelines, pre-processing, in-processing and post-processing phases, are often ineffective in mitigating the bias and attaining high predictive accuracy. This paper proposes a novel approach by integrating existing fairness-improving techniques: Reweighing, Adversarial Learning, Disparate Impact Remover, Exponential Gradient Reduction, Reject Option-based Classification, and Equalized Odds optimization across the three fairness pipelines simultaneously. We evaluate the effect of combining these fairness-improving techniques on enhancing fairness and attaining accuracy. In addition, this study uses multi- and bi-objective optimization techniques to provide and to make well-informed decisions when predicting the risk of recidivism. Our analysis found that one of the most effective combinations (i.e., disparate impact remover, adversarial learning, and equalized odds optimization) demonstrates a substantial enhancement and balances achievement in fairness through various metrics without a notable compromise in accuracy.
Workshop FARES
Modelling the privacy landscape of the Internet of Vehicles
Ruben Cacciato (University of Catania, Italy), Mario Raciti (IMT School for Advanced Studies Lucca, Italy), Sergio Esposito (University of Catania, Italy), Giampaolo Bella (University of Catania, Italy)
Full Paper
Within the dynamic realm of Intelligent Transportation Systems (ITS), the Internet of Vehicles (IoV) marks a significant paradigm shift. The IoV represents an interconnected network linking vehicles, infrastructures, and the Internet itself, driven by wireless communication technologies. This paper dissects the privacy landscapes of ITS and IoV, exploring gaps in standards and academic literature. Leveraging European Telecommunications Standards Institute (ETSI) ITS G5 standards and IoV analyses in literature, we build two relational models to depict their current privacy landscape. A contrastive analysis reveals structural disparities and thematic differences. ITS, governed by established standards, exhibits a robust structure, while IoV, in its nascent stage, lacks formalisation. Privacy concerns differ, with IoV emphasising user consent and multi-party privacy. Detailed analysis highlights data collection, sharing, and privacy policy challenges. As ITS transitions to IoV, data volume expands, necessitating enhanced privacy safeguards. Addressing these challenges requires collaborative efforts to develop comprehensive privacy policies, prioritise user awareness, and integrate privacy by design principles. This paper offers insights into navigating the evolving landscape of transportation technologies, laying the groundwork for privacy-preserving ITS and IoV ecosystems.
Workshop FARES
Toward a Log-based Anomaly Detection System for Cyber Range Platforms
Francesco Blefari (University of Calabria, Italy), Francesco Aurelio Pironti (University of Calabria, Italy), Angelo Furfaro (University of Calabria, Italy)
Full Paper
Nowadays, the Information Technology landscape is permeated by a multitude of vulnerabilities and threats. The constantly rising number of heterogeneous devices makes difficult or even impossible a complete mapping of all possible threats to which they are exposed. Antivirus and Anti-malware tools have been developed to quickly detect anomalous software or behaviors. However, these solutions often rely on a knowledge base stored in such a kind of database. They are not effective against unknown attacks, also known as zero-day attacks. By relying on real-time (network/system) log analysis it is possible to detect attacker activities.

The log analysis plays a crucial role against cyber threats providing an effective tool in order to detect them rapidly and build advanced monitoring systems. However, log consultation can often be a challenging and costly task. Over time, useful tools and utilities have been developed to simplify the task for analysts.

This paper presents a system capable to detect attackers' activities in a Cyber Range platform enabling the visualization of the attackers' activity traces exploiting the attack graph.
Workshop FARES
SBOM Ouverture: What We Need and What We Have
Gregorio Dalia (University of Sannio, Italy), Corrado Aaron Visaggio (University of Sannio, Italy), Andrea Di Sorbo (University of Sannio, Italy), Gerardo Canfora (University of Sannio, Italy)
Full Paper
A Software Bill of Materials (SBOM) is an inventory of the software components used to build a product, which can help customers track security risks throughout the development lifecycle. The popularity of SBOMs grew in May 2021 when the White House issued an executive order to improve the security of the software supply chain and the transparency of the government’s software inventory.

Although the growing interest in SBOM, many open challenges need to be addressed to help reduce exposure to cyber risks and enhance the security of software supply chains. To help the industry and research assemble the roadmap to achieve SBOM adoption in practice, in this paper, we analyze the challenges related to enabling technologies and the open issues that research must investigate. Furthermore, we perform a comparative analysis of the existing tools to generate SBOMs, demonstrating that the enabling technologies have not yet reached full automation and maturity.
Workshop FARES
Towards realistic problem-space adversarial attacks against machine learning in network intrusion detection
Marta Catillo (Università degli Studi del Sannio, Italy), Antonio Pecchia (Università degli Studi del Sannio, Italy), Antonio Repola (Università degli Studi del Sannio, Italy), Umberto Villano (Università degli Studi del Sannio, Italy)
Full Paper
Current trends in network intrusion detection systems (NIDS) capitalize on the extraction of features from the network traffic and the use of up-to-date machine and deep learning techniques to infer a detection model; in consequence, NIDS can be vulnerable to adversarial attacks. Differently from the plethora of contributions that apply (and misuse) feature-level attacks envisioned in application domains far from NIDS, this paper proposes a novel approach to adversarial attacks, which consists in a realistic problem-space perturbation of the network traffic. The perturbation is achieved through a traffic control utility. Experiments are based on normal and Denial of Service workloads in both legitimate and adversarial conditions, and the application of four popular techniques to learn the NIDS models. The results highlight the transferability of the adversarial examples generated by the proposed problem-space attack as well as the effectiveness at inducing traffic misclassifications across the NIDS models assessed.
Workshop FARES
The Right to Be Zero-Knowledge Forgotten
Ivan Visconti (DIEM, University of Salerno, Italy)
Full Paper
The main goal of the EU GDPR is to protect personal data of individuals within the EU. This is expressed in several rights and, among them, in this work we focus on the Right to Erasure, more commonly known as the Right to Be Forgotten (RtBF).

There is an intriguing debate about the affordable costs and the actual technical feasibility of satisfying the RtBF in digital platforms. We note that some digital platforms process personal data in order to derive and store correlated data raising two main issues: 1) removing personal data could create inconsistencies in the remaining correlated data; 2) correlated data could also be personal data. As such, in some cases, erasing personal data can trigger an avalanche on the remaining information stored in the platform.

Addressing the above issues can be very challenging in particular when a digital platform has been originally built without embedding in its design specific methodologies to deal with the RtBF.

This work aims at illustrating concrete scenarios where the RtBF is technically hard to guarantee with traditional techniques. On the positive side, we show how zero-knowledge (ZK) proofs can be leveraged to design affordable solutions in various use cases, especially when considered at design time. ZK proofs can be instrumental

for compliance to the RtBF revolutionizing the current approaches to design compliant systems. Concretely, we show an assessment scheme allowing to check compliance with th RtBF leveraging the power of ZK proofs. We analyze the above assessment scheme considering specific hard-to-address use cases.
Workshop FARES
On Implementing Linear Regression on Homomorphically Encrypted Data: A Case-Study
Gianluca Dini (University of Pisa, Italy)
Full Paper
Fully Homomorphic Encryption (FHE) is a key technological enabler for secure computations as it allows a third-party to perform arbitrary computations on encrypted data learning neither the input nor the results of a computation. Notwithstanding the recent theoretical breakthroughs in FHE, building a secure and efficient FHE-based application is still a challenging engineering task where optimal choices are heavily application-dependent.

Taking linear regression as a case-study, we investigate the programming and configuration solutions to implement FHE-based applications. We show that, although obviously slower than the non-homomorphic version, the implementation of linear regression on homomorphically encrypted data is viable provided the programmer adopts appropriate programming expedients and parameters selection.
Workshop FARES
A Systematic Review of Contemporary Applications of Privacy-Aware Graph Neural Networks in Smart Cities
Jingyan Zhang (Dublin City University, Ireland), Irina Tal (Dublin City University, Ireland)
Full Paper
In smart cities, graph embedding technologies, Graph Neural Networks (GNNs), and related variants are extensively employed to address predictive tasks within complex urban networks, such as traffic management, the Internet of Things (IoT), and public safety. These implementations frequently require processing substantial personal information and topological details in graph formats, thereby raising significant privacy concerns. Mitigating these concerns necessitates an in-depth analysis of existing privacy preservation techniques integrated with GNNs in the specific context of smart cities. To this end, this paper provides a comprehensive systematic review of current applications of privacy-aware GNNs in smart cities.

Our research commenced with a methodical literature search that identified 14 pertinent papers and summarized prevalent privacy preservation mechanisms, including federated learning, differential privacy, homomorphic encryption, adversarial learning, and user-trust-based approaches. Subsequent analysis examined how the integration of these technologies with GNNs enhances privacy security and model utility in smart city applications. Further, we proposed an analytical framework for privacy-aware GNNs across the machine learning lifecycle, assessing the challenges of current integration from a practical viewpoint. The paper concluded by suggesting potential directions for future research.
Workshop FARES

Detail FARES 02/06

Topics of interest include, but are not limited to 03/06

  • Reliability Models and Failure Prevention
  • Intrusion Detection and Fraud Detection
  • Dependability Requirement Engineering
  • Dependability Modelling and Prediction
  • Standards, Guidelines and Certification
  • Database and Datawarehouse Security
  • Secure Enterprise Information System
  • Network/Software/Database Security
  • Trust Models and Trust Management
  • Risk Planning, Analysis & Awareness
  • Survivability of Computing Systems
  • Authentication and Access Control
  • Security aspects in E-Government
  • Applied Tools and Applications
  • Legal and economic aspects
  • Security Models / Methods
  • Security and privacy issues
  • Data Analysis and Security
  • Availability and Reliability
  • Social Network Security
  • Usability and Security
  • Identity Management
  • Digital Forensics
  • Web Security
  • Grid Security
  • Blockchain

Workshop Chairs 04/06

Workshop Chairs

Workshop Chairs Logo
Francesco Buccafurri
Università Mediterranea di Reggio Calabria, Italy
Workshop Chairs Logo
Gianluca Lax
Università Mediterranea di Reggio Calabria, Italy

Program Committee

Vincenzo De Angelis | Università Mediterranea di Reggio Calabria, Italy
Eduardo B. Fernandez | Florida Atlantic University, US
Marco Fisichella | L3S Research Center of Leibniz University, Germany
Giorgio Giacinto | Università di Cagliari, Italy
Wolfgang Hommel | Universität der Bundeswehr München, Germany
Ismail Khalil | Johannes Kepler University Linz, Austria
Sara Lazzaro | Università Mediterranea di Reggio Calabria, Italy
Valderi R. Q. Leithardt | Lisbon School of Engineering (ISEL), Polytechnic University of Lisbon (IPL), Portugal
Lorenzo Musarella | Università Mediterranea di Reggio Calabria, Italy
Roberto Nardone | Università degli Studi di Napoli PARTHENOPE, Italy
Amir Sharif | Fondazione Bruno Kessler, Italy

Submission 05/06

Important Dates

Extended Submission Deadline May 12, 2024
Author Notification May 29, 2024
Proceedings Version Jun 18, 2024
Conference Jul 30 — Aug 02, 2024

06/06

Register here!
Join us at ARES 2024 in Vienna, Austria