Search Results

Documents authored by Dalla Preda, Mila

Document
DOI: 10.4230/DagRep.14.3.52
EU Cyber Resilience Act: Socio-Technical and Research Challenges (Dagstuhl Seminar 24112)

Authors: Mila Dalla Preda, Serge Egelman, Anna Maria Mandalari, Volker Stocker, Juan Tapiador, and Narseo Vallina-Rodriguez

Published in: Dagstuhl Reports, Volume 14, Issue 3 (2024)

Abstract
This report documents the program and the outcomes of Dagstuhl Seminar "EU Cyber Resilience Act: Socio-Technical and Research Challenges" (24112). This timely seminar brought together experts in computer science, tech policy, and economics, as well as industry stakeholders, national agencies, and regulators to identify new research challenges posed by the EU Cyber Resilience Act (CRA), a new EU regulation that aims to set essential cybersecurity requirements for digital products to be permissible in the EU market. The seminar focused on analyzing the proposed text and standards for identifying obstacles in standardization, developer practices, user awareness, and software analysis methods for easing adoption, certification, and enforcement. Seminar participants noted the complexity of designing meaningful cybersecurity regulations and of aligning regulatory requirements with technological advancements, market trends, and vendor incentives, referencing past challenges with GDPR and COPPA adoption and compliance. The seminar also emphasized the importance of regulators, marketplaces, and both mobile and IoT platforms in eliminating malicious and deceptive actors from the market, and promoting transparent security practices from vendors and their software supply chain. The seminar showed the need for multi-disciplinary and collaborative efforts to support the CRA’s successful implementation and enhance cybersecurity across the EU.
Cite as

Mila Dalla Preda, Serge Egelman, Anna Maria Mandalari, Volker Stocker, Juan Tapiador, and Narseo Vallina-Rodriguez. EU Cyber Resilience Act: Socio-Technical and Research Challenges (Dagstuhl Seminar 24112). In Dagstuhl Reports, Volume 14, Issue 3, pp. 52-74, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)

Copy BibTex To Clipboard

@Article{dallapreda_et_al:DagRep.14.3.52,
  author =	{Dalla Preda, Mila and Egelman, Serge and Mandalari, Anna Maria and Stocker, Volker and Tapiador, Juan and Vallina-Rodriguez, Narseo},
  title =	{{EU Cyber Resilience Act: Socio-Technical and Research Challenges (Dagstuhl Seminar 24112)}},
  pages =	{52--74},
  journal =	{Dagstuhl Reports},
  ISSN =	{2192-5283},
  year =	{2024},
  volume =	{14},
  number =	{3},
  editor =	{Dalla Preda, Mila and Egelman, Serge and Mandalari, Anna Maria and Stocker, Volker and Tapiador, Juan and Vallina-Rodriguez, Narseo},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagRep.14.3.52},
  URN =		{urn:nbn:de:0030-drops-211831},
  doi =		{10.4230/DagRep.14.3.52},
  annote =	{Keywords: Cyber Resilience Act, Software Testing, Software Analysis, IoT, Security Regulations, Security Economics}
}
Document
DOI: 10.4230/OASIcs.Gabbrielli.4
Towards a Unifying Framework for Tuning Analysis Precision by Program Transformation

Authors: Mila Dalla Preda

Published in: OASIcs, Volume 86, Recent Developments in the Design and Implementation of Programming Languages (2020)

Abstract
Static and dynamic program analyses attempt to extract useful information on program’s behaviours. Static analysis uses an abstract model of programs to reason on their runtime behaviour without actually running them, while dynamic analysis reasons on a test set of real program executions. For this reason, the precision of static analysis is limited by the presence of false positives (executions allowed by the abstract model that cannot happen at runtime), while the precision of dynamic analysis is limited by the presence of false negatives (real executions that are not in the test set). Researchers have developed many analysis techniques and tools in the attempt to increase the precision of program verification. Software protection is an interesting scenario where programs need to be protected from adversaries that use program analysis to understand their inner working and then exploit this knowledge to perform some illicit actions. Program analysis plays a dual role in program verification and software protection: in program verification we want the analysis to be as precise as possible, while in software protection we want to degrade the results of the analysis as much as possible. Indeed, in software protection researchers usually recur to a special class of program transformations, called code obfuscation, to modify a program in order to make it more difficult to analyse while preserving its intended functionality. In this setting, it is interesting to study how program transformations that preserve the intended behaviour of programs can affect the precision of both static and dynamic analysis. While some works have been done in order to formalise the efficiency of code obfuscation in degrading static analysis and in the possibility of transforming programs in order to avoid or increase false positives, less attention has been posed to formalise the relation between program transformations and false negatives in dynamic analysis. In this work we are setting the scene for a formal investigation of the syntactic and semantic program features that affect the presence of false negatives in dynamic analysis. We believe that this understanding would be useful for improving the precision of the existing dynamic analysis tools and in the design of program transformations that complicate the dynamic analysis. To Maurizio on his 60th birthday!
Cite as

Mila Dalla Preda. Towards a Unifying Framework for Tuning Analysis Precision by Program Transformation. In Recent Developments in the Design and Implementation of Programming Languages. Open Access Series in Informatics (OASIcs), Volume 86, pp. 4:1-4:22, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2020)

Copy BibTex To Clipboard

@InProceedings{dallapreda:OASIcs.Gabbrielli.4,
  author =	{Dalla Preda, Mila},
  title =	{{Towards a Unifying Framework for Tuning Analysis Precision by Program Transformation}},
  booktitle =	{Recent Developments in the Design and Implementation of Programming Languages},
  pages =	{4:1--4:22},
  series =	{Open Access Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-171-9},
  ISSN =	{2190-6807},
  year =	{2020},
  volume =	{86},
  editor =	{de Boer, Frank S. and Mauro, Jacopo},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.Gabbrielli.4},
  URN =		{urn:nbn:de:0030-drops-132263},
  doi =		{10.4230/OASIcs.Gabbrielli.4},
  annote =	{Keywords: Program analysis, analysis precision, program transformation, software protection, code obfuscation}
}
Document
DOI: 10.4230/DagRep.9.8.1
Software Protection Decision Support and Evaluation Methodologies (Dagstuhl Seminar 19331)

Authors: Bjorn De Sutter, Christian Collberg, Mila Dalla Preda, and Brecht Wyseur

Published in: Dagstuhl Reports, Volume 9, Issue 8 (2020)

Abstract
This report documents the program and the outcomes of Dagstuhl Seminar 19331 ``Software Protection Decision Support and Evaluation Methodologies''. The seminar is situated in the domain of software protection against so-called man-at-the-end attacks, in which attackers have white-box access to the software that embeds valuable assets with security requirements such as confidentiality and integrity. The attackers try to compromise those by reverse-engineering the software and by tampering with it. Within this domain, the seminar focused mainly on three aspects: 1) how to evaluate newly proposed protections and attackers thereon; 2) how to create an appropriate benchmark suite to be used in such evaluations; 3) how to build decision support to aid users of protection tool with the selection of appropriate protections. The major outcomes are a structure for a white-paper on software protection evaluation methodologies, with some concrete input collected on the basis of four case studies explored during the seminar, and a plan for creating a software protection benchmark suite.
Cite as

Bjorn De Sutter, Christian Collberg, Mila Dalla Preda, and Brecht Wyseur. Software Protection Decision Support and Evaluation Methodologies (Dagstuhl Seminar 19331). In Dagstuhl Reports, Volume 9, Issue 8, pp. 1-25, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2019)

Copy BibTex To Clipboard

@Article{desutter_et_al:DagRep.9.8.1,
  author =	{De Sutter, Bjorn and Collberg, Christian and Dalla Preda, Mila and Wyseur, Brecht},
  title =	{{Software Protection Decision Support and Evaluation Methodologies (Dagstuhl Seminar 19331)}},
  pages =	{1--25},
  journal =	{Dagstuhl Reports},
  ISSN =	{2192-5283},
  year =	{2019},
  volume =	{9},
  number =	{8},
  editor =	{De Sutter, Bjorn and Collberg, Christian and Dalla Preda, Mila and Wyseur, Brecht},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagRep.9.8.1},
  URN =		{urn:nbn:de:0030-drops-116825},
  doi =		{10.4230/DagRep.9.8.1},
  annote =	{Keywords: Benchmarks, Decision Support Systems, Evaluation Methodology, man-at-the-end attacks, metrics, predictive models, reverse engineering and tampering, software protection}
}
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2024 Schloss Dagstuhl – LZI GmbH Imprint Privacy Contact