<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <title>OAR@UM Community:</title>
  <link rel="alternate" href="https://www.um.edu.mt/library/oar/handle/123456789/8336" />
  <subtitle />
  <id>https://www.um.edu.mt/library/oar/handle/123456789/8336</id>
  <updated>2026-07-07T16:56:16Z</updated>
  <dc:date>2026-07-07T16:56:16Z</dc:date>
  <entry>
    <title>Runtime verification and AI : addressing pragmatic regulatory challenges</title>
    <link rel="alternate" href="https://www.um.edu.mt/library/oar/handle/123456789/147770" />
    <author>
      <name>Colombo, Christian</name>
    </author>
    <author>
      <name>Pace, Gordon</name>
    </author>
    <author>
      <name>Seychell, Dylan</name>
    </author>
    <id>https://www.um.edu.mt/library/oar/handle/123456789/147770</id>
    <updated>2026-07-03T05:24:54Z</updated>
    <published>2025-01-01T00:00:00Z</published>
    <summary type="text">Title: Runtime verification and AI : addressing pragmatic regulatory challenges
Authors: Colombo, Christian; Pace, Gordon; Seychell, Dylan
Abstract: The deployment of AI-driven solutions to increasingly complex tasks with real-world impact raises various challenges in the area of verification. Using the case study of an AI-assisted litter detection being developed for rural areas in Malta, this paper highlights the multi-faceted nature of the risks involved concerning: data issues, functionality correctness, safety concerns, and legal considerations. We place particular focus on the last of these: regulatory challenges. Drawing inspiration from related works, considering applicable Maltese technology guidelines and EU legislation, against the backdrop of the challenges presented in the case study, the proposed runtime verification architecture brings the pieces together in a comprehensive and pragmatic manner. [excerpt]</summary>
    <dc:date>2025-01-01T00:00:00Z</dc:date>
  </entry>
  <entry>
    <title>Interest beyond violation : on points-of-interest in runtime verification</title>
    <link rel="alternate" href="https://www.um.edu.mt/library/oar/handle/123456789/147766" />
    <author>
      <name>Colombo, Christian</name>
    </author>
    <author>
      <name>Pace, Gordon J.</name>
    </author>
    <author>
      <name>Schneider, Gerardo</name>
    </author>
    <id>https://www.um.edu.mt/library/oar/handle/123456789/147766</id>
    <updated>2026-07-02T09:19:54Z</updated>
    <published>2025-01-01T00:00:00Z</published>
    <summary type="text">Title: Interest beyond violation : on points-of-interest in runtime verification
Authors: Colombo, Christian; Pace, Gordon J.; Schneider, Gerardo
Abstract: Many formal verification techniques are concerned with comparing system behaviours with formal specifications. Although runtime verification has followed this path (comparing observed traces against formal properties), it has traditionally been burdened with another task—that of raising a flag when a violation is detected. Different approaches can be found in the literature: identifying the earliest such instance, identifying all instances, identifying instances where (potentially future) violations are inevitable, etc. We argue that the lack of a clear distinction between the notion of system correctness and the hard-wired means of identification of points when violation is somehow detected, conflates the notions of points-of-detection and points-of-violation. Frequently, the point at which a point-of-violation may be detected is independent of the point of interest itself, and also independent of the point-of-reaction if a corrective measure is needed. We observe that this distinction becomes more salient in some cases, such as deontic specification languages, which may identify notions such as permission, and in the case of multi-agent systems, where the notion of blame is essential. Using practical and varied examples we motivate why these limitations are significant for the field of runtime verification.</summary>
    <dc:date>2025-01-01T00:00:00Z</dc:date>
  </entry>
  <entry>
    <title>RVsec : towards a comprehensive technology stack for secure deployment of software monitors</title>
    <link rel="alternate" href="https://www.um.edu.mt/library/oar/handle/123456789/147764" />
    <author>
      <name>Colombo, Christian</name>
    </author>
    <author>
      <name>Curmi, Axel</name>
    </author>
    <author>
      <name>Abela, Robert</name>
    </author>
    <id>https://www.um.edu.mt/library/oar/handle/123456789/147764</id>
    <updated>2026-07-02T09:08:57Z</updated>
    <published>2024-09-01T00:00:00Z</published>
    <summary type="text">Title: RVsec : towards a comprehensive technology stack for secure deployment of software monitors
Authors: Colombo, Christian; Curmi, Axel; Abela, Robert
Abstract: Runtime monitors frequently need to be deployed in highly secure software environments to help further secure the system under scrutiny. In such contexts, the monitor could benefit from security hardening over and above the rest of the system since the monitoring component is of particular interest to the attacker. If the attacker successfully disables the monitor, the attack can be executed without potential alarms being raised, leaving no evidence behind. Furthermore, due to the separation of concerns inherent in runtime verification, monitors are typically separated from the rest of the system, facilitating isolation and a hardened security environment which would otherwise be difficult to achieve for the whole system. The combination of these observations, motivate us to consider a number of approaches for increased monitor security which we present as a technology stack called RVsec which could be instantiated in various contexts. Using a quantum-safe chat application as a case study, we present a pragmatic solution to various threat scenarios while considering the trade-offs in terms of additional setup and runtime costs.</summary>
    <dc:date>2024-09-01T00:00:00Z</dc:date>
  </entry>
  <entry>
    <title>A metric to assess the reliability of crowd-sourced SUS scores : a case study on the PoPLar authentication tool</title>
    <link rel="alternate" href="https://www.um.edu.mt/library/oar/handle/123456789/147762" />
    <author>
      <name>Leguesse, Yonas</name>
    </author>
    <author>
      <name>Vella, Mark Joseph</name>
    </author>
    <author>
      <name>Colombo, Christian</name>
    </author>
    <author>
      <name>Hernandez-Castro, Julio</name>
    </author>
    <id>https://www.um.edu.mt/library/oar/handle/123456789/147762</id>
    <updated>2026-07-02T09:01:08Z</updated>
    <published>2024-01-01T00:00:00Z</published>
    <summary type="text">Title: A metric to assess the reliability of crowd-sourced SUS scores : a case study on the PoPLar authentication tool
Authors: Leguesse, Yonas; Vella, Mark Joseph; Colombo, Christian; Hernandez-Castro, Julio
Abstract: The concern of inattentive respondents in surveys is widely acknowledged and has been extensively researched, and crowd-sourcing platforms further complicate this issue with the additional problem of bot usage to automatically respond to surveys. This work explores this issue within the critical domain of usable security, highlighting limitations of the use of crowd-sourcing platforms for usability studies, particularly in the context of obtaining valid and reliable System Usability Scale (SUS) scores. While crowd-sourcing platforms may already offer built-in quality controls, for example ensuring a respondent’s positive historical performance with regards to the completion of previous surveys, our exploratory surveys showed that issues with bots and careless respondents persist. Building upon these insights, our main contribution involves the proposal of a quality metric, the SUS Consistency Score (CSc), measuring the consistency of a respondent’s SUS statements. We study the effectiveness of the proposed CSc for SUS by conducting a usability study of a recently proposed smartphone security mechanism, PoPLar. Initial findings from a preliminary crowd-sourced usability study of PoPLar had indicated promising results. However, a SUS assessment was not yet performed. The removal of responses based on different quality control thresholds, including CSc, causes significant changes in the obtained SUS score, to the extent of ranking PoPLar differently when compared to a wide range of security proposals for which a SUS score is available. A key implication of this result is that existing SUS scores for all these controls may require revisiting, potentially even revising them upward once the SUS CSc is used as the quality metric to ensure valid responses.</summary>
    <dc:date>2024-01-01T00:00:00Z</dc:date>
  </entry>
</feed>

