This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
publications [2020/11/20 06:00] seyedali.mirheidari@unitn.it [2018] |
publications [2021/03/09 13:43] fabio.massacci@unitn.it [2017] |
||
---|---|---|---|
Line 6: | Line 6: | ||
* Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci. **Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies**. To Appear in //IEEE Transactions on Software Engineering Journal//, 2020 - {{:research_activities:vulnerability-analysis:pashchenko-vuln4real.pdf|Author-accepted manuscript}} | * Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci. **Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies**. To Appear in //IEEE Transactions on Software Engineering Journal//, 2020 - {{:research_activities:vulnerability-analysis:pashchenko-vuln4real.pdf|Author-accepted manuscript}} | ||
* Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Poster: Towards Using Source Code Repositories to Identify Software Supply Chain Attacks**. To Appear in Proceedings of //the ACM Conference on Computer and Communications Security (CCS)//, 2020 - {{:research_activities:experiments:ccs2020poster.pdf|Author's preprint}}, {{:research_activities:experiments:poster_ccs-20.pdf|poster}} | * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Poster: Towards Using Source Code Repositories to Identify Software Supply Chain Attacks**. To Appear in Proceedings of //the ACM Conference on Computer and Communications Security (CCS)//, 2020 - {{:research_activities:experiments:ccs2020poster.pdf|Author's preprint}}, {{:research_activities:experiments:poster_ccs-20.pdf|poster}} | ||
- | * Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, and William Robertson. ** Cached and Confused: Web Cache Deception in the Wild**, The 29th USENIX Security Symposium (USENIX Security 20), 2020. [[https://www.usenix.org/system/files/sec20-mirheidari.pdf|PDF]] [[https://www.usenix.org/conference/usenixsecurity20/presentation/mirheidari|Media]]\\ [[https://portswigger.net/research/top-10-web-hacking-techniques-of-2019|Voted and let to an award as Top Web Hacking Technique of 2019.]]\\ [[https://www.cybersecurity-insiders.com/investigating-the-top-10-application-vulnerabilities/|Selected among Top 10 Application Vulnerabilities of 2019 by WhiteHat Security.]]\\ [[https://www.csaw.io/research|CSAW 2020 Finalist: Nominated for the Best Applied Research Finalist in the 17th annual CSAW conference (CSAW’20).]]\\ [[https://pwnies.com/nominations/active/most-innovative-research/web-cache-deception-in-the-wild/|Pwnie Award Nominee: Nominated for the Most Innovative Research of 2020.]] | + | * Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, and William Robertson. ** Cached and Confused: Web Cache Deception in the Wild**, The 29th USENIX Security Symposium (USENIX Security 20), 2020. [[https://www.usenix.org/system/files/sec20-mirheidari.pdf|PDF]] [[https://www.usenix.org/conference/usenixsecurity20/presentation/mirheidari|Media]]\\ [[https://portswigger.net/research/top-10-web-hacking-techniques-of-2019|Voted and let to an award as Top Web Hacking Technique of 2019.]]\\ [[https://www.cybersecurity-insiders.com/investigating-the-top-10-application-vulnerabilities/|Selected among Top 10 Application Vulnerabilities of 2019 by WhiteHat Security.]]\\ [[https://www.csaw.io/research|CSAW 2020 Finalist: Nominated for the Best Applied Research in the 17th annual CSAW conference (CSAW’20).]]\\ [[https://pwnies.com/nominations/active/most-innovative-research/web-cache-deception-in-the-wild/|Pwnie Award Nominee: Nominated for the Most Innovative Research of 2020.]] |
* Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic. **An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags**, To Appear in Proceedings of //the 2nd Workshop on Cyber Range Technologies and Applications (CACOE 2020)//, 2020 - {{:research_activities:cacoe6.pdf|Author's preprint}} | * Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic. **An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags**, To Appear in Proceedings of //the 2nd Workshop on Cyber Range Technologies and Applications (CACOE 2020)//, 2020 - {{:research_activities:cacoe6.pdf|Author's preprint}} | ||
* Giorgio Di Tizio, Chan Nam Ngo. **Are You a Favorite Target For Cryptojacking? A Case-Control Study On The Cryptojacking Ecosystem**, To Appear in Proceedings of //the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020)//, 2020 - {{:research_activities:wacco17.pdf|Author's preprint}} | * Giorgio Di Tizio, Chan Nam Ngo. **Are You a Favorite Target For Cryptojacking? A Case-Control Study On The Cryptojacking Ecosystem**, To Appear in Proceedings of //the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020)//, 2020 - {{:research_activities:wacco17.pdf|Author's preprint}} | ||
Line 41: | Line 41: | ||
* I. Pashchenko. **FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools**. In // Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’17),// 2017. {{https://drive.google.com/file/d/0B_rJCkKmzPjSWllQcEJpQWNOOVU/view?usp=sharing|Author's PDF}} or {{https://doi.org/10.1145/3106237.3121276|Publisher's Version}} | * I. Pashchenko. **FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools**. In // Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’17),// 2017. {{https://drive.google.com/file/d/0B_rJCkKmzPjSWllQcEJpQWNOOVU/view?usp=sharing|Author's PDF}} or {{https://doi.org/10.1145/3106237.3121276|Publisher's Version}} | ||
* F. Massacci, C.N. Ngo, J. Nie, D. Venturi, J. Williams. **The seconomics (security-economics) vulnerabilities of Decentralized Autonomous Organizations**. To appear in //Security Protocols Workshop (SPW)// 2017. {{:spw17.pdf|Author's draft}} | * F. Massacci, C.N. Ngo, J. Nie, D. Venturi, J. Williams. **The seconomics (security-economics) vulnerabilities of Decentralized Autonomous Organizations**. To appear in //Security Protocols Workshop (SPW)// 2017. {{:spw17.pdf|Author's draft}} | ||
- | * L. Allodi, F. Massacci. **Security Events and Vulnerability Data for Cyber Security Risk Estimation.** To appear in //Risk Analysis// (Special Issue on Risk Analysis and Big Data), 2017.{{http://onlinelibrary.wiley.com/resolve/doi?DOI=10.1111/risa.12864|PDF at Publisher}}, {{http://www.win.tue.nl/~lallodi/allodi-risa-17.pdf|Authors' draft}} | + | * L. Allodi, F. Massacci. **Security Events and Vulnerability Data for Cyber Security Risk Estimation.** To appear in //Risk Analysis// (Special Issue on Risk Analysis and Big Data), 2017.{{https://doi.org/10.1111/risa.12864|PDF at Publisher}}, {{:research_activities:economics:allodi-risa-17.pdf|Author's Preprint}} |
* L. Allodi, F. Massacci, J. Williams. **The Work Averse Attacker Model.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http://weis2017.econinfosec.org/wp-content/uploads/sites/3/2017/05/WEIS_2017_paper_13.pdf|PDF}} | * L. Allodi, F. Massacci, J. Williams. **The Work Averse Attacker Model.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http://weis2017.econinfosec.org/wp-content/uploads/sites/3/2017/05/WEIS_2017_paper_13.pdf|PDF}} | ||
* F. Massacci, J. Williams. **Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Adversaries.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http://weis2017.econinfosec.org/wp-content/uploads/sites/3/2017/05/WEIS_2017_paper_14.pdf|PDF}} | * F. Massacci, J. Williams. **Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Adversaries.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http://weis2017.econinfosec.org/wp-content/uploads/sites/3/2017/05/WEIS_2017_paper_14.pdf|PDF}} |