Current Projects


    SERICS logo
    Spoke 10: Data Governance and Protection. Modern digital society is based, and will increasingly be based, on the gathering, sharing, and analysis of large collections of data, with clear benefits, from the personal, to the business, research, and social domains. The full realization of a digital society based on data can only happen if there is trust in the security and privacy of such data, and therefore if solutions that guarantee correct protection and use of data are available. Data protection laws and regulations impose restrictions that limit the use of data, and individuals, as well as companies, demand compliance with their protection requirements and the assurance of effective protection of their data. Spoke 10 responds to this need by empowering the various actors involved in data sharing and using scenarios with control over their data, supporting data sharing in a selective and secure way, at the same time guaranteeing functionality, efficiency, and scalability. The data protection solutions developed within Spoke 10 will enable and encourage new application scenarios and introduce new opportunities for data sharing, in a controlled way, in compliance with privacy and access restrictions and guarantee integrity of the data and the results of the analyses. Spoke 10 will therefore contribute to a true and full realization of digital sovereignty. [more]

    Big data analytics collects, examines and analyses large amounts of data. To extract insights from this data, it must flow seamlessly between edges and clouds across a broad range of work locations and environments. This process consumes a lot of energy. As a result, national grids generate considerable carbon emissions. The EU-funded GLACIATION project aims to develop a novel distributed knowledge graph that stretches across the edge-core-cloud architecture. Knowledge graphs are a flexible means to represent interlinked information about almost anything. GLACIATION will optimise the location where analytics are performed to significantly reduce power consumption. Its metadata framework will deliver tools that ensure privacy and trust in data operations. [more]

    MARSAL logo
    5G mobile networks will be soon available to handle all types of applications and to provide service to massive numbers of users. In this complex and dynamic network ecosystem, an end-to-end performance analysis and optimization will be the key features to effectively manage the diverse requirements imposed by multiple vertical industries over the same shared infrastructure. MARSAL aims at proposing a new paradigm of elastic virtual infrastructures that integrate in a transparent manner a variety of novel radio access, networking, management, and security technologies, which will be developed under the MARSAL framework to deliver end-to-end transfer, processing, and storage services in an efficient and secure way. [more]

Past Projects

  • HOPE

    HOPE logo
    While open data have a huge potential in the data- driven society, many barriers of different types exist in publishing and using open data. HOPE aims at overcoming the main technical problems that current open data solutions suffer from, by developing a methodology and associated tools for a new way of producing, publishing, maintaining, accessing and exploiting privacy-preserving open data. The envisioned result of the project is a complete web-based semantic open data manager that an organization can use for governing the whole lifecycle of its open data, and the final users can access for effectively consuming the information provided by the organization. The project puts together 5 partners including the strongest leaders of the Italian Knowledge Representation and Data Management communities. If successful, this effort will have a deep impact on society, as it will help unchaining all the potentiality of open data for citizens and policy makers. The practical value of our approach will be evaluated by real users. Three Italian PA institutions are already collaborating with the partners of the consortium, and have agreed to experiment the tools resulting from the research results, providing feedbacks from the very beginning of the project. [more]

    MOSAICrOWN logo
    The application of data analysis techniques over large data collections provides great benefits, from the personal, to the business, research, and social domain. The availability of large data collections recording actions and choices of individuals and organisations can lead to great improvement in the understanding of how the world operates. The continuous evolution of ICT is enabling the realisation of such vision at a fast pace, supporting the realisation of architectures enabling collaborative data sharing and analytics. A clear obstacle towards the realisation of such potential and vision is represented by security and privacy concerns. Indeed, the (actual or perceived) loss of control over data and potential compromise of their confidentiality can have a strong detrimental impact on the realisation of an open framework for enabling the sharing of data from multiple independent data owners. MOSAICrOWN aims to enable data sharing and collaborative analytics in multi-owner scenarios in a privacy-preserving way, ensuring proper protection of private/sensitive/confidential information. MOSAICrOWN will provide effective and deployable solutions allowing data owners to maintain control on the data sharing process, enabling selective and sanitised disclosure providing for efficient and scalable privacy-aware collaborative computations. This goal will be achieved by providing: i) a data governance framework able to capture and combine the protection requirements that can be possibly specified by multiple parties, who have a say over the data, to empower them with more control over such data; ii) effective and efficient protection techniques that can be integrated in current technologies and that enforce protection while enabling efficient and scalable data sharing and processing. [more]

    Cloud computing is increasingly a necessary strategical ICT infrastructure component for European companies to successfully compete in the world-wide economy. The advantages of renting ICT infrastructures, platforms, and services, with easy access to scalability and elasticity, are driving an ever accelerating transfer toward the cloud of data and applications. Unfortunately, such a convenience comes at the price of the data owners losing control over their own data and any consequent misuse or security threats on them, which often limit the owner's adoption of the cloud's potential capabilities. On one hand, cloud providers can be assumed to employ basic security mechanisms for protecting data in storage, processing, and communication, devoting resources to ensure security that many medium and small companies may not be able to afford. On the other hand, data owners, when relying on the cloud, lose control over data and their processing, hence leaving them potentially exposed. Today data owners have to choose between having security but limited functionality or fully enjoying functionality but compromising on security and privacy guarantees. This situation has a strong detrimental impact on the adoption and acceptability of cloud services. Data owners may refrain from relying on the cloud for certain data, which they consider more sensitive or critical, or they use the cloud but remain exposed to the consequences of improper protection and control. The goal of ESCUDO is to empower data owners as first class citizens of the cloud. ESCUDO provides effective and deployable solutions allowing data owners to maintain control over their data when relying on Cloud Service Providers (CSPs) for data storage, processing, and management, without sacrificing on functionality. ESCUDO consortium sees the participation of major industry players in the cloud area, and of an innovative SME, contributing real-world use cases, and providing strong exploitation and impact. [more]
  • PrimeLife

    PrimeLife logo
    In their daily interaction over the Internet, individuals contribute throughout their life leaving a life-long trail of personal data. Technological advances facilitate extensive data collection, unlimited storage and reuse of the individual's digital interactions. Today, individuals cannot protect their autonomy and cannot retain control over personal information, irrespective of their activities, as present information technologies hardly consider these requirements. This raises substantial new privacy challenges: how to protect privacy in emerging Internet applications such as collaborative scenarios and virtual communities; and how to maintain life-long privacy. PrimeLife will address the core privacy and trust issues pertaining to the aforementioned challenges. Its long-term vision is to counter the trend to life-long personal data trails without compromising on functionality. It will build upon and expand the FP6 project Prime that has shown how privacy technologies can enable citizens to execute their legal rights to control personal information in on-line transactions. The main objective of the project is to bring sustainable privacy and identity management to future networks and services:
    • fundamentally understand privacy-enhancing identity management ‘for life' (practical life, throughout life & beyond);
    • bring Privacy to the Web and its Applications;
    • develop and make tools for privacy friendly identity management widely available -privacy live!

    Resolving these issues requires substantial progress in many underlying technologies. PrimeLife will substantially advance the state of the art in the areas of human computer interfaces, configurable policy languages, web service federations, infrastructures and privacy-enhancing cryptography. It will also ensure that the community at large adopts the results of the project by working with the relevant Open Source communities, standardization bodies and relevant partner's projects. It will further organize workshops to transfer technologies and concepts. [more]
  • Prime

    Prime logo
    PRIME aims to develop a working prototype of a privacy-enhancing Identity Management System. To foster market adoption, novel solutions for managing identities will be demonstrated in challenging real-world scenarios, e.g., from Internet Communication, Airline and Airport Passenger Processes, Location-Based Services and Collaborative e-Learning. [more]
  • Fine-Grained Access Control for Social Networking

    Fine-Grained Access Control for Social Networking logo
    Users are more and more using the Internet as a means to publish and disseminate their own resources and reach out to their peers. The possibility of relying on external cloud services for storing, sharing, and retrieving resources brings users unprecedented advantages in terms of convenience and easiness of access to information anywhere anytime. The cloud is today not a selected privilege for a few, but has the promise of becoming a reality for the everyday person, whose personal life is becoming more and more digitalized. At the other side of the coin of the convenience brought by such a pervasiveness lay the privacy concerns that understandably worry the users as well as privacy advocates and authorities. National legislators and the European Union are calling for legislative measures to regulate access, use, management, and dissemination of personal information for ensuring users’ privacy be properly protected. The EU’s data protection reform is an example of such measures that responds to the novel privacy issues arising with the rapid diffusion of new technologies and services such as social networking sites, cloud computing, and location-based services. The main goal of this project is to pull down the barriers that often inhibit users from using online services and from sharing their information, which are often due to the lack of assurance that their personal information is appropriately protected from privacy breaches. We will define concrete solutions for allowing users to regulate the visibility of their data shared and disseminated using social networks.
  • Data-Centric Genomic Computing (GenData 2020)

    Data-Centric Genomic Computing (GenData 2020) logo
    GenData 2020 is a project funded by the Italian Ministry of Research (MIUR) and involves nine Universities: Università degli Studi Roma Tre, Politecnico di Torino, Politecnico di Milano, Università degli Studi di Bologna, Università degli Studi di Salerno, Università degli Studi Roma "La Sapienza", Università degli Studi di Bergamo, Università della Calabria, Università degli Studi di Milano.
    The main objective of GenData 2020 is the design of novel and advanced technological solutions for supporting the next-generation healthcare systems. In this project, the unit of the Università degli Studi di Milano (UNIMI) will focus on the privacy and security aspects that are key factors for the successful integration of genomics in healthcare: How do we ensure that our sensitive genomic data remain properly protected? How do we guarantee that the privacy of the individuals participating in medical studies is preserved? How do we guarantee that genomic data are accessed and used only by authorized parties? UNIMI will provide an answer to these and other questions by developing innovative solutions covering the different security and privacy issues related to the storage, collection, dissemination, and processing of genomic data. [more]
  • Encrypted Databases

    The Encrypted Databases is a project funded by the Italian Ministry of Research (MIUR) and involves three Universities: Università degli Studi di Milano, Università di Bergamo, and Università di Salerno.
    In many organizations the evolution of the information system is evolving to a distributed architecture where many functions are outsourced to external entities. Today the great majority of accesses to the Internet occurs through the services of an Internet Service Provider (ISP); Application Service Providers (ASP) promise to extend the service and opportunities for the outsourcing of the functionality of the information system. At the same time, in the general economic context, the value for a company of the information it keeps into its information system is continuously increasing. In many instances, most of the wealth of an organization resides in the information stored within its databases, and a loss of integrity or confidentiality of this information is a threat to the organization survival.
    ASPs are typically able to offer an efficient realization of the services, with guarantees on reliability, availability and protection from access by outsiders. But, the same approach intrinsically raises in data owners concerns on the protection from access to their confidential information by ASP insiders. Currently, the protection is not based on technical solutions, but on the enforcement of contractual obligations; a critical aspect is the reputation that the ASP has gained in the management of client information.
    Cryptography would permit to obtain a guarantee on the protection of confidentiality that does not require trust in the subject managing the information. The use of cryptography then promises to support the realization of a wider market for services, since the provider does not have to demonstrate a strong reputation to store sensitive data. This would make the approach an important option in the design of any information system.
    Considering the architecture of the software system, the right level to introduce cryptography is at the database access level. The first alternative ais to use cryptography at a lower level, in practice using a service provider as a remote storage device, but for typical applications this would require to bring to the client for every access a considerable amount of information. The use of cryptography at a higher level conflicts with the need for most operations to have access to the clear-text value of the data in order to process it. The use of a remote database server where the stored information is encrypted promises to offer efficient access within current applications, with no loss of confidentiality.
    The goal of the project is then to study the technical and methodological issues that arise in the use of the "database as a service" (DAS) paradigm, proposing solutions that will permit the adoption of the paradigm in many situations. Indeed, there are many open problems to solve before the DAS paradigm can see a wide adoption. We plan to focus the research on the major obstacles. We will explore the loss of confidentiality that derives from the observation of the structure of the encrypted representation of the database. Also, we will consider the management of distinct access profiles, designing techniques that will realize an access control model for this context. We will focus on the integration of the DAS paradigm within current database technology, designing an approach that will permit the construction of a database module accessing the remote encrypted database. Finally, we will focus on the implementation of an open source prototype, which will allow the verification of the behavior of all the components.
  • P2PRep

    P2PRep logo
    The P2PRep is a combined project of the Security Group of Università di Milano and Politecnico di Milano. It is an approach to P2P security where servents can keep track, and share with others, information about the reputation of their peers. The approach nicely complements the existing P2P protocols (in particular Gnutella) and has a limited impact on current implementations. The model has been implemented and a prototype has been developed in Java.