BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Silvia Bonomi

Silvia Bonomi contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and SecurityDistributed, Parallel, and Cluster Computing

Trust snapshot

Quick read

Trust 19 - UnverifiedVerification L1Unclaimed author
5works
0followers
2topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

5 published item(s)

preprint2026arXiv

ThreatLinker: An NLP-based Methodology to Automatically Estimate CVE Relevance for CAPEC Attack Patterns

Threat analysis is continuously growing in importance due to the always-increasing complexity and frequency of cyber attacks. Analyzing threats demands significant effort from security experts: different cybersecurity knowledge bases support this task, but manual efforts are required to correlate heterogeneous sources into a unified view that would enable a more comprehensive assessment. To address this gap, we propose ThreatLinker, a methodology leveraging Natural Language Processing (NLP) to effectively and efficiently associate Common Vulnerabilities and Exposure (CVE) vulnerabilities with Common Attack Pattern Enumeration and Classification (CAPEC) attack patterns. The proposed technique combines semantic similarity with keyword analysis to improve the accuracy of association estimations. We contributed a larger dataset for CVE-CAPEC correlation, and experimental evaluations demonstrate superior performance compared to state-of-the-art models.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

A Methodology to Support Automatic Cyber Risk Assessment Review

Cyber risk assessment is a fundamental activity for enhancing the protection of an organization, identifying and evaluating the exposure to cyber threats. Currently, this activity is carried out mainly manually and the identification and correct quantification of risks deeply depend on the experience and confidence of the human assessor. As a consequence, the process is not completely objective and two parallel assessments of the same situation may lead to different results. This paper takes a step in the direction of reducing the degree of subjectivity by proposing a methodology to support risk assessors with an automatic review of the produced assessment. Our methodology starts from a controls-based assessment performed using well-known cybersecurity frameworks (e.g., ISO 27001, NIST) and maps security controls over infrastructural aspects that can be assessed automatically (e.g., ICT devices, organization policies). Exploiting this mapping, the methodology suggests how to identify controls needing revision. The approach has been validated through a case study from the healthcare domain and a set of statistical analyses.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

SoK: Achieving State Machine Replication in Blockchains based on Repeated Consensus

This paper revisits the ubiquitous problem of achieving state machine replication in blockchains based on repeated consensus, like Tendermint. To achieve state machine replication in blockchains built on top of consensus, one needs to guarantee fairness of user transactions. A huge body of work has been carried out on the relation between state machine replication and consensus in the past years, in a variety of system models and with respect to varied problem specifications. We systematize this work by proposing novel and rigorous abstractions for state machine replication and repeated consensus in a system model that accounts for realistic blockchains in which blocks may contain several transactions issued by one or more users, and where validity and order of transactions within a block is determined by an external application-dependent function that can capture various approaches for order-fairness in the literature. Based on these abstractions, we propose a reduction from state machine replication to repeated consensus, such that user fairness is achieved using the consensus module as a black box. This approach allows to achieve fairness as an add-on on top of preexisting consensus modules in blockchains based on repeated consensus.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Synchronous Byzantine Lattice Agreement in ${\cal O}(\log (f))$ Rounds

In the Lattice Agreement (LA) problem, originally proposed by Attiya et al. \cite{Attiya:1995}, a set of processes has to decide on a chain of a lattice. More precisely, each correct process proposes an element $e$ of a certain join-semi lattice $L$ and it has to decide on a value that contains $e$. Moreover, any pair $p_i,p_j$ of correct processes has to decide two values $dec_i$ and $dec_j$ that are comparable (e.g., $dec_i \leq dec_j$ or $dec_j < dec_i$). LA has been studied for its practical applications, as example it can be used to implement a snapshot objects \cite{Attiya:1995} or a replicated state machine with commutative operations \cite{Faleiro:2012}. Interestingly, the study of the Byzantine Lattice Agreement started only recently, and it has been mainly devoted to asynchronous systems. The synchronous case has been object of a recent pre-print \cite{Zheng:aa} where Zheng et al. propose an algorithm terminating in ${\cal O}(\sqrt f)$ rounds and tolerating $f < \lceil n/3 \rceil$ Byzantine processes. In this paper we present new contributions for the synchronous case. We investigate the problem in the usual message passing model for a system of $n$ processes with distinct unique IDs. We first prove that, when only authenticated channels are available, the problem cannot be solved if $f=n/3$ or more processes are Byzantine. We then propose a novel algorithm that works in a synchronous system model with signatures (i.e., the {\em authenticated message} model), tolerates up to $f$ byzantine failures (where $f<n/3$) and that terminates in ${\cal O}(\log f)$ rounds. We discuss how to remove authenticated messages at the price of algorithm resiliency ($f < n/4$). Finally, we present a transformer that converts any synchronous LA algorithm to an algorithm for synchronous Generalised Lattice Agreement.

0 citations0 reviewsNo code linkedOpen access
preprint2018arXiv

B-CoC: A Blockchain-based Chain of Custody for Evidences Management in Digital Forensics

One of the main issues in digital forensics is the management of evidences. From the time of evidence collection until the time of their exploitation in a legal court, evidences may be accessed by multiple parties involved in the investigation that take temporary their ownership. This process, called Chain of Custody (CoC), must ensure that evidences are not altered during the investigation, despite multiple entities owned them, in order to be admissible in a legal court. Currently digital evidences CoC is managed entirely manually with entities involved in the chain required to fill in documents accompanying the evidence. In this paper, we propose a Blockchain-based Chain of Custody (B-CoC) to dematerialize the CoC process guaranteeing auditable integrity of the collected evidences and traceability of owners. We developed a prototype of B-CoC based on Ethereum and we evaluated its performance.

0 citations0 reviewsNo code linkedOpen access