User Tools

Site Tools


publications

Publications of the Security Group in Trento

This page presents the publication of the Security Group in chronological order. You can find them also in the individual research topics or in the pages of the individual members.

Working Papers

  • K. Elliott, F. Massacci, C.N. Ngo, J. Williams. Unruly Innovation: Distributed Ledgers, Blockchains and the Protection of Transactional Rents. Technical Report on SSRN 2888872, (December 22, 2016). Available at SSRN: http://ssrn.com/abstract=2888872
  • F. Massacci, C.N. Ngo, J. Williams. Decentralized Transaction Clearing Beyond Blockchains. Technical Report on SSRN 2794913, (June 13, 2016). Available at SSRN: http://ssrn.com/abstract=2794913
  • M. de Gramatica, K. Labunets, F. Massacci, F. Paci, M. Ragosta, A. Tedeschi. On the Effectiveness of Sourcing Knowledge from Catalogues in Security Risk Assessment. To be submitted to journal.
  • K. Labunets, F. Massacci, F. Paci. An Empirical Comparison of Security Risk Assessment Methods. To be submitted to journal.

To Appear

  • M. de Gramatica, F. Massacci, W. Shim, U. Turhan, J. Williams. Agency Problems and Airport Security: Quantitative and Qualitative Evidence on the Impact of Security Training. To appear in Risk Analysis. Authors' PDF or Publisher's Early View Copy.
  • M. Riaz, J. King, J. Slankas, L. Williams, F. Massacci, C. Quesada-López, M. Jenkins. Identifying the implied: Findings from three differentiated replications on the use of security requirements templates. To appear in Empirical Software Engineering. Authors' PDF or Publisher's Online First.

2017

  • K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira. Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations To appear in Empirical Software Engineering. Available at SSRN: https://ssrn.com/abstract=2906745
  • K. Labunets, F. Massacci, F. Paci. On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment. In Proceedings of REFSQ'17. Authors' Draft PDF.

2016

  • L. Allodi, M. Corradin, F. Massacci. Then and Now: On The Maturity of the Cybercrime Markets. The lesson black-hat marketeers learned. IEEE Transactions on Emerging Topics in Computing. 4(1):35-46, 2016. Author's Draft PDF http://doi.org/10.1109/TETC.2015.2397395.
  • S. Dashevskyi, A. D. Brucker, F. Massacci. On the Security Cost of Using a Free and Open Source Component in a Proprietary Product. Proc. of ESSoS 2016 pp. 190-206. 2016.
  • K. Elliott, F. Massacci, J. Williams. Action, Inaction, Trust, and Cybersecurity's Common Property Problem. IEEE Security & Privacy 14(1), 2016. http://doi.org/10.1109/MSP.2016.2
  • F. Massacci, R. Ruprai, M. Collison, J. Williams. Economic Impacts of Rules-based versus Risk-based Cybersecurity Regulations in Critical Infrastructure Providers (Bulk Electricity Providers). IEEE Security and Privacy Magazine 14(03):52-60, 2016. Authors' draft. http://doi.org/10.1109/MSP.2016.48.
  • V.H. Nguyen, S. Dashevskyi, and F. Massacci. An Automatic Method for Assessing the Versions Affected by a Vulnerability, Empirical Software Engineering Journal. 21(6):2268-2297, 2016. Publisher's copy

2015

  • L. Allodi. The Heavy Tails of Vulnerability Exploitation In the Proceedings of ESSoS 2015 PDF.
  • L. Allodi, F. Massacci. The Work-Averse Attacker Model. In the Proceedings of the 23rd European Conference on Information Systems (2015). PDF.
  • M. De Gramatica, F. Massacci, W. Shim, A. Tedeschi, J. Williams IT Interdependence and the Economic Fairness of Cyber-security Regulations for Civil Aviation. IEEE Security and Privacy Magazine 13(5):52-61, 2015. Authors' draft PDF. http://doi.org/10.1109/MSP.2015.98
  • M. de Gramatica, K. Labunets, F. Massacci, F. Paci, A. Tedeschi. The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals In the Proceedings of REFSQ 2015. PDF.
  • K. Labunets, Y. Li, F. Massacci, F. Paci, M. Ragosta, B. Solhaug, K. Stølen, A. Tedeschi. Preliminary Experiments on the Relative Comprehensibility of Tabular and Graphical Risk Models, In the Proceedings of 5th SESAR Innovation Days (SIDs'15). PDF
  • K. Labunets, F. Paci, F. Massacci. Which Security Catalogue Is Better for Novices? In Proc. of EmpiRE Workshop at IEEE RE'15. PDF (preprint)
  • M. Ngo, F. Massacci, D. Milushev, F. Piessens. Runtime Enforcement of Security Policies on Black Box Reactive Programs In Proc. of POPL 2015 PDF.
  • Y. Zhauniarovich, M. Ahmad, O. Gadyatskaya, B. Crispo, F. Massacci. StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications. Proc. of CODASPY'15. pp. 37-48, 2015.
  • Y. Zhauniarovich, A. Philippov, O. Gadyatskaya, B. Crispo, F. Massacci. Towards Black Box Testing of Android Apps. Proc. of ARES 2015.pp. 501-510, 2015.

2014

  • L. Allodi, F. Massacci. Comparing vulnerability severity and exploits using case-control studies. In ACM Transactions on Information and System Security (TISSEC).PDF (Draft)
  • S. Dashevskyi, D.R. dos Santos, F. Massacci, and A. Sabetta. TestREx: a Testbed for Repeatable Exploits, In Proceedings of the 7th USENIX conference on Cyber Security Experimentation and Test (CSET), 2014. PDF
  • M. de Gramatica, F. Massacci and O. Gadyatskaya. An Empirical Study of the Technology Transfer Potential of EU Security and Trust R&D Projects. In Cyber Security and Privacy - Third Cyber Security and Privacy EU Forum, CSP Forum 2014, Athens, Greece, May 21-22, 2014, Revised Selected Papers, pp. 159–170, 2014. Springer.
  • M. Giacalone, R. Mammoliti, F. Massacci, F. Paci, R. Perugino, and C. Selli. Security Triage: A Report of a Lean Security Requirements Methodology for Cost-Effective Security Analysis. A short summary appears In Proc. of EmpiRE Workshop at IEEE RE'14. 3 pages PDF. A longer Industry report appears in Proc. of ESEM'2014. PDF (preprint)
  • O. Gadyatskaya, F. Massacci, and Y. Zhauniarovich. Emerging Mobile Platforms: Firefox OS and Tizen, In IEEE Computer, June 2014, draft.pdf
  • F. Massacci, V.H. Nguyen. An Empirical Methodology to Evaluate Vulnerability Discovery Models. In IEEE Transactions on Software Engineering (TSE), 40(12):1147-1162, 2014. PDF (draft)
  • F. Massacci, F. Paci, L.M.S. Tran, A. Tedeschi. Assessing a requirements evolution approach: Empirical studies in the air traffic management domain. Journal of Systems and Software 95:70-88, 2014. Publisher's PDF
  • M. Ngo, F. Massacci. Programmable Enforcement Framework of Information Flow Policies. In Proc. of ICTCS 2014 PDF.
  • K. Labunets, F. Massacci, F. Paci, M. Ragosta, B. Solhaug, K. Stølen, A. Tedeschi. A First Empirical Evaluation Framework for Security Risk Assessment Methods in the ATM Domain, In the Proceedings of 4th SESAR Innovation Days (SIDs'14). PDF
  • K. Labunets, F. Paci, F. Massacci, and R. Ruprai. An Experiment on Comparing Textual vs. Visual Industrial Methods for Security Risk Assessment. In Proc. of EmpiRE Workshop at IEEE RE'14 PDF
  • L.M.S. Tran, F. Massacci. An Approach for Decision Support on the Uncertainty in Feature Model Evolution. Accepted for publication in Proc. of IEEE RE'14. PDF Preprint

2013

  • M. Ngo, F. Massacci, O. Gadyatskaya. MAP-REDUCE Enforcement Framework of Information Flow Policies. In Informal Proc. of FCS 2013 PDF.
  • L. Allodi. Internet-scale vulnerability risk assessment (Extended Abstract). In Proceedings of Usenix Security LEET 2013, Washington D.C., USA. PDF
  • L. Allodi, V. Kotov, F. Massacci. MalwareLab: Experimenting with Cybercrime Attack Tools. In: Proc. of Usenix Security CSET 2013, Washington D.C., USA. PDF
  • L. Allodi, F. Massacci. How CVSS is DOSsing your patching policy (and wasting your money). Presentation at BlackHat USA 2013, Las Vegas, USA. PDF presentation slides White Paper
  • L. Allodi, W. Shim, F.Massacci. Quantitative assessment of risk reduction with cybercrime black market monitoring. In: Proceedings of the 2013 IEEE S&P International Workshop on Cyber Crime (IWCC'13), May 19-24, 2013, San Francisco, USA. PDF
  • P. Barsocchi, Gabriele Oligeri, Claudio Soriente, SHAKE: Single HAsh Key Establishment for Resource Constrained Devices. Ad Hoc Networks (Elsevier), Volume 11, Issue 1, Jannuary 2013, pp. 288-297.
  • R. Di Pietro, Gabriele Oligeri, Jamming Mitigation in Cognitive Radio Networks. To appear in IEEE Network Magazine, Special Issue on Security in Cognitive Radio Networks.
  • R. Di Pietro, Gabriele Oligeri, COKE: Crypto-less Over-The-Air Key-establishment. In IEEE Transactions on Information Forensics and Security, Vol. 8, Issue 1, 2013, pp.163-173.
  • O. Gadyatskaya, F. Massacci, Q.-H. Nguyen, and B. Chetali. Load time code certification for mobile phone Java cards, In Journal of Information Security and Applications 18/2-3 (Sept 2013) pp. 108–129 .pdf
  • V. Kotov and F. Massacci. Anatomy of Exploit Kits: Preliminary Analysis of Exploit Kits as Software Artefacts. Proc. of ESSoS 2013, pp. 181–196 PDF
  • Labunets, K., Massacci, F., Paci, F., and Tran, L.M.S. An experimental comparison of two risk-based security methods. In Proceedings of the 7th ACM International Symposium on Empirical Software Engineering and Measurement (ESEM), 163–172, 2013. PDF
  • V.H.Nguyen and F.Massacci. The (Un)Reliability of Vulnerable Version Data of NVD: an Empirical Experiment on Chrome Vulnerabilities. In: Proceeding of the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS)'13, May 7-10, 2013, Hangzhou, China PDF Slides.
  • M. Rizwan Asghar and Daniele Miorandi. A holistic view of security and privacy issues in smart grids. In Proc. of Smart Grid Security (SmartGridSec), volume 7823 of Lecture Notes in Computer Science, pages 58-71. Springer Berlin Heidelberg, 2013. PDF
  • Muhammad Rizwan Asghar, Giovanni Russello, Bruno Crispo, and Mihaela Ion. Supporting Complex Queries and Access Policies for Multi-user Encrypted Databases, In Proceedings of The 5th ACM Workshop on Cloud Computing Security Workshop (CCSW) in conjunction with the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.
  • Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo, ESPOONERBAC: Enforcing Security Policies in Outsourced Environments, Elsevier Computers & Security (COSE), Volume 35, 2013. PDF
  • S. Roy Chowdhury, Muhammad Imran, Muhammad Rizwan Asghar, Sihem Amer-Yahia, and Carlos Castillo. Tweet4act: Using incident-specific profiles for classifying crisis-related messages. In The 10th International Conference on Information Systems for Crisis Response and Management (ISCRAM), May 2013. PDF
  • Tran L.M.S. Early Dealing with Evolving Risks in Software Systems. In: The 3rd International Workshop on Information Systems Security Engineering (WISSE'13), co-located with CAiSE 2013. PDF
  • Y. Zhauniarovich, O. Gadyatskaya, and B. Crispo. Demo: Enabling trusted stores for Android, In proc. of ACM CCS 2013 .pdf

2012

  • Woohyun Shim, Luca Allodi, Fabio Massacci. Crime Pays If You Are Just an Average Hacker. Proceedings of IEEE/ASE 2012 Cyber Security Conference. Complementary publication in ASE Journal 2012, Vol. 2, Best paper award.Link,PDF
  • Luca Allodi, Fabio Massacci. A Preliminary Analysis of Vulnerability Scores for Attacks in Wild. In Proceedings of ACM BADGERS 2012 CCS Workshop. ACM,PDF
  • Luca Allodi. The dark side of vulnerability exploitation. Proceedings of the 2012 ESSoS Conference Doctoral Symposium.PDF
  • Muhammad Rizwan Asghar and Giovanni Russello. ACTORS: A goal-driven approach for capturing and managing consent in e-health systems. In 2012 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pages 61-69, July 2012. PDF
  • Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo. Securing data provenance in the cloud. In Jan Camenisch and Dogan Kesdogan, editors, Open Problems in Network Security, volume 7039 of Lecture Notes in Computer Science, pages 145-160. Springer Berlin Heidelberg, 2012. PDF
  • Muhammad Rizwan Asghar and Giovanni Russello. Flexible and dynamic consent-capturing. In Jan Camenisch and Dogan Kesdogan, editors, Open Problems in Network Security, volume 7039 of Lecture Notes in Computer Science, pages 119-131. Springer Berlin Heidelberg, 2012.
  • Massacci F., and Paci F. How to Select a Security Requirements Method? A comparative study with students and practitioners. In Proceedings of the 17th Nordic Conference in Secure IT Systems (NordSec), 2012.PDF
  • Massacci F., Nagaraj D., Paci F., Tran L.M.S, Tedeschi, A. Assessing a Requirements Evolution Approach: Empirical Studies in the Air Traffic Management Domain. In Proceedings of International Workshop on Empirical Requirements Engineering (EmpiRE), 49–56, 2012.PDF.
  • Paci F., Massacci F., Bouquet F., Debricon, S.Managing Evolution by Orchestrating Requirements and Testing Engineering Processes. In Proceedings of the Third International Workshop on Security Testing (SecTest), 834–841, 2012.PDF
  • V.H.Nguyen and F.Massacci. An Independent Validation of Vulnerability Discovery Models. In: Proceeding of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS)'12, May 2-4, 2012, Seoul, Korean PDF.
  • V.H.Nguyen and F.Massacci. An Idea of an Independent Validation of Vulnerability Discovery Models. In: Proceeding of the International Symposium on Engineering Secure Software and Systems (ESSoS)'12, February 16-17, 2012, Eindhoven, The Netherlands PDF.
  • O.Gadyatskaya and F.Massacci: Controlling Application Interactions on the Novel Smart Cards with Security-by-Contract. In Proceedings of HATS-2012 Summer School, Springer PDF
  • O.Gadyatskaya, F.Massacci and E.Lostal: Extended Abstract: Embeddable Security-by-Contract Verifier for Java Card. In BYTECODE-2012, Tallinn, Estonia, 2012. PDF
  • O. Gadyatskaya, F. Massacci and A. Philippov: Security-by-Contract for the OSGi Platform. In Proceedings of 27th IFIP TC 11 Information Security and Privacy Conference (SEC 2012), Springer 2012 PDF
  • Roberto Di Pietro, Gabriele Oligeri, Claudio Soriente, Gene Tsudik, United We Stand: Intrusion Resilience in Mobile Unattended WSNs. IEEE Transaction on Mobile Computing, Online, 31 May 2012.

2011

  • Muhammad Rizwan Asghar, Giovanni Russello, and Bruno Crispo. Poster: ESPOONERBAC: Enforcing security policies in outsourced environments with encrypted RBAC. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pages 841-844. ACM, 2011.
  • Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo. ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments. In The Sixth International Conference on Availability, Reliability and Security, ARES'11, pages 99-108. IEEE Computer Society, August 2011. PDF
  • Asnar, Y., Li, T., Massacci, F., Paci, F. Computer Aided Threat Identification. In Proceedings of the IEEE Conference on Commerce and Enterprise Computing (CEC), 145–52, 2011.PDF
  • Asnar Y., Massacci F.: A Method for Security Governance, Risk, and Compliance (GRC): A Goal-Process Approach. Foundations of Security Analysis and Design V: Tutorial Lectures 2011:152-184 - This is a tutorial on the GRC Approach. PDF
  • Asnar Y., Massacci F., Saïdane A., Riccucci C., Felici M., Tedeschi A., El Khoury P., Li K., Seguran M., Zannone N.: Organizational Patterns for Security and Dependability: From Design to Application. International Journal of Secure Software Engineering 2(3):1-22 (2011)
  • Felix, E., Delande, O., Massacci, F., Paci, F. Managing Changes with Legacy Security Engineering Processes.In Proceedings of the IEEE Intelligence and Security Informatics Conference (ISI), 137–142, 2011.PDF
  • Bergmann, G., Massacci, F., Paci, F., Tun, T.T, Varro, D., Yu, Y. SeCMER: A Tool to Gain Control over Security Requirements Evolution.In Proceedings of ServiceWave, Demonstration Track, 49–56, 2011.PDF
  • Bergmann, G., Massacci, F., Paci, F., Tun, T.T, Varro, D., Yu, Y. A Tool for ManagingEvolving Security Requirements. In Proceedings of CAISE'11 FORUM, 110–125, 2011.PDF
  • Bielova N., Devriese D.,Massacci F., Piessens F.: Reactive non-interference for a browser model. Proc. of NSS’11. p 97-104. IEEE 2011. PDFFull version as Technical Report at K.U.Leuven
  • Bielova N., Massacci F.: Computer-Aided Generation of Enforcement Mechanisms for Error-Tolerant Policies. Proc. of POLICY’11. p. 89-96. IEEE 2011. PDF
  • Bielova N., Massacci F.: Do you really mean what you actually enforced? - Edited automata revisited. . International Journal of Information Security 10(4):239-254 (2011) PDF
  • Bielova N., Massacci F.: Iterative Enforcement by Suppression: Towards Practical Enforcement Theories. Journal of Computer Security 2011. PDF
  • Massacci, F., Mylopoulos, J., Paci, f.,Tun, T.T, Yu, Y. An extended Ontology for Security Requirements.In Proceedings of The First International Workshop on Information Systems Security Engineering (WISSE), 622–636, 2011.PDF
  • Tran L.M.S, Massacci, F. Towards a Game-Theoretic Foundation for Software Requirement Evolution. In: 23rd International Conference on Advanced Information Systems Engineering (CAiSE'11) London, June 2011. PDF
  • F.Massacci, S.Neuhaus and V.H.Nguyen. After-Life Vulnerabilities: A Study on Firefox Evolution, its Vulnerabilities and Fixes. In Proceeding of the International Symposium on Engineering Secure Software and Systems (ESSoS)'11, February 9-10, 2011, Madrid, Spain. PDF
  • O. Gadyatskaya, F. Massacci and E. Lostal: Load Time Security Verification. In Proceedings of International Conference on Information Systems Security (ICISS 2011), Kolkata, India, vol. LNCS 7093 pp. 250-264, Springer.PDF
  • N. Dragoni, O. Gadyatskaya and F. Massacci: Supporting Software Evolution for Open Smart Cards by Security-by-Contract. In Petre et al.: Dependability and Computer Engineering: Concepts for Software-Intensive Systems, IGI Global, 2011. PDF available at the IGI Global web site Link
  • N. Dragoni, O. Gadyatskaya, F. Massacci, F. Paci and E. Lostal: Loading-Time Verification for Open Multi-Application Smart Cards. In Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2011), Pisa, Italy, 2011, pp. 153-156, IEEE Computer Society. PDF
  • Gabriele Oligeri, Stefano Chessa, Gaetano Giunta. Loss Tollerant Video Streaming Authentication in Heterogeneous Wireless Networks, Computer Communications, Vol. 34, Issue 11, pp. 1307-1315, 15 July 2011.
  • Gabriele Oligeri, Stefano Chessa, Roberto Di Pietro, Gaetano Giunta. Robust and Efficient Authentication of Video Stream Broadcasting. ACM Transactions on Information and System Security, Vol.14, No.1, pp.1–25, May 2011.

2010

  • Bielova N., Massacci F.: Predictability of Enforcement. In Proc. of ESSoS’10. Springer p 73-86.PDF
  • Compagna L., El Khoury P., Massacci F., Saïdane A.: A Dynamic Security Framework for Ambient Intelligent Systems: A Smart-Home Based eHealth Application. Transactions on Computational Science 10:1-24 (2010)
  • Karsai G., Massacci F., Osterweil L.J., Schieferdecker I.: Evolving Embedded Systems. IEEE Computer 43(5): 34-40 2010. PDF at Publisher
  • Massacci F. and Zannone N.. Detecting Conflicts between Functional and Security Requirements with Secure Tropos: John Rusnak and the Allied Irish Bank. In Social Modeling for Requirements Engineering. MIT Press, 2010.
  • F.Massacci and V.H.Nguyen. Which is the Right Source of Vulnerability Studies? An Empirical Analysis on Mozilla Firefox. In Proceeding of the International Workshop on Security Measurement and Metrics (MetriSec)'10, Ed: Laurie Williams, Riccardo Scandariato, September 15,2010, Bolzano-Bozen, Italy. PDF
  • O. Gadyatskaya, F. Massacci, F. Paci, S. Stankevich: Java Card Architecture for Autonomous Yet Secure Evolution of Smart Cards Applications. In Proceedings of NordSec 2010, LNCS 7127, pp187-192. Springer 2012. PDF
  • N. Dragoni, O. Gadyatskaya and F. Massacci: Supporting Applications' Evolution in Multi-Application Smart Cards by Security-by-Contract. In Proceedings of the 4th Workshop in Information Security Theory and Practices (WISTP 2010), Passau, Germany, 2010, vol. LNCS 6033, pp.221-228, Springer. PDF

2009

  • Bielova N., Massacci F., Micheletti A.: Towards Practical Enforcement Theories. Proc. of NordSec’09 p. 239-254, Springer 2009. PDF
  • Compagna L., El Khoury P., Krausová A., Massacci F, and Zannone N..How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artificial Intelligence and Law Journal 17(1):1-30, 2009.
  • Dragoni N., Massacci F., Saïdane A. A self-protecting and self-healing framework for negotiating services and trust in autonomic communication systems. Computer Networks 53(10):1628-1648 2009.
  • Dragoni N., Massacci F., Walter T., Schaefer C.. What the Heck is this application doing? - A security-by-contract architecture for pervasive services, Computer & Security 28(7):566-577 2009. PDF at Elsevier
  • Kuper G.M., Massacci F., Rassadko N.. Generalized XML security views. International Journal of Information Security 8(3): 173-203 2009
  • F. Massacci, F. Piessens, I. Siahaan: Security-by-contract for the future internet. Proc. of FIS’09. LNCS 5468. p. 29-43, Springer 2009.PDF

2008

  • Aktug I., Naliuka K.: ConSpec — A formal language for policy specification. Science of Computer Programming 74(1–2):2-12, 2008. PDF. PDF at Elsevier
  • Bielova N., Dragoni N., Massacci N., Naliuka K., Siahaan I.: Matching in security-by-contract for mobile code. Journal of Logic and Algebraic Programming 78(5):340-358, (2009)PDF
  • Desmet L, Joosen W., Massacci F., Philippaerts P., Piessens F., Siahaan I., Vanoverberghe D., Security-by-contract on the .NET platform. Information Security Technical Report 13 (1):25-32, Jan 2008. (most cited paper of the journal) PDF at Elsevier. Short version appeared at ACM CSAW (see below)
  • Desmet L., Joosen W., Massacci F., Naliuka K., Philippaerts P., Piessens F., Vanoverberghe D.. The S3MS.NET Run Time Monitor. Tool Demonstration. ENTCS 253(5):153-159, 2009.
  • N. Dragoni, F. Massacci, K. Naliuka: An inline monitoring system for .NET mobile devices. Proc. of IFIPTM’08. 363-366, 2008.
  • Koshutanski H., Massacci F.: Interactive access control for autonomic systems: From theory to implementation. ACM Transactions on Autonomous and Autonomic Systems 3(3): 2008. PDF
  • F. Massacci, K. Naliuka: Towards practical security monitors of UML policies for mobile applications. Proc. of ARES Workshops’08. p. 1112-1119, 2008.
  • F. Massacci, I. Siahaan. Simulating Midlet’s Security Claims with Automata Modulo Theory. In Proc. of PLAS’08. May 2008 Tucson (USA), p 1-19, ACM Press, 2008.

2007

  • L. Desmet, W. Joosen, F. Massacci, K. Naliuka, P. Philippaerts, F. Piessens, D. Vanoverbergh: A flexible security architecture to support third-party applications on mobile devices. In Proc. of CSAW’07. p. 19-28 ACM Press 2007.PDF
  • N. Dragoni, F. Massacci: Security-by-contract for web services. In Proc. of SWS’07. p. 90-98 ACM Press 2007.
  • N. Dragoni, F. Massacci, K. Naliuka, I. Siahaan: Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code. In Proc. of EuroPKI 2007. LNCS, 4582, p. 297-312 Springer, 2007.PDF
  • N. Dragoni, F. Massacci, C. Schaefer, T. Walter, E. Vetillard. A Security-by-Contracts Architecture for Pervasive Services. In Proc. of SecPerU’07. p 49 – 54, IEEE Press 2007.
  • Kohutanski, H., Massacci F.: A Negotiation Scheme for Access Rights Establishment in Autonomic Communication. Journal of Network and Systems Management 15(1):117-136 2007. PDF
  • F. Massacci, K. Naliuka: Towards Practical Security Monitors of UML Policies for Mobile Applications. In Proc. of Policy 2007, p. 278-278. , IEEE Press.
  • F. Massacci, I. Siahaan. Matching Midlet's Security Claims with a Platform Security Policy using Automata Modulo Theory. In Proc. of NordSec’07. 2007. PDF
  • Massacci F., and Mylopoulos J., Zannone N. Computer-aided Support for Secure Tropos. Automated Software Engineering. 14(3): 341-364, 2007.
  • Massacci F., Mylopoulos J., Zannone N., “From Hippocratic Databases to Secure Tropos: a Computer-Aided Re-Engineering Approach”. International Journal of Software engineering and Knowledge Engineering, 17(2):265-284, 2007.

2006

  • Bella G., Massacci F., Paulson L.C,: Verifying the SET Purchase Protocols. Journal of Automated Reasoning 36(1-2):5-37, 2006
  • Dobson S., Denazis S., Fernández A., Gaïti D., Gelenbe E., Massacci F., Nixon P., Saffre F., Schmidt N., Zambonelli F.: A survey of autonomic communications. ACM Transactions on Autonomous and Autonomic Systems 1(2):223-259, 2006 PDF at Publisher
  • Giorgini P., Massacci F., Mylopoulos J., Zannone N., “Requirements Engineering for Trust Management: Model, Methodology, and Reasoning”. International Journal of Information Security, 5(4):257-274, 2006.
  • Massacci F., Mylopoulos J., Zannone N., “Hierarchical Hippocratic Databases with Minimal Disclosure for Virtual Organizations”. In VLDB Journal, 15(4): 370-387. 2006.

2005

  • Bella G., Massacci F., Paulson L. C., “Overview of the Verification of SET”. International Journal on Information Security, 4(1-2):17-28. 2005.
  • Massacci F., Prest M., Zannone N., “Using a Security Requirements Engineering Methodology in Practice: the compliance with the Italian Data Protection Legislation”. Computer Standards & Interfaces, 2005, v. 27, n. 5, p. 445-455.
  • Giorgini P., Massacci F., Zannone N., “Security and Trust Requirements Engineering”. In Foundations of Security Analysis and Design III: Tutorial Lectures. In Aldini A., Gorrieri R., Martinelli F. (eds), Springer, 2005, p. 237-272., Lecture Notes in Computer Science, 3655;

Earlier papers

  • Bella G., Massacci F., Paulson L. C., “Verifying the SET registration protocols”. IEEE Journal on Selected Areas in Communications, 21(1):77-87, 2003.
  • Fiorini C., Massacci F., Martinelli E., “How to fake an RSA signature by encoding modular root finding as a SAT problem”. Discrete Applied Mathematics, 130(2): 101-127, 2003.
  • Massacci F., Marraro L., “Logical Cryptanalysis as a SAT-Problem: Encoding and Analysis of the U.S. Data Encryption Standard”. Journal of Automated Reasoning, 24(1-2):165-203, 2000.
  • Carlucci Aiello L., Massacci F., “Planning attacks to security protocols: case studies in logic programming”. In Computational logic: logic programming and beyond : essays in honor of Robert A. Kowalski, Springer, 2002. p. 533-560
  • Massacci F. and Marraro L.. Logical cryptanalysis as a SAT-problem: Encoding and analysis of the U.S. Data Encryption Standard. In SAT-2000: Highlights of Satisfiability Research at the Year 2000, vol. 63 of Frontiers in AI and Applications, p. 343-376. IOS Press, 2000. Essentially the same as the JAR Paper.
publications.txt · Last modified: 2017/02/28 17:01 by katsiaryna.labunets@unitn.it