Pierangela Samarati - Selected Publications#

Pierangela has made significant scientific contributions to numerous areas within informatics, with many key publications that have transformed the field and led to a flurry of research into these areas. The representative publications below are a few exemplars of the many theoretical and practical contributions she has made, chosen to highlight the diversity of areas of scientific inquiry as well as their progression over time showing her continuous contribution to the field. Citations reported have been retrieved through Google Scholar.

PRIVACY AND ANONYMITY

Pierangela has made seminal contributions to the problem of protecting individuals’ privacy in different contexts of data publication and sharing. She proposed the concept of k-anonymity that contributed to bring the attention on the privacy problem to the whole database community, raising interest from scientific and industrial communities, and resulting in widespread cross-pollination between the databases and security fields (her three main works on it collectively received 5300+ citations). The problem introduced and concepts highlighted have been directly influenced legislations and industry (US HIPAA, Google's password checkup tool). Her privacy and anonymity work has continued with the design of solutions for emerging scenarios, for which she provided contributions enjoying both theoretical as well as practical impact.

P. Samarati, "Protecting Respondents' Identities in Microdata Release," in IEEE Transactions on Knowledge and Data Engineering (TKDE), vol. 13, n. 6, November/December 2001, pp. 1010-1027 [2886 citations]]

C.A. Ardagna, M. Cremonini, S. De Capitani di Vimercati, P. Samarati, "An Obfuscation-based Approach for Protecting Location Privacy," in IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 8, n. 1, January-February 2011, pp. 13-27 [296 citations]]

S. De Capitani di Vimercati, D. Facchinetti, S. Foresti, G. Livraga, G. Oldani, S. Paraboschi and M. Rossi, P. Samarati, "Scalable Distributed Data Anonymization for Large Datasets," in IEEE Transactions on Big Data (TBD), 2023 (to appear)

ACCESS CONTROL

Pierangela's work on flexible access control creates an innovative framework and a modular and extensible language providing flexibility and expressiveness, while –at the same time– allowing the security administrator and data owner to understand and maintain control over their security specifications (her three main papers on this collectively count 2000+ citations). She also studied the use of XML as a language for expressing access control regulations. The result of this work contributed to the XACML (eXtensible Access Control Markup Language) standard, which has has had since then a widespread adoption at the industrial level as a reference language for interoperable security policies. Again, work has followed with consideration of new technological paradigms, with the development of solutions that significant benefits in terms of quicker and less costly realization of authorization policy enforcement.

P. Samarati, S. De Capitani di Vimercati, "Access Control: Policies, Models, and Mechanisms," in Foundations of Security Analysis and Design, R. Focardi, R. Gorrieri (eds.), Springer-Verlag, 2001 [1113 citations]]

S. Jajodia, P. Samarati, M.L. Sapino, V.S. Subrahmanian, "Flexible Support for Multiple Access Control Policies," in ACM Transactions on Database Systems (TODS), vol. 26, n. 2, June 2001, pp. 214-260 [902 citations]]

E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati, "A Fine-Grained Access Control System for XML Documents," in ACM Transactions on Information and System Security (TISSEC), vol. 5, n. 2, May 2002 [773 citations]]

S. De Capitani di Vimercati, S. Foresti, S. Jajodia, G. Livraga, S. Paraboschi, P. Samarati, "An Authorization Model for Query Execution in the Cloud," in The VLDB Journal, vol. 31, n. 3, May 2022, pp. 555-579

DATA PROTECTION IN DISTRIBUTED AND OUTSOURCING SCENARIOS

Pierangela's work in this area addresses the problem of establishing trust among parties and on resources in peer-to-peer networks. She proposed a self-regulating system where reputation sharing is realized through a distributed polling algorithm in the P2P network. In this way, spreading of malicious contents is reduced and eventually blocked. (Her three main papers collectively count 2000+ citations). She has continued this line of work with the consideration of the involvement of external parties for storage and computational services, addressing the problems of ensuring confidentiality and integrity of data and their computation.

Her solutions provided a solid starting point for the development of practical data protection solutions in the context of large research projects she has coordinated which have involved and impacted major industrial players in the field (including IBM, SAP, DELL-EMC, MasterCard, JPMorgan&Chase) as well as W3C.

E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati, F. Violante, "A Reputation-based Approach for Choosing Reliable Resources in Peer-to-Peer Networks," in Proc. of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, USA, November 2002 [1019 citations]]

S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, P. Samarati, "Over-encryption: Management of Access Control Evolution on Outsourced Data," in Proc. of the 33rd International Conference on Very Large Data Bases (VLDB 2007), Vienna, Austria, September 23-28, 2007 [596 citations]]

S. De Capitani di Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, R. Sassi, P. Samarati, "Sentinels and Twins: Effective Integrity Assessment for Distributed Computation," in IEEE Transactions on Parallel and Distributed Systems (TPDS), vol. 34, n. 1, January 2023