publications
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
publications [2019/06/09 22:52] – [2019] fabio.massacci@unitn.it | publications [2022/09/14 17:41] (current) – Add "Web Cache Deception Escalates!" matteo.golinelli@unitn.it | ||
---|---|---|---|
Line 2: | Line 2: | ||
This page presents the publication of the [[start|Security Group]] in chronological order. You can find them also in the individual [[research_activities|research topics]] or in the pages of the individual [[security_group|members]]. | This page presents the publication of the [[start|Security Group]] in chronological order. You can find them also in the individual [[research_activities|research topics]] or in the pages of the individual [[security_group|members]]. | ||
+ | |||
+ | ===== 2022 ===== | ||
+ | * Seyed Ali Mirheidari, Matteo Golinelli, Kaan Onarlioglu, Engin Kirda, Bruno Crispo. ** Web Cache Deception Escalates!**, | ||
+ | * Giorgio Di Tizio, Michele Armellini, Fabio Massacci, **Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats**. IEEE Transactions on Software Engineering (TSE), 2022 - [[https:// | ||
+ | ===== 2021 ===== | ||
+ | * Giorgio Di Tizio, Fabio Massacci, **A Calculus of Tracking: Theory and Practice**. In Proceedings of the 21st Privacy Enhancing Technologies Symposium (PETS 2021), 2021 - {{:: research_activities: | ||
+ | * Duc-Ly Vu, Fabio Massacci, Ivan Pashchenko, Henrik Plate, and Antonino Sabetta. **LastPyMile: | ||
+ | * Duc-Ly Vu, Ivan Pashchenko, and Fabio Massacci. **Please hold on: more time = more patches? Automated program repair as anytime algorithms**. In Proceedings of //ACM/IEEE International Conference on Software Engineering - Automated Program Repair (APR) workshop//, 2021 - {{ : | ||
+ | * Fabio Massacci and Ivan Pashchenko. **Technical Leverage: dependencies mixed blessing**. To Appear in //IEEE Security and Privacy Magazine - Dept. Building Security In//, 2021 - [[ https:// | ||
+ | * Fabio Massacci and Ivan Pashchenko. **Technical Leverage in a Software Ecosystem: Development Opportunities and Security Risks**. To Appear in //ACM/IEEE International Conference on Software Engineering//, | ||
+ | * Ivan Pashchenko, Riccardo Scandariato, | ||
+ | |||
+ | ===== 2020 ===== | ||
+ | * Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci. **Vuln4Real: | ||
+ | * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Towards Using Source Code Repositories to Identify Software Supply Chain Attacks**. In Proceedings of //the ACM Conference on Computer and Communications Security (CCS)//, 2020 - {{: | ||
+ | * Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, and William Robertson. ** Cached and Confused: Web Cache Deception in the Wild**, The 29th USENIX Security Symposium (USENIX Security 20), 2020. [[https:// | ||
+ | * Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic. **An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags**, To Appear in Proceedings of //the 2nd Workshop on Cyber Range Technologies and Applications (CACOE 2020)//, 2020 - {{: | ||
+ | * Giorgio Di Tizio, Chan Nam Ngo. **Are You a Favorite Target For Cryptojacking? | ||
+ | * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **A Qualitative Study of Dependency Management and Its Security Implications**, | ||
+ | * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Typosquatting and Combosquatting Attacks on the Python Ecosystem**. In Proceedings of //the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020)//, 2020 - {{: | ||
+ | * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **Preliminary Findings on FOSS Dependencies and Security A Qualitative Study on Developers’ Attitudes and Experience (Poster)**. In Proceedings of //the 42nd International Conference on Software Engineering (ICSE)//, 2020 - {{: | ||
+ | * Fabio Massacci, Chan Nam Ngo. **Distributed Financial Exchanges: Security Challenges and Design Principles** IEEE Security & Privacy (Early Access) [[https:// | ||
+ | * Luca Allodi, Marco Cremonini, Fabio Massacci, Woohyun Shim. **Measuring the accuracy of software vulnerability assessments: | ||
+ | * Gabriel Kuper, Fabio Massacci, Woohyun Shim, Julian Williams. **Who Should Pay for Interdependent Risk? Policy Implications for Security Interdependence Among Airports**, Risk Analysis [[https:// | ||
+ | | ||
+ | |||
+ | |||
===== 2019 ===== | ===== 2019 ===== | ||
* Fabio Massacci. **Is ‘deny access’ a valid ‘fail-safe default’ principle for building security in cyber-physical systems?** IEEE Security and Privacy (2019).{{: | * Fabio Massacci. **Is ‘deny access’ a valid ‘fail-safe default’ principle for building security in cyber-physical systems?** IEEE Security and Privacy (2019).{{: | ||
- | * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **DriverAuth: | + | * Ettore Battaiola, Fabio Massacci, Chan Nam Ngo, Pierantonia Sterlini. **Blockchain-based Invoice Factoring: from business requirements to commitments.** DLT@ITASEC 2019: 17-31 [[http:// |
- | * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **DriverAuth: | + | * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **DriverAuth: |
+ | * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **DriverAuth: | ||
+ | * de Haan, Johannes; Massacci, Fabio; Sterlini, Pierantonia; | ||
===== 2018 ===== | ===== 2018 ===== | ||
+ | * Sajjad Arshad, Seyed Ali Mirheidari, Tobias Lauinger, Bruno Crispo, Engin Kirda, and William Robertson. **Large-Scale Analysis of Style Injection by Relative Path Overwrite.** the 2018 World Wide Web Conference (WWW' | ||
* Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **Demystifying authentication concepts in smartphones: | * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **Demystifying authentication concepts in smartphones: | ||
* Buriro, Attaullah, Bruno Crispo, Sandeep Gupta, and Filippo Del Frari. **Dialerauth: | * Buriro, Attaullah, Bruno Crispo, Sandeep Gupta, and Filippo Del Frari. **Dialerauth: | ||
* Buriro, Attaullah, Bruno Crispo, Mojtaba Eskandri, Sandeep Gupta, Athar Mahboob, and Rutger Van Acker. **Snap Auth: A Gesture-Based Unobtrusive Smartwatch User Authentication Scheme.** International Workshop on Emerging Technologies for Authorization and Authentication. Springer, Cham, 2018.{{https:// | * Buriro, Attaullah, Bruno Crispo, Mojtaba Eskandri, Sandeep Gupta, Athar Mahboob, and Rutger Van Acker. **Snap Auth: A Gesture-Based Unobtrusive Smartwatch User Authentication Scheme.** International Workshop on Emerging Technologies for Authorization and Authentication. Springer, Cham, 2018.{{https:// | ||
- | * I. Pashchenko, H. Plate, S. Ponta, A. Sabetta and F. Massacci. **Vulnerable Open Source Dependencies: | + | * I. Pashchenko, H. Plate, S. Ponta, A. Sabetta and F. Massacci. **Vulnerable Open Source Dependencies: |
* F. Massacci, C. N. Ngo, J. Nie, D. Venturi and J. Williams. **FuturesMEX: | * F. Massacci, C. N. Ngo, J. Nie, D. Venturi and J. Williams. **FuturesMEX: | ||
* F. Massacci, C. N. Ngo, D. Venturi and J. Williams. **Non-Monotonic Security Protocols and Failures in Financial Intermediation** To appear in //Security Protocols Workshop (SPW 18)//, 2018. {{: | * F. Massacci, C. N. Ngo, D. Venturi and J. Williams. **Non-Monotonic Security Protocols and Failures in Financial Intermediation** To appear in //Security Protocols Workshop (SPW 18)//, 2018. {{: | ||
Line 22: | Line 52: | ||
* I. Pashchenko. **FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools**. In // Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/ | * I. Pashchenko. **FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools**. In // Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/ | ||
* F. Massacci, C.N. Ngo, J. Nie, D. Venturi, J. Williams. **The seconomics (security-economics) vulnerabilities of Decentralized Autonomous Organizations**. To appear in //Security Protocols Workshop (SPW)// 2017. {{: | * F. Massacci, C.N. Ngo, J. Nie, D. Venturi, J. Williams. **The seconomics (security-economics) vulnerabilities of Decentralized Autonomous Organizations**. To appear in //Security Protocols Workshop (SPW)// 2017. {{: | ||
- | * L. Allodi, F. Massacci. **Security Events and Vulnerability Data for Cyber Security Risk Estimation.** To appear in //Risk Analysis// (Special Issue on Risk Analysis and Big Data), 2017.{{http://onlinelibrary.wiley.com/resolve/ | + | * L. Allodi, F. Massacci. **Security Events and Vulnerability Data for Cyber Security Risk Estimation.** To appear in //Risk Analysis// (Special Issue on Risk Analysis and Big Data), 2017.{{https://doi.org/ |
* L. Allodi, F. Massacci, J. Williams. **The Work Averse Attacker Model.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http:// | * L. Allodi, F. Massacci, J. Williams. **The Work Averse Attacker Model.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http:// | ||
* F. Massacci, J. Williams. **Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Adversaries.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http:// | * F. Massacci, J. Williams. **Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Adversaries.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http:// |
publications.1560113577.txt.gz · Last modified: (external edit)