Cyber Security | Doctoral Program - Information Engineering and Computer Science

Cyber Security

The University of Trento has performed research and offered courses in Security and Cryptography for many years. This research program represents the fulfilment of this activity as a first class citizen. The research focus spans from classical IT security (mobile systems, web services, etc.), to organizational security (Air Traffic Management, critical infrastructures, etc.).
Our research develops in two main directions: technological research, where we develop security technologies such as intrusion detection systems for keyloggers, on-card checkers of applets on smart card, cryptographic boxes for ciphers; and empirical research, where we experiment how technologies actually work in practice, to find out which vulnerabilities are actually exploited in the wild, how malware markets looks like, and so on. 

In the past years the group has received several high-profile substantial grants for projects in which it participated either as a coordinator or as a scientific coordinator (IP-MASTER, STREP-S3MS, IP-SECURECHANGE, NoE-NESSOS, CP-SECONOMICS, CSA-CAPITAL, CSA_SECCORD, EIT-M-SHIELD, etc.)

The group is currently involved in several EIT Projects in Mobile Security (VAMOSS, OF2CEN, etc.), a large Marie Curie Training Network (NECS), and two projects with EuroControl on Air Traffic Security. It also participates in the CINI National Cyber-Security Lab and has now been entrusted with the organization of training courses in cyber-security for the Italian government.

 

Publications

4 publications for 7 currently enrolled students

Mind the CORS
Golinelli, Matteo; Arshad, Elham; Kashchuk, Dmytro; Crispo, Bruno in 2023 IEEE 5th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, Atlanta, GA, USA: IEEE, 2023. Proceedings of: IEEE TPS, Atlanta, GA, USA, 1st Nov-3rd Nov 2023

The Nonce-nce of Web Security: an Investigation of CSP Nonces Reuse
Golinelli, Matteo; Bonomi, Francesco; Crispo, Bruno in Computer Security. ESORICS 2023 International Workshops, The Hague, The Netherlands: Springer Cham, 2023. Proceedings of: Workshop on Attacks and Software Protection @ ESORICS 2023, The Hague, The Netherlands, 25th Sep-29th Sep 2023

OAuth 2.0 Redirect URI Validation Falls Short, Literally
Innocenti, Tommaso; Golinelli, Matteo; Onarlioglu, Kaan; Mirheidari, Ali; Crispo, Bruno; Kirda, Engin in Annual Computer Security Applications Conference (ACSAC), New York City USA: Association for Computing Machinery, 2023, p. 256-267. - ISBN: 979-8-4007-0886-2. Proceedings of: ACSAC '23, Austin, TX, USA, 4-8 December 2023. - Publication URL . - DOI: 10.1145/3627106.3627140

Web Cache Deception Escalates!
Mirheidari, Seyed Ali; Golinelli, Matteo; Onarlioglu, Kaan; Kirda, Engin; Crispo, Bruno in 31st USENIX Security Symposium (USENIX Security 22), Boston: USENIX Association, 2022, p. 179-195. - ISBN: 978-1-939133-31-1. Proceedings of: Usenix Security 22, Boston, 10th -12th Aug 2022. - Publication URL

 

Students

Becker Brum, Henriquehenrique.beckerbrum [at] unitn.itwebpage
Camporese, Mariamaria.camporese [at] unitn.itwebpage
Feng, Yuanyuan.feng [at] unitn.itwebpage
Golinelli, Matteomatteo.golinelli [at] unitn.itwebpage
Lekeufack Foulefack, Rosmael Zidanerz.lekeufack [at] unitn.itwebpage
Ntako Koungni, Michael Kevinmichael.ntako [at] unitn.itwebpage
Ramponi, Carlocarlo.ramponi [at] unitn.itwebpage