Current Projects

  • ESCUDO-CLOUD

    ESCUDO-CLOUD logo
    Cloud computing is increasingly a necessary strategical ICT infrastructure component for European companies to successfully compete in the world-wide economy. The advantages of renting ICT infrastructures, platforms, and services, with easy access to scalability and elasticity, are driving an ever accelerating transfer toward the cloud of data and applications. Unfortunately, such a convenience comes at the price of the data owners losing control over their own data and any consequent misuse or security threats on them, which often limit the owner's adoption of the cloud's potential capabilities. On one hand, cloud providers can be assumed to employ basic security mechanisms for protecting data in storage, processing, and communication, devoting resources to ensure security that many medium and small companies may not be able to afford. On the other hand, data owners, when relying on the cloud, lose control over data and their processing, hence leaving them potentially exposed. Today data owners have to choose between having security but limited functionality or fully enjoying functionality but compromising on security and privacy guarantees. This situation has a strong detrimental impact on the adoption and acceptability of cloud services. Data owners may refrain from relying on the cloud for certain data, which they consider more sensitive or critical, or they use the cloud but remain exposed to the consequences of improper protection and control. The goal of ESCUDO is to empower data owners as first class citizens of the cloud. ESCUDO provides effective and deployable solutions allowing data owners to maintain control over their data when relying on Cloud Service Providers (CSPs) for data storage, processing, and management, without sacrificing on functionality. ESCUDO consortium sees the participation of major industry players in the cloud area, and of an innovative SME, contributing real-world use cases, and providing strong exploitation and impact. [more]

Past Projects

  • PrimeLife

    PrimeLife logo
    In their daily interaction over the Internet, individuals contribute throughout their life leaving a life-long trail of personal data. Technological advances facilitate extensive data collection, unlimited storage and reuse of the individual's digital interactions. Today, individuals cannot protect their autonomy and cannot retain control over personal information, irrespective of their activities, as present information technologies hardly consider these requirements. This raises substantial new privacy challenges: how to protect privacy in emerging Internet applications such as collaborative scenarios and virtual communities; and how to maintain life-long privacy.
    PrimeLife will address the core privacy and trust issues pertaining to the aforementioned challenges. Its long-term vision is to counter the trend to life-long personal data trails without compromising on functionality. It will build upon and expand the FP6 project Prime that has shown how privacy technologies can enable citizens to execute their legal rights to control personal information in on-line transactions. The main objective of the project is to bring sustainable privacy and identity management to future networks and services:
    • fundamentally understand privacy-enhancing identity management ‘for life' (practical life, throughout life & beyond);
    • bring Privacy to the Web and its Applications;
    • develop and make tools for privacy friendly identity management widely available -privacy live!

    Resolving these issues requires substantial progress in many underlying technologies. PrimeLife will substantially advance the state of the art in the areas of human computer interfaces, configurable policy languages, web service federations, infrastructures and privacy-enhancing cryptography. It will also ensure that the community at large adopts the results of the project by working with the relevant Open Source communities, standardization bodies and relevant partner's projects. It will further organize workshops to transfer technologies and concepts. [more]
  • Prime

    Prime logo
    PRIME aims to develop a working prototype of a privacy-enhancing Identity Management System. To foster market adoption, novel solutions for managing identities will be demonstrated in challenging real-world scenarios, e.g., from Internet Communication, Airline and Airport Passenger Processes, Location-Based Services and Collaborative e-Learning. [more]
  • P2PRep

    P2PRep logo
    The P2PRep is a combined project of the Security Group of Università di Milano and Politecnico di Milano. It is an approach to P2P security where servents can keep track, and share with others, information about the reputation of their peers. The approach nicely complements the existing P2P protocols (in particular Gnutella) and has a limited impact on current implementations. The model has been implemented and a prototype has been developed in Java.
  • Encrypted Databases

    The Encrypted Databases is a project funded by the Italian Ministry of Research (MIUR) and involves three Universities: Università degli Studi di Milano, Università di Bergamo, and Università di Salerno.
    In many organizations the evolution of the information system is evolving to a distributed architecture where many functions are outsourced to external entities. Today the great majority of accesses to the Internet occurs through the services of an Internet Service Provider (ISP); Application Service Providers (ASP) promise to extend the service and opportunities for the outsourcing of the functionality of the information system. At the same time, in the general economic context, the value for a company of the information it keeps into its information system is continuously increasing. In many instances, most of the wealth of an organization resides in the information stored within its databases, and a loss of integrity or confidentiality of this information is a threat to the organization survival.
    ASPs are typically able to offer an efficient realization of the services, with guarantees on reliability, availability and protection from access by outsiders. But, the same approach intrinsically raises in data owners concerns on the protection from access to their confidential information by ASP insiders. Currently, the protection is not based on technical solutions, but on the enforcement of contractual obligations; a critical aspect is the reputation that the ASP has gained in the management of client information.
    Cryptography would permit to obtain a guarantee on the protection of confidentiality that does not require trust in the subject managing the information. The use of cryptography then promises to support the realization of a wider market for services, since the provider does not have to demonstrate a strong reputation to store sensitive data. This would make the approach an important option in the design of any information system.
    Considering the architecture of the software system, the right level to introduce cryptography is at the database access level. The first alternative ais to use cryptography at a lower level, in practice using a service provider as a remote storage device, but for typical applications this would require to bring to the client for every access a considerable amount of information. The use of cryptography at a higher level conflicts with the need for most operations to have access to the clear-text value of the data in order to process it. The use of a remote database server where the stored information is encrypted promises to offer efficient access within current applications, with no loss of confidentiality.
    The goal of the project is then to study the technical and methodological issues that arise in the use of the "database as a service" (DAS) paradigm, proposing solutions that will permit the adoption of the paradigm in many situations. Indeed, there are many open problems to solve before the DAS paradigm can see a wide adoption. We plan to focus the research on the major obstacles. We will explore the loss of confidentiality that derives from the observation of the structure of the encrypted representation of the database. Also, we will consider the management of distinct access profiles, designing techniques that will realize an access control model for this context. We will focus on the integration of the DAS paradigm within current database technology, designing an approach that will permit the construction of a database module accessing the remote encrypted database. Finally, we will focus on the implementation of an open source prototype, which will allow the verification of the behavior of all the components.
  • Fine-Grained Access Control for Social Networking

    Fine-Grained Access Control for Social Networking logo
    Users are more and more using the Internet as a means to publish and disseminate their own resources and reach out to their peers. The possibility of relying on external cloud services for storing, sharing, and retrieving resources brings users unprecedented advantages in terms of convenience and easiness of access to information anywhere anytime. The cloud is today not a selected privilege for a few, but has the promise of becoming a reality for the everyday person, whose personal life is becoming more and more digitalized. At the other side of the coin of the convenience brought by such a pervasiveness lay the privacy concerns that understandably worry the users as well as privacy advocates and authorities. National legislators and the European Union are calling for legislative measures to regulate access, use, management, and dissemination of personal information for ensuring users’ privacy be properly protected. The EU’s data protection reform is an example of such measures that responds to the novel privacy issues arising with the rapid diffusion of new technologies and services such as social networking sites, cloud computing, and location-based services. The main goal of this project is to pull down the barriers that often inhibit users from using online services and from sharing their information, which are often due to the lack of assurance that their personal information is appropriately protected from privacy breaches. We will define concrete solutions for allowing users to regulate the visibility of their data shared and disseminated using social networks.
  • Data-Centric Genomic Computing (GenData 2020)

    Data-Centric Genomic Computing (GenData 2020) logo
    GenData 2020 is a project funded by the Italian Ministry of Research (MIUR) and involves nine Universities: Università degli Studi Roma Tre, Politecnico di Torino, Politecnico di Milano, Università degli Studi di Bologna, Università degli Studi di Salerno, Università degli Studi Roma "La Sapienza", Università degli Studi di Bergamo, Università della Calabria, Università degli Studi di Milano.
    The main objective of GenData 2020 is the design of novel and advanced technological solutions for supporting the next-generation healthcare systems. In this project, the unit of the Università degli Studi di Milano (UNIMI) will focus on the privacy and security aspects that are key factors for the successful integration of genomics in healthcare: How do we ensure that our sensitive genomic data remain properly protected? How do we guarantee that the privacy of the individuals participating in medical studies is preserved? How do we guarantee that genomic data are accessed and used only by authorized parties? UNIMI will provide an answer to these and other questions by developing innovative solutions covering the different security and privacy issues related to the storage, collection, dissemination, and processing of genomic data. [more]