Cyber Security
The University of Trento has performed research and offered courses in Security and Cryptography for many years. This research program represents the fulfilment of this activity as a first class citizen. The research focus spans from classical IT security (mobile systems, web services, etc.), to organizational security (Air Traffic Management, critical infrastructures, etc.).
Our research develops in two main directions: technological research, where we develop security technologies such as intrusion detection systems for keyloggers, on-card checkers of applets on smart card, cryptographic boxes for ciphers; and empirical research, where we experiment how technologies actually work in practice, to find out which vulnerabilities are actually exploited in the wild, how malware markets looks like, and so on.
In the past years the group has received several high-profile substantial grants for projects in which it participated either as a coordinator or as a scientific coordinator (IP-MASTER, STREP-S3MS, IP-SECURECHANGE, NoE-NESSOS, CP-SECONOMICS, CSA-CAPITAL, CSA_SECCORD, EIT-M-SHIELD, etc.)
The group is currently involved in several EIT Projects in Mobile Security (VAMOSS, OF2CEN, etc.), a large Marie Curie Training Network (NECS), and two projects with EuroControl on Air Traffic Security. It also participates in the CINI National Cyber-Security Lab and has now been entrusted with the organization of training courses in cyber-security for the Italian government.
Publications
11 publications for 7 currently enrolled students
Enhancing Vulnerability Detection with Domain Knowledge: A Comparison of Different Mechanisms
Marchetto, Alessandro; Lekeufack Foulefack, Rosmael Zidane
in Testing Software and Systems. ICTSS 2024. Lecture Notes in Computer Science, Cham (SW): Springer Cham, 2025, p. 95-113. - (LECTURE NOTES IN COMPUTER SCIENCE). - ISBN: 9783031808883. Proceedings of: 36th IFIP WG 6.1 International Conference on Testing Software and Systems (ICTSS 2024), London, October 30 - November 1, 2024. - Publication URL . - DOI: 10.1007/978-3-031-80889-0_7
Enhanced Graph Neural Networks for Vulnerability Detection in Java via Advanced Subgraph Construction
Lekeufack Foulefack, Rosmael Zidane; Marchetto, Alessandro
in Testing Software and Systems, Cham (SW): Springer Cham, 2025, p. 131-148. - (LECTURE NOTES IN COMPUTER SCIENCE). - ISBN: 9783031808883. Proceedings of: 36th IFIP WG 6.1 International Conference on Testing Software and Systems (ICTSS 2024), London, UK, October 30 - November 1, 2024. - Publication URL . - DOI: 10.1007/978-3-031-80889-0_9
On the Use of Imbalanced Datasets for Learning-Based Vulnerability Detection
Foulefack, Rosmael; Marchetto, Alessandro
in Testing Software and Systems, Cham (SW): Springer Cham, 2025, p. 307-324. - (LECTURE NOTES IN COMPUTER SCIENCE). - ISBN: 978-3-032-05187-5. Proceedings of: 37th IFIP WG 6.1 International Conference on Testing Software and Systems (ICTSS 2025), Cyprus, September 17–19, 2025. - Publication URL . - DOI: 10.1007/978-3-032-05188-2_20
Incorporating Domain Knowledge into GNNs for Advanced Vulnerability Detection in Java
Foulefack, Rosmael; Marchetto, Alessandro
in 2025 IEEE/ACM International Conference on Automation of Software Test (AST 2025), NY: IEEE, 2025, p. 160-169. - ISBN: 979-8-3315-0179-2. Proceedings of: 2025 IEEE/ACM International Conference on Automation of Software Test (AST 2025), Canada, 26 April - 4 May 2025. - Publication URL . - DOI: 10.1109/AST66626.2025.00022
The Nonce-nce of Web Security: An Investigation of CSP Nonces Reuse
Golinelli, Matteo; Bonomi, Francesco; Crispo, Bruno
in Computer Security. ESORICS 2023 International Workshops, Cham, Svizzera: Springer Science and Business Media Deutschland GmbH, 2024, p. 459-475. - (LECTURE NOTES IN COMPUTER SCIENCE). - ISBN: 978-3-031-54128-5. Proceedings of: International Workshops which were held in conjunction with 28th European Symposium on Research in Computer Security, ESORICS 2023, The Hague, The Netherlands, 25th Sep-29th Sep 2023. - Publication URL . - DOI: 10.1007/978-3-031-54129-2_27
Towards the use of domain knowledge to enhance transformer-based vulnerability detection
Marchetto, Alessandro; Foulefack, Rosmael
in Quality of Information and Communications Technology, Cham (SW): Springer Cham, 2024, p. 373-390. - (COMMUNICATIONS IN COMPUTER AND INFORMATION SCIENCE). - ISBN: 978-3-031-70244-0. Proceedings of: 17th International Conference on Quality of Information and Communications Technology, QUATIC 2024, Pisa, September 11–13, 2024. - Publication URL . - DOI: 10.1007/978-3-031-70245-7_26
A Rapid Review on Graph-Based Learning Vulnerability Detection
Foulefack, Rosmael; Marchetto, Alessandro
in Quality of Information and Communications Technology, Cham (SW): Springer Cham, 2024, p. 355-372. - (COMMUNICATIONS IN COMPUTER AND INFORMATION SCIENCE). - ISBN: 978-3-031-70244-0. Proceedings of: 17th International Conference on Quality of Information and Communications Technology, QUATIC 2024, Pisa, September 11-13, 2024. - Publication URL . - DOI: 10.1007/978-3-031-70245-7_25
Hidden Web Caches Discovery
Golinelli, Matteo; Crispo, Bruno
in RAID '24: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses, New York, NY, United States: Association for Computing Machinery, 2024, p. 65-76. - ISBN: 9798400709593. Proceedings of: 27th International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2024, Padova, 30th Sep-2nd Oct 2024. - Publication URL . - DOI: 10.1145/3678890.3678931
Mind the CORS
Golinelli, Matteo; Arshad, Elham; Kashchuk, Dmytro; Crispo, Bruno
in 2023 IEEE 5th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, Piscataway, NJ USA: Institute of Electrical and Electronics Engineers Inc., 2023, p. 213-221. - ISBN: 979-8-3503-2385-6. Proceedings of: 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications, TPS-ISA 2023, Atlanta, GA, USA, 1st-3rd Nov 2023. - Publication URL . - DOI: 10.1109/TPS-ISA58951.2023.00035
OAuth 2.0 Redirect URI Validation Falls Short, Literally
Innocenti, Tommaso; Golinelli, Matteo; Onarlioglu, Kaan; Mirheidari, Ali; Crispo, Bruno; Kirda, Engin
in Annual Computer Security Applications Conference (ACSAC), New York City USA: Association for Computing Machinery, 2023, p. 256-267. - ISBN: 979-8-4007-0886-2. Proceedings of: 39th Annual Computer Security Applications Conference, ACSAC 2023, Austin, TX, USA, 4-8 December 2023. - Publication URL . - DOI: 10.1145/3627106.3627140
Web Cache Deception Escalates!
Mirheidari, Seyed Ali; Golinelli, Matteo; Onarlioglu, Kaan; Kirda, Engin; Crispo, Bruno
in 31st USENIX Security Symposium (USENIX Security 22), Boston: USENIX Association, 2022, p. 179-195. - ISBN: 978-1-939133-31-1. Proceedings of: 31st USENIX Security Symposium, Security 2022, Boston, 10th -12th Aug 2022. - Publication URL
Students
 | Becker Brum, Henrique | henrique.beckerbrum [at] unitn.it | webpage |
| Camporese, Maria | maria.camporese [at] unitn.it | webpage |
| Feng, Yuan | yuan.feng [at] unitn.it | webpage |
| Golinelli, Matteo | matteo.golinelli [at] unitn.it | webpage |
| Lekeufack Foulefack, Rosmael Zidane | rz.lekeufack [at] unitn.it | webpage |
| Ntako Koungni, Michael Kevin | michael.ntako [at] unitn.it | webpage |
 | Ramponi, Carlo | carlo.ramponi [at] unitn.it | webpage |