Cyber Security | Doctoral Program - Information Engineering and Computer Science

Cyber Security

The University of Trento has performed research and offered courses in Security and Cryptography for many years. This research program represents the fulfilment of this activity as a first class citizen. The research focus spans from classical IT security (mobile systems, web services, etc.), to organizational security (Air Traffic Management, critical infrastructures, etc.).
Our research develops in two main directions: technological research, where we develop security technologies such as intrusion detection systems for keyloggers, on-card checkers of applets on smart card, cryptographic boxes for ciphers; and empirical research, where we experiment how technologies actually work in practice, to find out which vulnerabilities are actually exploited in the wild, how malware markets looks like, and so on. 

In the past years the group has received several high-profile substantial grants for projects in which it participated either as a coordinator or as a scientific coordinator (IP-MASTER, STREP-S3MS, IP-SECURECHANGE, NoE-NESSOS, CP-SECONOMICS, CSA-CAPITAL, CSA_SECCORD, EIT-M-SHIELD, etc.)

The group is currently involved in several EIT Projects in Mobile Security (VAMOSS, OF2CEN, etc.), a large Marie Curie Training Network (NECS), and two projects with EuroControl on Air Traffic Security. It also participates in the CINI National Cyber-Security Lab and has now been entrusted with the organization of training courses in cyber-security for the Italian government.

 

Publications

18 publications for 11 currently enrolled students

APR4Vul: an empirical study of automatic program repair techniques on real-world Java vulnerabilities
Bui, Q. C.; Paramitha, R.; Vu, D. L.; Massacci, F.; Scandariato, R. in EMPIRICAL SOFTWARE ENGINEERING, v. 29, n. 18 (2024). - Publication URL . - DOI: 10.1007/s10664-023-10415-7

Lexical diversity in kinship across languages and dialects
Khalilia, Hadi; Bella, Gábor; Freihat, Abed Alhakim; Darma, Shandy; Giunchiglia, Fausto in FRONTIERS IN PSYCHOLOGY, v. 14, (2023), p. 122969701-122969721. - Publication URL . - DOI: 10.3389/fpsyg.2023.1229697
[other topics: Data Intelligence

OAuth 2.0 Redirect URI Validation Falls Short, Literally
Innocenti, Tommaso; Golinelli, Matteo; Onarlioglu, Kaan; Mirheidari, Ali; Crispo, Bruno; Kirda, Engin in Annual Computer Security Applications Conference (ACSAC), New York City USA: Association for Computing Machinery, 2023, p. 256-267. - ISBN: 979-8-4007-0886-2. Proceedings of: ACSAC '23, Austin, TX, USA, 4-8 December 2023. - Publication URL . - DOI: 10.1145/3627106.3627140

The Nonce-nce of Web Security: an Investigation of CSP Nonces Reuse
Golinelli, Matteo; Bonomi, Francesco; Crispo, Bruno in Computer Security. ESORICS 2023 International Workshops, The Hague, The Netherlands: Springer Cham, 2023. Proceedings of: Workshop on Attacks and Software Protection @ ESORICS 2023, The Hague, The Netherlands, 25th Sep-29th Sep 2023

Technical leverage analysis in the Python ecosystem
Paramitha, R.; Massacci, F. in EMPIRICAL SOFTWARE ENGINEERING, v. 28, (2023), p. 13901-13931. - Publication URL . - DOI: 10.1007/s10664-023-10355-2

Mind the CORS
Golinelli, Matteo; Arshad, Elham; Kashchuk, Dmytro; Crispo, Bruno in 2023 IEEE 5th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, Atlanta, GA, USA: IEEE, 2023. Proceedings of: IEEE TPS, Atlanta, GA, USA, 1st Nov-3rd Nov 2023

Building Cross-language Corpora for Human Understanding of Privacy Policies
Ciclosi, Francesco; Vidor, Silvia; Massacci, Fabio in Digital Sovereignty in Cyber Security: New Challenges in Future Vision, Cham: Springer, 2023, p. 113-131. - (COMMUNICATIONS IN COMPUTER AND INFORMATION SCIENCE). - ISBN: 978-3-031-36095-4. Proceedings of: First International Workshop, CyberSec4Europe 2022, Venezia, 17th April-21April 2022. - Publication URL . - DOI: 10.1007/978-3-031-36096-1_8

Rischio digitale innovazione e resilienza. Conoscere, affrontare e mitigare il rischio digitale
Agresti, Elena; Antonelli, Leonardo; Ariu, Davide; Barboni, Stefano; Belluzzo, Giovanni; Bocci, Gianluca; Bosis, Angelo; Bucciarelli, Fabio; Butti, Giancarlo; Caccia, Andrea; Carnelli, Dario; Carnelli, Davide; Castello, Andrea; Ceccon, Marco; Ciclosi, Francesco; Colombo, Luciano; Corona, Igino; Cresci, Rita Eva; Crociani, Marco; Cusello, Giuseppe; Diomede, Nicla Ivana; Dursi, Elenio; Ferretti, Ambrogio; Ferretti, Enrico; Fumagalli, Giustino; Gaia, Cristina; Gatti, Chiara; Guastone, Carlo; Locatelli, Marco; Magri, Massimiliano; Manco, Lorena; Manconi, Davide; Mariotti, Andrea; Mauceli, Carlo; Mauro, Luigi; Menna, Savino; Meroni, Paola; Modena, Riccardo; Mudu, Enzo; Panza, Paolo; Parrinello, Ignazio; Pastore, Maurizio; Perugini, Maria Roberta; Ranza, Riccardo; Ravizza, Alice; Rui, Andrea; Sambucci, Luca; Saulli, Fabio; Sferlazza, Paolo; Sotira, Nicola; Spreafico, Giulio; Tordi, Roberto; Troiano, Guglielmo; Vaciago, Elena; Zammarchi, Luca; Zampetti, Luigi, , Milano: Clusit Associazione Italiana per la Sicurezza Informatica, 2022, 219 p. - ISBN: 9791221007008. - Publication URL . - DOI: 10.979.12210/07008

On the acceptance by code reviewers of candidate security patches suggested by Automated Program Repair tools
Papotti, Aurora; Paramitha, Ranindya; Massacci, Fabio in ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM) 2022 Registered Reports, Helsinki, Finland: ArXiv, 2022. Proceedings of: ESEM'22, Helsinki, Finland, 18-23 September 2023. - DOI: 10.48550/arxiv.2209.07211

Using Linguistic Typology to Enrich Multilingual Lexicons: the Case of Lexical Gaps in Kinship
Khishigsuren, Temuulen; Bella, Gabor; Batsuren, Khuyagbaatar; Freihat, Abed Alhakim Ali Kayed; Chandran Nair, Nandu; Ganbold, Amarsanaa; Khalilia, Hadi; Chandrashekar, Yamini; Giunchiglia, Fausto in Proceedings of the Thirteenth Language Resources and Evaluation Conference, Marseille, France: European Language Resources Association, 2022. Proceedings of: LREC, Marseille, France, June 2022. - Publication URL
[other topics: Data Intelligence

Lightweight Parsing and Slicing for Bug Identification in C
Mecenero, Luca; Paramitha, Ranindya; Pashchenko, Ivan; Massacci, Fabio in ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security (IWCSEC 2022), New York, NY, USA: Association for Computing Machinery, 2022, p. 1-10. - ISBN: 9781450396707. Proceedings of: ARES, Vienna, Austria, 23- 26 August 2022. - Publication URL . - DOI: 10.1145/3538969.3543828

On the feasibility of detecting injections in malicious npm packages
Scalco, Simone; Paramitha, Ranindya; Vu Duc, Ly; Massacci, Fabio in ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security (IWCSEC 2022), New York, NY, USA: Association for Computing Machinery, 2022, p. 1151-1158. - ISBN: 9781450396707. Proceedings of: ARES, Vienna, Austria, 23 - 26 August 2022. - Publication URL . - DOI: 10.1145/3538969.3543815

The Data Protection Officer: A Ubiquitous Role That No One Really Knows
Ciclosi, Francesco; Massacci, Fabio in IEEE SECURITY & PRIVACY, v. 2022, (2022), p. 2-13. - Publication URL . - DOI: 10.1109/MSEC.2022.3222115

MPI: Memory Protection for Intermittent Computing
Grisafi, M.; Ammar, M.; Yildirim, K. S.; Crispo, B. in IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, v. 17, (2022), p. 3597-3610. - DOI: 10.1109/TIFS.2022.3210866

Web Cache Deception Escalates!
Mirheidari, Seyed Ali; Golinelli, Matteo; Onarlioglu, Kaan; Kirda, Engin; Crispo, Bruno in 31st USENIX Security Symposium (USENIX Security 22), Boston: USENIX Association, 2022, p. 179-195. - ISBN: 978-1-939133-31-1. Proceedings of: Usenix Security 22, Boston, 10th -12th Aug 2022. - Publication URL

PISTIS: Trusted Computing Architecture for Low-end Embedded Systems
Grisafi, Michele; Ammar, Mahmoud; Roveri, Marco; Crispo, Bruno in 31st USENIX Security Symposium (USENIX Security 22), Boston: USENIX Association, 2022, p. 3843-3860. - ISBN: 978-1-939133-31-1. Proceedings of: USENIX Security 22, Boston, 10-12 August 2022. - Publication URL

The Dimensions of Lexical Semantic Resource Quality
Khalilia, Hadi; Freihat, Abed Alhakim; Giunchiglia, Fausto in Proceedings of the Second International Workshop on NLP Solutions for Under Resourced Languages (NSURL 2021) co-located with ICNLSP 2021, USA: ACL Anthology, 2021, p. 15-21. - ISBN: 978-1-955917-19-3. Proceedings of: NSURL 2021, Trento, 12th - 13th November 2021. - Publication URL
[other topics: Data Intelligence

The Quality of Lexical Semantic Resources: A Survey
Khalilia, Hadi; Freihat, Abed Alhakim; Giunchiglia, Fausto in Proceedings of The Fourth International Conference on Natural Language and Speech Processing (ICNLSP 2021), Stroudsburg, USA: ACL Anthology, 2021, p. 117-129. - ISBN: 978-1-955917-18-6. Proceedings of: ICNLSP 2021, Trento, 12th - 13th November 2021. - Publication URL
[other topics: Data Intelligence

 

Students

Becker Brum, Henriquehenrique.beckerbrum [at] unitn.itwebpage
Camporese, Mariamaria.camporese [at] unitn.itwebpage
Ciclosi, Francescofrancesco.ciclosi [at] unitn.itwebpage
Feng, Yuanyuan.feng [at] unitn.itwebpage
Golinelli, Matteomatteo.golinelli [at] unitn.itwebpage
Grisafi, Michelemichele.grisafi [at] unitn.itwebpage
Khalilia, Hadi Mahmoud Yousefhadi.khalilia [at] unitn.itwebpage
Lekeufack Foulefack, Rosmael Zidanerz.lekeufack [at] unitn.itwebpage
Ntako Koungni, Michael Kevinmichael.ntako [at] unitn.itwebpage
Paramitha, Ranindyaranindya.paramitha [at] unitn.itwebpage
Ramponi, Carlocarlo.ramponi [at] unitn.itwebpage