Ricerc@Sapienza

In the past, cyber defences of an organization were mainly focused on the protection from attackers coming the outside.
However, many recent stories (e.g., equation group, Snowden case etc) show that organizations need to consider that the enemy can be already inside their boundaries and that he/she can act from the inside directly on IT systems.
Cyber defence has thus to act like the immune system of an organism: preventing, tolerating, identifying, and destroying pathogens. A protection system should do three basic things: (i) intruders detection, (ii) support the correct delivery of digital services (also when an infection is spreading) and (iii) prevent new intruders from breaking cyber space defences.
In addition, to increase the cyber defence, security aspects must be considered also at design time trying to define systems able to tolerate the presence of an attacker.

The project will focus mainly on the analysis and definition of models, algorithms, and techniques to increase the security level of a given organization and to efficiently and effectively respond in case of a cyber attack. In particular, we will consider security requirements also in the design phase of the system by defining and implementing basic building blocks able to tolerate the presence of a limited number of intruders in the system. Then, we will focus on monitoring, detection and reaction mechanism to cope with possible attackers not considered at design time.

We will define several profiles of attackers (i.e., attack models) and then we will design architectures and algorithms to let the system survive to attacks.

We will also define a visual analytic environment to support security operators in their duties both at design and runtime. In particular, we will provide a support that will contribute to raising the operator situation awareness helping him/her in actuating the best response to a certain attack scenario.