People of ACM - Elena Ferrari

July 2, 2020

How did you first become interested in working in data security and privacy?

It was during the early stage of my PhD on data management. I was working on a variety of topics, ranging from multimedia to temporal and object-oriented databases, but then was involved in a project dealing with access and information flow control for relational database management systems. I was fascinated by this project from the beginning, as the topic was very new at that time and only a few research labs were working on this problem space. What captured my interest in particular were the theoretical aspects, which had immediate real-life implications.

At a later stage, in the infancy of social media popularity, I started working on data privacy to contribute to the development of technologies that enable individuals to better preserve their privacy.

Will you tell us a little about the STRICT Lab, and a particularly exciting project that you and your colleagues are working on right now?

The mission of the STRICT Lab is to develop tools and technologies that enable users to benefit from the many opportunities that today’s information and communication technology (ICT) offers without compromising privacy and security. Today, we are involved in two very exciting projects funded by the European Union. The first one is Real-time Analytics for the Internet of Sports (RAIS), in which we set ourselves the ambitious goal of developing a privacy-preserving decentralized big data analytic platform for the growing field of Internet of Sports. The second project, Cybersecurity Competence for Research and Innovation (CONCORDIA), aims at establishing a user-centric cybersecurity ecosystem for digital sovereignty in Europe.

The Test-of-Time Award-winning paper you co-authored, "A Semantic Web Based Framework for Social Network Access Control," proposed an access control model for online social networks using semantic web tools. What was a key insight in this paper? What will be a challenge for access control on social networks in the coming years?

This paper was one of the pioneering efforts showing how semantic web tools can be used to develop powerful access control mechanisms for social networks so that sensitive and private information is only shared with user consent in a simple and flexible manner. The many scandals we saw in recent years, such as the one involving Cambridge Analytica, showed the importance of empowering users with technologies to better protect their privacy in social networks. The challenge in the coming years will be how to achieve this objective without sacrificing user experience and the benefits from information sharing. I believe that decentralized architectures will play a major role in addressing these challenges.

At SACMAT 2018, you and Pietro Colombo presented the paper “Access Control in the Era of Big Data: State of the Art and Research Directions,” in which you discuss the need for a unifying access control framework for big data platforms. Why is establishing such a framework important? Do you see this as a goal we can accomplish in the near future?

Big data platforms have given us the opportunity of doing very complex queries over a huge amount of heterogeneous and sometimes highly sensitive data. Moreover, data driven analysis done through big data platforms is often done by jointly accessing data coming from different sources that may be protected by different access control models and mechanisms. We believe that this increased power in data analysis should be coupled with proper mechanisms to protect data confidentiality and privacy. The definition of a unifying access control framework will be instrumental to protect from possible data inferences, as well as to control the sharing of the results of the analysis. It can also be the basis for developing a suite of tools to trace the effect of access control constraints on the analytical process.

The main challenge for developing this unifying framework is the lack of an underlying standardized data model and query language for big data platforms. Another open issue is its efficient deployment over multiple platforms. However, I am confident that progress will be made in the near future.

Elena Ferrari is a Professor of Computer Science and Director of the STRICT Social Lab at the University of Insubria, Varese, Italy. Her research interests are in cybersecurity, privacy, and trust. She has authored more than 240 publications in areas including security and privacy for big data and IoT; access control; machine learning for cybersecurity; risk analysis; blockchain; and secure social media. Ferrari has held lead volunteer roles at several conferences, including ACM Symposium on Access Controls and Technologies (SACMAT), and has served on the editorial boards of many prestigious journals, including ACM/IMS Transactions on Data Science (TDS).

Her honors include receiving the ACM Conference on Data and Application Security and Privacy (CODASPY) Research Award (2019), the ACM SACMAT 10-Year Test-of-Time Award (2019), and the IEEE Computer Society Technical Achievement Award (2009). She has been named IEEE Fellow (2012) and one of the “50 Most Influential Italian Women in Tech” (2018). She was named an ACM Fellow (2019) for contributions to security and privacy of data and social network systems.