Conferencia Invitada - Towards a quantitative approach to security

por Valentina Casola

Recent software development methodologies, as DevOps or Agile, are very popular especially in the development of cloud services and applications. They significantly reduce the time-to- market of developed software but, at the same time, they can be hardly integrated with security design methodologies or secure certification frameworks. Indeed, due to the need of security experts during the initial security design choices and to the lack of automatic tools to quantitatively evaluate and assess security in the design and operation phases, security design methodologies cannot be easily automated.

This talk presents a novel Security-by-Design methodology, developed in the context of SPECS and MUSA European Projects, based on the quantification of security trough concepts as Security Service Level Agreements (SLAs) and Security metrics, which can be integrated within modern development processes and that is able to support the risk management life- cycle in an almost-completely automated way.

Valentina Casola

Prof. Valentina Casola is currently an Associate Professor at the Department of Electrical Engineering and Information Technology of the University of Napoli Federico II, Italy. She received the MSc degree in Electronic Engineering from the University of Napoli Federico II, magna cum laude, in 2001. She got a Ph.D. in Computer Engineering from the Second University of Napoli in 2004. She has been teaching Secure System Design and Computer Architecture since 2005. Current research activities focus on security models and security evaluation techniques in order to fully exploit the security-by-design paradigm. The activities include both theoretical and experimental aspects and have been applied at different levels of a system stack (from hardware devices to cloud services). She is author of more than 100 publications, in relevant international journals and conference proceedings and she continuously serves in different conference program committees. She was vice-coordinator of the FP7 SPECS project and workpackage leader in H2020 projects. She was principal investigator of several R&D projects in collaboration with large and small enterprises and with relevant Italian institutions. She is coordinator of a scientific study on the security and safety of railway infrastructures, founded by RFI, a leading Italian railway company. She is member of the Technical and Scientific Committee of the CERICT Research center.

Volver al Programa de JNIC 2022