Big data management is a key enabling factor for enterprises that want to compete in the global market. Data coming from enterprise production processes, if properly analyzed, can provide boost and optimization, guaranteeing faster better customer management, lower overheads/costs. Guaranteeing proper big pipeline holy grail of data, often opposed by difficulty evaluating correctness results. This problem even worse when pipelines are provided as service cloud, must comply with both laws...

Machine learning is becoming ubiquitous. From finance to medicine, machine models are boosting decision/making processes and even outperforming humans in some tasks. This huge progress terms of prediction quality does not however find a counterpart the security such corresponding predictions, where perturbations fractions training set (poisoning) can seriously undermine model accuracy. Research on poisoning attacks defenses received increasing attention last decade, leading several promising...

The major aim of this paper is to explain the data poisoning attacks using label-flipping during training stage electroencephalogram (EEG) signal-based human emotion evaluation systems deploying Machine Learning models from attackers' perspective. Human EEG signals has consistently attracted a lot research attention. identification emotional states based on effective detect potential internal threats caused by insider individuals. Nevertheless, have shown several vulnerabilities poison...

Machine Learning (ML) is increasingly used to implement advanced applications with non-deterministic behavior, which operate on the cloud-edge continuum. The pervasive adoption of ML urgently calling for assurance solutions assessing non-functional properties (e.g., fairness, robustness, privacy) aim improve their trustworthiness. Certification has been clearly identified by policymakers, regulators, and industrial stakeholders as preferred technique address this pressing need....

The cloud computing has deeply changed how distributed systems are engineered, leading to the proliferation of ever/evolving and complex environments, where legacy systems, microservices, nanoservices coexist. These services can severely impact on individuals' security safety, introducing need solutions that properly assess verify their correct behavior. Security assurance stands out as way address such pressing needs, with certification techniques being used certify a given service holds...

The huge progress of ICT is radically changing distributed systems at their roots, modifying operation and engineering practices introducing new non-functional (e.g., security safety) risks. These risks are amplified by the crucial role played machine learning, on one side, pervasive involvement users in system operation, other side. Certification techniques have been largely adopted to reduce above risks, though recent evolution towards cloud-edge, IoT, 5G, learning severely hindered...

In the last two decades, multiple ICT evolutions boosted ability to collect and analyze vast amounts of data (on order Zettabytes). Collectively, they paved way for so-called economy, revolutionizing most sectors our society, including healthcare, transportation, grids. At core this revolution, distributed data-intensive applications compose services operated by parties in cloud-edge continuum; process, manage exchange massive at an unprecedented rate. However, hold little value without...

Abstract Recent advances in artificial intelligence (AI) are radically changing how systems and applications designed developed. In this context, new requirements regulations emerge, such as the AI Act, placing increasing focus on strict non-functional requirements, privacy robustness, they verified. Certification is considered most suitable solution for verification of modern distributed systems, increasingly pushed forward AI-based applications. paper, we present a novel dynamic malware...

The advent of cloud computing and Internet Things (IoT) has deeply changed the design operation IT systems, affecting mature concepts like trust, security, privacy. benefits in terms new services applications come at a price fundamental risks, need adapting risk management frameworks to properly understand address them. While research on is an established practice that dates back 90s, many existing do not even close intrinsic complexity heterogeneity modern systems. They rather target static...

Most recent studies have shown several vulnerabilities to attacks with the potential jeopardize integrity of model, opening in a few years new window opportunity terms cyber-security. The main interest this paper is directed towards data poisoning involving label-flipping, kind occur during training phase, being aim attacker compromise targeted machine learning model by drastically reducing overall accuracy and/or achieving missclassification determined samples. This conducted intention...

Security assurance provides a wealth of techniques to demonstrate that target system holds some nonfunctional properties and behaves as expected.These have been recently applied the cloud ecosystem, while encountering critical issues reduced their benefit when hybrid systems, mixing public private infrastructures, are considered.In this paper, we present new framework evaluates trustworthiness from traditional networks clouds.It implements an process relies on Virtual Private Network...

Current distributed systems increasingly rely on hybrid architectures built top of IoT, edge, and cloud, backed by dynamically configurable networking technologies like 5G. In this complex environment, traditional security governance solutions cannot provide the holistic view needed to manage these in an effective efficient way. paper, we propose a assurance framework for edge IoT based advanced architecture capable dealing with 5G-native applications.

While certification is widely recognized as a means to increase system trustworthiness and reduce uncertainty in decision making, it faces severe challenges preventing wider adoption thereof. Certification not adequately planned integrated within the development process, leading suboptimal scenarios where introduces need further modify developed with high costs. We propose methodology that bridges gap between software processes. Our automatically produces requirements driving all steps of...

Today big data pipelines are increasingly adopted by service applications representing a key enabler for enterprises to compete in the global market. However, management of non-functional aspects pipeline (e.g., security, privacy) is still its infancy. As consequence, while functionally appealing, does not provide transparent environment, impairing users' ability evaluate behavior. In this paper, we propose security assurance methodology grounded on DevSecOps development paradigm increase...