Cyber Security
The University of Trento has performed research and offered courses in Security and Cryptography for many years. This research program represents the fulfilment of this activity as a first class citizen. The research focus spans from classical IT security (mobile systems, web services, etc.), to organizational security (Air Traffic Management, critical infrastructures, etc.).
Our research develops in two main directions: technological research, where we develop security technologies such as intrusion detection systems for keyloggers, on-card checkers of applets on smart card, cryptographic boxes for ciphers; and empirical research, where we experiment how technologies actually work in practice, to find out which vulnerabilities are actually exploited in the wild, how malware markets looks like, and so on.
In the past years the group has received several high-profile substantial grants for projects in which it participated either as a coordinator or as a scientific coordinator (IP-MASTER, STREP-S3MS, IP-SECURECHANGE, NoE-NESSOS, CP-SECONOMICS, CSA-CAPITAL, CSA_SECCORD, EIT-M-SHIELD, etc.)
The group is currently involved in several EIT Projects in Mobile Security (VAMOSS, OF2CEN, etc.), a large Marie Curie Training Network (NECS), and two projects with EuroControl on Air Traffic Security. It also participates in the CINI National Cyber-Security Lab and has now been entrusted with the organization of training courses in cyber-security for the Italian government.
Publications
20 publications for 7 currently enrolled students
APR4Vul: an empirical study of automatic program repair techniques on real-world Java vulnerabilities
Bui, Q. C.; Paramitha, R.; Vu, D. L.; Massacci, F.; Scandariato, R.
in EMPIRICAL SOFTWARE ENGINEERING, v. 29, n. 18 (2024). - Publication URL . - DOI: 10.1007/s10664-023-10415-7
Lexical diversity in kinship across languages and dialects
Khalilia, Hadi; Bella, Gábor; Freihat, Abed Alhakim; Darma, Shandy; Giunchiglia, Fausto
in FRONTIERS IN PSYCHOLOGY, v. 14, (2023), p. 122969701-122969721. - Publication URL . - DOI: 10.3389/fpsyg.2023.1229697
[other topics: Data Intelligence
OAuth 2.0 Redirect URI Validation Falls Short, Literally
Innocenti, Tommaso; Golinelli, Matteo; Onarlioglu, Kaan; Mirheidari, Ali; Crispo, Bruno; Kirda, Engin
in Annual Computer Security Applications Conference (ACSAC), New York City USA: Association for Computing Machinery, 2023, p. 256-267. - ISBN: 979-8-4007-0886-2. Proceedings of: ACSAC '23, Austin, TX, USA, 4-8 December 2023. - Publication URL . - DOI: 10.1145/3627106.3627140
The Nonce-nce of Web Security: an Investigation of CSP Nonces Reuse
Golinelli, Matteo; Bonomi, Francesco; Crispo, Bruno
in Computer Security. ESORICS 2023 International Workshops, The Hague, The Netherlands: Springer Cham, 2023. Proceedings of: Workshop on Attacks and Software Protection @ ESORICS 2023, The Hague, The Netherlands, 25th Sep-29th Sep 2023
Technical leverage analysis in the Python ecosystem
Paramitha, R.; Massacci, F.
in EMPIRICAL SOFTWARE ENGINEERING, v. 28, (2023), p. 13901-13931. - Publication URL . - DOI: 10.1007/s10664-023-10355-2
Mind the CORS
Golinelli, Matteo; Arshad, Elham; Kashchuk, Dmytro; Crispo, Bruno
in 2023 IEEE 5th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, Atlanta, GA, USA: IEEE, 2023. Proceedings of: IEEE TPS, Atlanta, GA, USA, 1st Nov-3rd Nov 2023
Building Cross-language Corpora for Human Understanding of Privacy Policies
Ciclosi, Francesco; Vidor, Silvia; Massacci, Fabio
in Digital Sovereignty in Cyber Security: New Challenges in Future Vision, Cham: Springer, 2023, p. 113-131. - (COMMUNICATIONS IN COMPUTER AND INFORMATION SCIENCE). - ISBN: 978-3-031-36095-4. Proceedings of: First International Workshop, CyberSec4Europe 2022, Venezia, 17th April-21April 2022. - Publication URL . - DOI: 10.1007/978-3-031-36096-1_8
PISTIS: Trusted Computing Architecture for Low-end Embedded Systems
Grisafi, Michele; Ammar, Mahmoud; Roveri, Marco; Crispo, Bruno
in 31st USENIX Security Symposium (USENIX Security 22), Boston: USENIX Association, 2022, p. 3843-3860. - ISBN: 978-1-939133-31-1. Proceedings of: USENIX Security 22, Boston, 10-12 August 2022. - Publication URL
On the acceptance by code reviewers of candidate security patches suggested by Automated Program Repair tools
Papotti, Aurora; Paramitha, Ranindya; Massacci, Fabio
in ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) 2022 Registered Reports, Helsinki, Finland: ArXiv, 2022. Proceedings of: ESEM'22, Helsinki, Finland, 18-23 September 2023. - DOI: 10.48550/arxiv.2209.07211
Using Linguistic Typology to Enrich Multilingual Lexicons: the Case of Lexical Gaps in Kinship
Khishigsuren, Temuulen; Bella, Gabor; Batsuren, Khuyagbaatar; Freihat, Abed Alhakim Ali Kayed; Chandran Nair, Nandu; Ganbold, Amarsanaa; Khalilia, Hadi; Chandrashekar, Yamini; Giunchiglia, Fausto
in Proceedings of the Thirteenth Language Resources and Evaluation Conference, Marseille, France: European Language Resources Association, 2022. Proceedings of: LREC, Marseille, France, June 2022. - Publication URL
[other topics: Data Intelligence
Lightweight Parsing and Slicing for Bug Identification in C
Mecenero, Luca; Paramitha, Ranindya; Pashchenko, Ivan; Massacci, Fabio
in ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security (IWCSEC 2022), New York, NY, USA: Association for Computing Machinery, 2022, p. 1-10. - ISBN: 9781450396707. Proceedings of: ARES, Vienna, Austria, 23- 26 August 2022. - Publication URL . - DOI: 10.1145/3538969.3543828
On the feasibility of detecting injections in malicious npm packages
Scalco, Simone; Paramitha, Ranindya; Vu Duc, Ly; Massacci, Fabio
in ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security (IWCSEC 2022), New York, NY, USA: Association for Computing Machinery, 2022, p. 1151-1158. - ISBN: 9781450396707. Proceedings of: ARES, Vienna, Austria, 23 - 26 August 2022. - Publication URL . - DOI: 10.1145/3538969.3543815
The Data Protection Officer: A Ubiquitous Role That No One Really Knows
Ciclosi, Francesco; Massacci, Fabio
in IEEE SECURITY & PRIVACY, v. 2022, (2022), p. 2-13. - Publication URL . - DOI: 10.1109/MSEC.2022.3222115
MPI: Memory Protection for Intermittent Computing
Grisafi, M.; Ammar, M.; Yildirim, K. S.; Crispo, B.
in IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, v. 17, (2022), p. 3597-3610. - DOI: 10.1109/TIFS.2022.3210866
Generative adversarial networks for subdomain enumeration
Degani, L.; Bergadano, F.; Mirheidari, S. A.; Martinelli, F.; Crispo, B.
in Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing, New York, USA: Association for Computing Machinery, 2022, p. 1636-1645. - ISBN: 9781450387132. Proceedings of: The 37th ACM/SIGAPP Symposium On Applied Computing, Virtual, 25 - 29 April, 2022. - Publication URL . - DOI: 10.1145/3477314.3506967
Web Cache Deception Escalates!
Mirheidari, Seyed Ali; Golinelli, Matteo; Onarlioglu, Kaan; Kirda, Engin; Crispo, Bruno
in 31st USENIX Security Symposium (USENIX Security 22), Boston: USENIX Association, 2022, p. 179-195. - ISBN: 978-1-939133-31-1. Proceedings of: Usenix Security 22, Boston, 10th -12th Aug 2022. - Publication URL
Rischio digitale innovazione e resilienza. Conoscere, affrontare e mitigare il rischio digitale
Agresti, Elena; Antonelli, Leonardo; Ariu, Davide; Barboni, Stefano; Belluzzo, Giovanni; Bocci, Gianluca; Bosis, Angelo; Bucciarelli, Fabio; Butti, Giancarlo; Caccia, Andrea; Carnelli, Dario; Carnelli, Davide; Castello, Andrea; Ceccon, Marco; Ciclosi, Francesco; Colombo, Luciano; Corona, Igino; Cresci, Rita Eva; Crociani, Marco; Cusello, Giuseppe; Diomede, Nicla Ivana; Dursi, Elenio; Ferretti, Ambrogio; Ferretti, Enrico; Fumagalli, Giustino; Gaia, Cristina; Gatti, Chiara; Guastone, Carlo; Locatelli, Marco; Magri, Massimiliano; Manco, Lorena; Manconi, Davide; Mariotti, Andrea; Mauceli, Carlo; Mauro, Luigi; Menna, Savino; Meroni, Paola; Modena, Riccardo; Mudu, Enzo; Panza, Paolo; Parrinello, Ignazio; Pastore, Maurizio; Perugini, Maria Roberta; Ranza, Riccardo; Ravizza, Alice; Rui, Andrea; Sambucci, Luca; Saulli, Fabio; Sferlazza, Paolo; Sotira, Nicola; Spreafico, Giulio; Tordi, Roberto; Troiano, Guglielmo; Vaciago, Elena; Zammarchi, Luca; Zampetti, Luigi, , Milano: Clusit Associazione Italiana per la Sicurezza Informatica, 2022, 219 p. - ISBN: 9791221007008. - Publication URL . - DOI: 10.979.12210/07008
Discovery and Identification of Memory Corruption Vulnerabilities on Bare-metal Embedded Devices
Salehi, Majid; Degani, Luca; Roveri, Marco; Hughes, Daniel; Crispo, Bruno
in IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, v. 2022, (2022), p. 1-1. - Publication URL . - DOI: 10.1109/TDSC.2022.3149371
The Quality of Lexical Semantic Resources: A Survey
Khalilia, Hadi; Freihat, Abed Alhakim; Giunchiglia, Fausto
in Proceedings of The Fourth International Conference on Natural Language and Speech Processing (ICNLSP 2021), Stroudsburg, USA: ACL Anthology, 2021, p. 117-129. - ISBN: 978-1-955917-18-6. Proceedings of: ICNLSP 2021, Trento, 12th - 13th November 2021. - Publication URL
[other topics: Data Intelligence
The Dimensions of Lexical Semantic Resource Quality
Khalilia, Hadi; Freihat, Abed Alhakim; Giunchiglia, Fausto
in Proceedings of the Second International Workshop on NLP Solutions for Under Resourced Languages (NSURL 2021) co-located with ICNLSP 2021, USA: ACL Anthology, 2021, p. 15-21. - ISBN: 978-1-955917-19-3. Proceedings of: NSURL 2021, Trento, 12th - 13th November 2021. - Publication URL
[other topics: Data Intelligence
Students
 | Ciclosi, Francesco | francesco.ciclosi [at] unitn.it | webpage |
| Degani, Luca | luca.degani [at] unitn.it | webpage |
| Feng, Yuan | yuan.feng [at] unitn.it | webpage |
| Golinelli, Matteo | matteo.golinelli [at] unitn.it | webpage |
| Grisafi, Michele | michele.grisafi [at] unitn.it | webpage |
| Khalilia, Hadi Mahmoud Yousef | hadi.khalilia [at] unitn.it | webpage |
| Paramitha, Ranindya | ranindya.paramitha [at] unitn.it | webpage |