Luigi Catuogno scite author profile

Package management systems play an essential role in pursuing systems dependability by ensuring that software is correctly installed and kept up-to-date according to vendor-defined installation policies. Circumventing such policies could make the system unhealthy and insecure and can constitute a serious security threat. In many application scenarios, e.g., distribution of commercial software, the confidentiality of the software must be guaranteed against non-authorized players. In some cases, the installation policy itself is considered a sensitive information, e.g., when it reveals required hardware in military contexts. In this paper we address the problem of strongly enforcing software dependencies in package management systems, to prevent that a malicious user forces the system to install any package despite its requirements are not completely fulfilled. The enforcement is strong in the sense that the encrypted software package cannot be even decrypted if the dependencies are not satisfied. Once a new package is decrypted and installed, our protocol non-interactively updates the key material on the target device. This key update will allow the decryption of further packages that depend on the newly installed one. We further present “policy-hiding” variants of our protocol. Finally we provide an experimental evaluation of the system performance

show abstract

A honeypot system with honeyword-driven fake interactive sessions

Catuogno

Castiglione

Palmieri

2015

View full text Add to dashboard Cite

Achieving interoperability between federated identity management systems: A case of study

Catuogno

Galdi

2014

View full text Add to dashboard Cite

User authentication schemes have been a key research topic in the field of data security for decades. Such schemes are evaluated according to at least two parameters: security and usability. Since a number of secure and usable authentication schemes are available, each institution can select the scheme that is considered to be most appropriate for its security policy. Such a per-site system selection has the following feature: each site has to authorize each user that tries to access its resources. In a world in which users mobility is growing, the feature we have just described forces a huge overhead; both from the site's viewpoint and the users' viewpoint, since each user needs to store different credentials for each site she accesses to.Federated authentication allows users to use their home authentication credentials for gaining access to other institutions services while moving among different institutions. Different federated authentication systems have been designed and implemented. Despite simplified users mobility, one key problem in this area is that, often, different authentication systems do not cooperate or provide a limited interoperability. In this paper we discuss the problem of achieving full interoperability among Federated Identity Management Systems and present, as proof-ofconcept, a solution to allow full communication between two federated authentication systems, Shibboleth a de facto standard in this context, and PAPI (Point of Access to Providers of Information). Such a solution leverages an intermediate bridge which joins both federations and features protocols translation during cross-federation Authentication/Authorization (AA) sessions.

show abstract

An Architecture for Kernel-Level Verification of Executables at Run Time

Catuogno¹

2004

The Computer Journal

View full text Add to dashboard Cite

Digital signatures have been proposed by several researchers as a way of preventing execution of malicious code. In this paper we propose a general architecture for performing the signature verification as part of the kernel execution process. The proposed architecture does not require any change in the interpreters used to execute code and it can accommodate any executable format. We also report on our implementation for the Linux operating system that focuses on ELF and script executables. Experimental results show that our solution is of potential interest as virtually no slowdown is experienced in the execution.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Luigi Catuogno

Trusted Virtual Domains – Design, Implementation and Lessons Learned

Secure Dependency Enforcement in Package Management Systems

A honeypot system with honeyword-driven fake interactive sessions

Achieving interoperability between federated identity management systems: A case of study

An Architecture for Kernel-Level Verification of Executables at Run Time

Contact Info

Product

Resources

About