Research

Research Interests

Attack Graphs:
Among all the existing attack models, Attack Graphs represent a powerful abstraction to capture the notion of multi-step attack i.e., an attack toward a specific target executed by taking intermediate steps in the network. Current attack graph representations are poorly scalable and consider only vulnerabilities related to the underlying network infrastructure.
In my research, I study how to improve the scalability of the attack graph process and how to enable threat intelligence in attack graph-based systems.
Information Security Governance and Cyber Risk Management
Information governance is the overall strategy for securing information in an organization. It comprises many different processes, including Incident Management and Cyber Risk Management. They are typically manually performed, causing possible cognitive bias during the processes.
In my research, I study data-driven approaches to support security experts during the ISG processes to improve the accuracy of security analyses.

Publications

Palma, A., & Angelini, M. (2024). Visually Supporting the Assessment of the Incident Management Process. EuroVis Workshop on Visual Analytics (EuroVA). The Eurographics Association. 2024.
DOI: 10.2312/eurova.20241116

📃PDF 💻Code ✒️Cite

Palma, A., & Bonomi, S. (2023). A Workflow for Distributed and Resilient Attack Graph Generation. In 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks-Supplemental Volume (DSN-S) (pp. 185-187). IEEE. 2023.
DOI: 10.1109/DSN-S58398.2023.00050

📃PDF ✒️Cite

Acitelli, G., Angelini, M., Bonomi, S., Maggi, F. M., Marrella, A., & Palma, A. (2022). Context-Aware Trace Alignment with Automated Planning. In 2022 4th International Conference on Process Mining (ICPM) (pp. 104-111). IEEE. 2022.
DOI: 10.1109/ICPM57379.2022.9980649

📃PDF 💻Code ✒️Cite

Angelini, M., Bonomi, S., Ciccotelli, C., & Palma, A. (2020). Toward a context-aware methodology for information security governance assessment validation. In International Workshop on Cyber-Physical Security for Critical Infrastructures Protection (pp. 171-187). Cham: Springer International Publishing. 2020.
DOI: 10.1007/978-3-030-69781-5_12

📃PDF 💻Code ✒️Cite

Preprints

Palma, A., & Angelini, M. (2023). It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation. https://arxiv.org/abs/2312.16513
DOI: 10.48550/arXiv.2312.16513

📃PDF 💻Code ✒️Cite

Angelini, M., Bonomi, S., & Palma, A. (2022). A methodology to support automatic cyber risk assessment review. arXiv preprint arXiv:2207.03269.
DOI: 10.48550/arXiv.2207.03269

📃PDF 💻Code ✒️Cite

Roles

PC member at IEEE CSR SDG 2024, Workshop on Synthetic Data Generation for a Cyber-Physical World (link)
PC member at EXTRAAMAS 2024, International Workshop on EXplainable and TRAnsparent AI and Multi-Agent Systems (link)
Poster PC member at AVI 2024, International Conference on Advanced Visual Interfaces (link)

Poster PC member at AVI 2022, International Conference on Advanced Visual Interfaces (link)