iit_cnr_logo
UNITÀ DI RICERCA Trust, Security and Privacy
Chi siamo Persone Ricerca Progetti Formazione Conferenze Collaborazioni
cnr_logo
UNITÀ DI RICERCA Trust, Security and Privacy
Chi siamo Persone Ricerca Progetti Formazione Conferenze Collaborazioni

Progetti




DUCA: Data Usage Control for empowering digital sovereignty for All citizens


1 Gennaio 2023 – 31 Dicembre 2026

The Internet of Everything has led to a surge in connected devices, resulting in the generation of a huge amount of data. With the support of the Marie Skłodowska Curie Actions programme, the DUCA project aims to provide a comprehensive framework to address the growing concerns around data privacy and protection. Its goal is to empower European citizens and organisations to take control of their data, ensuring confidentiality and personal data protection. DUCA’s framework comprises a set of security and privacy-enhancing solutions, which will be platform-independent to enable compatibility with various architectures and deployment models. The project has identified three use cases: smart energy, usage control for Big Data and artificial intelligence, and collaborative mobility.



SYNAPSE: An Integrated Cyber Security Risk & Resilience Management Platform, With Holistic Situational Awareness, Incident Response & Preparedness Capabilities


1 Gennaio 2023 – 31 Dicembre 2026

SYNAPSE aims to design, develop & deliver an Integrated Cyber Security Risk & Resilience Management Platform, with holistic Situational Awareness, Incident Response & Preparedness capabilities. The proposed platform will encompass: (i) Incident Response through process automation and orchestration mechanisms, also covering organisational/business aspects (e.g., business continuity processes); (ii) AI-enhanced Situational Awareness, encompassing extraction & analytics of actionable and pertinent Cyber Threat Intelligence (CTI), along with attack early warning & threat hunting systems; (iii) Preparedness through cybersecurity, privacy & business continuity training, covering different training delivery means, allowing it to tailor the delivery method to the content; (iv) Technical & economic risk management, integrating outputs of (i)-(iii) above and supporting risk-benefit analyses (including what-if scenarios) to inform decision-making and enable risk transfer schemes with Smart Contract-enabled cybersecurity insurance; (v) Continuous feedback between (i)-(iv) above, along with standards-based sharing, alerting & reporting (intra- & inter- Member State), based on outputs of (i)-(iii) above, thus enabling the establishment of shared situational awareness, coordinated response and joint preparedness.






EMERALD: Evidence Management for Continuous Certification as a Service in the Cloud


1 Novembre 2023 – 30 Ottobre 2026

Cloud-based services have grown from basic computing services to complex ecosystems, comprising (virtual) infrastructure, business processes and application code. These advanced services also increasingly leverage the usage of Artificial Intelligence, including Machine Learning or Natural Language Processing techniques, raising the complexity even higher. Due to the cascade of dependencies among the different products and services, the need arose to bring more agility to the certification process of cloud-based services, e.g., using continuous monitoring and assessment, as evidenced by references to it in the certifications of the EU Cybersecurity Act (EU CSA). To transform the continuous assessment and certification concept into the complete realization of a Certification-as-a-Service (CaaS), several challenges need to be solved: 1) current proposed proofs of concepts for continuous monitoring lack interoperability at technology level, 2) the adoption of cloud and edge computing and the incorporation of regulations on specific topics or domains, such as AI, put significant strain on companies to comply with a multitude of different security schemes, 3) existing market fragmentation for continuous certification (scope, methodologies), hinder transparency and accountability in the provision of European cloud services, 4),smart tools and models need to be adopted to ease the agile application and implementation of the CaaS concept reducing complexity in the whole cloud certification value chain easing the adoption of CaaS by the different stakeholders. To overcome these challenges, the design and implementation of the EMERALD CaaS solution leverages the H2020 project MEDINA’s outcomes and advances them to TRL 7 in the EMERALD core. Two PoCs will be provided; one for composite certification and one for mapping requirements to upcoming AI certification schemes. EMERALD will pave the road towards CaaS for continuous certification of harmonized cybersecurity schemes.




DLT-Fruit: A user centered framework for facilitating DLTs FRUITion


2023 – 2025

The DLT-Fruit project is aimed at creating an environment to provide the widespread public with direct access to the main Distributed Ledgers behind the decentralized protocols at the base of the Web 3.0. This will be  achieved  by leveraging cutting edge research in several Computer Science fields (distributed systems, graph theory, and data visualization) to achieve results aligned with the PNRR goals, especially for, but not limited to, what concerns empowering users in the digital sphere. In fact, DLT trustworthiness, transparency, and automation are properties highly desirable  when attempting to digitize traditional processes or improve existing digital ones. However, all DLT protocols ultimately rely on the ability of users to read data on the Ledger, and that is not that can be assumed possible for the wider public, either due to lack of resources or technical know-how. Existing applications to achieve this on behalf of the user are not a solution to this problem, as they are third party components that reintroduce the need for user trust. To this aim,  the project  proposes a novel environment that enables users to access DLT data in a trustworthy, user-friendly and  easy to understand graphical way. The toolset will be flexible and powerful enough to be used by researchers, decentralized applications, and the widespread public alike. Among its theoretical contributions, the toolset will introduce a uniform representation for transactional data coming from heterogeneous ledgers and will provide advanced state-of-the-art temporal graph analysis and visualization tools.


Smart High-Security Gateway

SHG è un progetto regionale con cofinanziamento a valere sul Programma POR FESR Regione Toscana. Il progetto SHG 4.0 (Smart High-Security Gateway) intende realizzare un innovativo gateway hardware e software per il mercato SOHO (Small Office / Home Office) e mPMI (micro, piccole e medie imprese) con l’obiettivo di offrire una protezione informatica da cyber attacchi sulla rete cablata, wifi e IoT. In una situazione in cui aumentano costantemente i dispositivi connessi a internet, anche all’interno di realtà che non posseggono specifiche competenze in ambito IT, la soluzione si affiancherà all’attuale offerta di mercato di prodotti specifici per il mercato IT di tipo Pro o Enterprise (Firewall, IDS) che richiedono elevate competenze per l’installazione e l’interpretazione dei dati, che di fatto difficilmente risultano adatte a piccole imprese e utenze private. SHG si pone quindi l’obiettivo di sviluppare un gateway sicuro ed efficiente per la protezione per il mercato SOHO. 






ARTES 4.0 – Advanced Robotics and enabling digital TEchnologies & Systems 4.0


Convenzione per l’organizzazione e l’amministrazione del Macronodo CNR n. 17309 del 05/03/2020 – Bando MISE di cui al Decreto Ministeriale n. 214 del 12.09.2017. 
Il Centro di Competenza (CC) ARTES 4.0 è una rete ad alta specializzazione, nell’ambito delle aree della robotica avanzata e delle tecnologie digitali abilitanti collegate, in grado di fornire tecnologie e servizi dedicati a rispondere ai bisogni delle imprese, in particolare le PMI, mediante progetti di orientamento, formazione, innovazione, ricerca industriale e sviluppo sperimentale.
Referente progetto: Fabio Martinelli





C3T – RT Centro di competenza Cybersecurity


L’osservatorio toscano sulla cybersecurity punterà ad individuare sia i livelli di vulnerabilità dei sistemi sia le caratteristiche delle minacce. I risultati delle osservazioni saranno distribuiti attraverso diversi canali di comunicazione (blog, media, social network, …) per sensibilizzare ed informare sulle minacce individuate. Saranno sviluppati strumenti ad hoc per conoscere e permettere alle aziende toscane autovalutazioni del livello di rischio informatico. Sarà anche messo a punto un servizio per l’analisi di richieste di siti Internet rivolta principalmente ad aziende come gli Internet Service Provider accompagnato da strumenti per la visualizzazione semplificata in modo tale da migliorare e accrescere la consapevolezza sulle origini degli attacchi. Saranno censite le aziende toscane che sviluppano soluzioni o offrono assistenza relativamente alla sicurezza informatica e sarà fornito un quadro completo delle competenze di cybersecurity nei laboratori di ricerca Toscani (progetto Interregionale CYBER) realizzando un sondaggio consultabile tramite portale web che sarà fatto in cooperazione con ECSO.
Referente progetto: Fabio Martinelli