Publications of the Security Group in Trento
This page presents the publication of the Security Group in chronological order. You can find them also in the individual research topics or in the pages of the individual members.
2022
-
Giorgio Di Tizio, Michele Armellini, Fabio Massacci,
Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats. IEEE Transactions on Software Engineering (TSE), 2022 -
Publisher Version
2021
Giorgio Di Tizio, Fabio Massacci,
A Calculus of Tracking: Theory and Practice. In Proceedings of the 21st Privacy Enhancing Technologies Symposium (PETS 2021), 2021 -
Author-accepted manuscript,
Video
Duc-Ly Vu, Fabio Massacci, Ivan Pashchenko, Henrik Plate, and Antonino Sabetta.
LastPyMile: Identifying the Discrepancy between Sources and Packages. In Proceedings of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), 2021 -
Author-accepted manuscript,
Publisher Version,
Video
Duc-Ly Vu, Ivan Pashchenko, and Fabio Massacci.
Please hold on: more time = more patches? Automated program repair as anytime algorithms. In Proceedings of
ACM/IEEE International Conference on Software Engineering - Automated Program Repair (APR) workshop, 2021 -
Author-accepted manuscript,
Publisher Version,
Video
Fabio Massacci and Ivan Pashchenko.
Technical Leverage: dependencies mixed blessing. To Appear in
IEEE Security and Privacy Magazine - Dept. Building Security In, 2021 -
Author-accepted manuscript
Fabio Massacci and Ivan Pashchenko.
Technical Leverage in a Software Ecosystem: Development Opportunities and Security Risks. To Appear in
ACM/IEEE International Conference on Software Engineering, 2021 -
Author-accepted manuscript
Ivan Pashchenko, Riccardo Scandariato, Antonino Sabetta, and Fabio Massacci.
Secure Software Development in the Era of Fluid Multi-party Open Software and Services. To Appear in
ACM/IEEE International Conference on Software Engineering - New Ideas and Emerging Results, 2021 -
Author-accepted manuscript
2020
Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci.
Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies.
IEEE Transactions on Software Engineering Journal, 2020 -
Author-accepted manuscript
Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta.
Towards Using Source Code Repositories to Identify Software Supply Chain Attacks. In Proceedings of
the ACM Conference on Computer and Communications Security (CCS), 2020 -
Author's preprint,
poster,
Publisher Version
-
Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic.
An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags, To Appear in Proceedings of
the 2nd Workshop on Cyber Range Technologies and Applications (CACOE 2020), 2020 -
Author's preprint
Giorgio Di Tizio, Chan Nam Ngo.
Are You a Favorite Target For Cryptojacking? A Case-Control Study On The Cryptojacking Ecosystem, To Appear in Proceedings of
the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020), 2020 -
Author's preprint
Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci.
A Qualitative Study of Dependency Management and Its Security Implications, In Proceedings of
the ACM Conference on Computer and Communications Security (CCS), 2020
Author's preprint,
Publisher Version
Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta.
Typosquatting and Combosquatting Attacks on the Python Ecosystem. In Proceedings of
the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020), 2020 -
Author's preprint,
Publisher Version
Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci.
Preliminary Findings on FOSS Dependencies and Security A Qualitative Study on Developers’ Attitudes and Experience (Poster). In Proceedings of
the 42nd International Conference on Software Engineering (ICSE), 2020 -
poster,
Author's preprint Publisher Version
Fabio Massacci, Chan Nam Ngo.
Distributed Financial Exchanges: Security Challenges and Design Principles IEEE Security & Privacy (Early Access)
Publisher Version Author's preprint
Luca Allodi, Marco Cremonini, Fabio Massacci, Woohyun Shim.
Measuring the accuracy of software vulnerability assessments: experiments with students and professionals, Empirical Software Engineering 25:1063–1094
Open Access PDF
Gabriel Kuper, Fabio Massacci, Woohyun Shim, Julian Williams.
Who Should Pay for Interdependent Risk? Policy Implications for Security Interdependence Among Airports, Risk Analysis
Open Access PDF
Pierantonia Sterlini, Fabio Massacci, Natalia Kadenko, Tobias Fiebig, Michel van Eeten.
Governance Challenges for European Cybersecurity Policies: Stakeholder Views IEEE Security & Privacy: 17-31
Publisher Version,
Author's preprint.
2019
Fabio Massacci.
Is ‘deny access’ a valid ‘fail-safe default’ principle for building security in cyber-physical systems? IEEE Security and Privacy (2019).
Pre-print
Ettore Battaiola, Fabio Massacci, Chan Nam Ngo, Pierantonia Sterlini.
Blockchain-based Invoice Factoring: from business requirements to commitments. DLT@ITASEC 2019: 17-31
PDF.
Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo.
DriverAuth: A Risk-based Multi-modal Biometric-based Driver Authentication Scheme for Ride-sharing Platforms. Computers & Security (2019).
Full Paper
Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo.
DriverAuth: Behavioral biometric-based driver authentication mechanism for on-demand ride and ridesharing infrastructure. ICT Express 5.1 (2019): 16-20.
Full Paper
de Haan, Johannes; Massacci, Fabio; Sterlini, Pierantonia; Bernard Ladkin, Peter; Raspotnig, Christian,
The Risk of Relying on a Public Communications Infrastructure. in Proceedings of the 27th Safety-Critical Systems Symposium, Bristol, UK: Publisher SCSC, 2019. Proceedings of: SCSC, Bristol, UK, 5-7th February 2019
PDF
2018
2017
I. Pashchenko, S. Dashevskyi, F. Massacci.
Delta-Bench: Differential Benchmark for Static Analysis Security Testing Tools.
International Symposium on Empirical Software Engineering and Measurement (ESEM2017), 2017.
Prepub version
I. Pashchenko.
FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools. In
Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’17), 2017.
Author's PDF or
Publisher's Version
F. Massacci, C.N. Ngo, J. Nie, D. Venturi, J. Williams.
The seconomics (security-economics) vulnerabilities of Decentralized Autonomous Organizations. To appear in
Security Protocols Workshop (SPW) 2017.
Author's draft
L. Allodi, F. Massacci.
Security Events and Vulnerability Data for Cyber Security Risk Estimation. To appear in
Risk Analysis (Special Issue on Risk Analysis and Big Data), 2017.
PDF at Publisher,
Author's Preprint
L. Allodi, F. Massacci, J. Williams.
The Work Averse Attacker Model. In
Workshop on Economics of Information Security (WEIS), 2017.
PDF
F. Massacci, J. Williams.
Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Adversaries. In
Workshop on Economics of Information Security (WEIS), 2017.
PDF
M. de Gramatica, F. Massacci, W. Shim, U. Turhan, J. Williams.
Agency Problems and Airport Security: Quantitative and Qualitative Evidence on the Impact of Security Training. To appear in
Risk Analysis.
Authors' PDF or
Publisher's Early View Copy.
M. Riaz, J. King, J. Slankas, L. Williams, F. Massacci, C. Quesada-López, M. Jenkins.
Identifying the implied: Findings from three differentiated replications on the use of security requirements templates. To appear in
Empirical Software Engineering.
Authors' PDF or
Publisher's Online First.
K. Labunets, F. Massacci, F. Paci, S. Marczak, F. Moreira de Oliveira.
Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations To appear in
Empirical Software Engineering. Available at SSRN:
https://ssrn.com/abstract=2906745
K. Labunets, F. Massacci, F. Paci.
On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment. In
Proceedings of REFSQ'17.
Authors' Draft PDF.
A. Buriro, B. Crispo, and Y. Zhauniarovich. Please Hold On: Unobtrusive User Authentication using Smartphone’s built-in Sensors. In Proceedings of IEEE International Conference on Identity, Security and Behavior Analysis (ISBA 2017), pp.1–8, 2017.
A. Buriro, S. Gupta, and B. Crispo. Evaluation of Motion-based Touch-typing Biometrics in Online Financial Environments. To appear in 16th International Conference of the Biometrics Special Interest Group 20.-22.09.2017, Darmstadt (BIOSIG 2017).
A. Buriro, Z. Akhtar, B. Crispo, S. Gupta, Mobile Biometrics: Towards A Comprehensive Evaluation Methodology. To appear in The 51st International Carnahan Conference on Security Technology Madrid, Spain (ICCST 2017), October 23-26, 2017.
Z. Akhtar, A. Buriro, B. Crispo, and T. H. Falk. Multimodal Smartphone User Authentication using Touchstroke, Phone-movements and Face Patterns. To appear in 5th IEEE Global Conference on Signal and Information Processing (GlobalSIP 2017).
2016
-
S. Dashevskyi, A. D. Brucker, F. Massacci. On the Security Cost of Using a Free and Open Source Component in a Proprietary Product. Proc. of ESSoS 2016 pp. 190-206. 2016.
M. de Gramatica, K. Labunets, F. Massacci, F. Paci, M. Ragosta, A. Tedeschi. On the Effectiveness of Sourcing Knowledge from Catalogues in Security Risk Assessment.
K. Elliott, F. Massacci, J. Williams.
Action, Inaction, Trust, and Cybersecurity's Common Property Problem. IEEE Security & Privacy 14(1), 2016.
http://doi.org/10.1109/MSP.2016.2
K. Elliott, F. Massacci, C.N. Ngo, J. Williams.
Unruly Innovation: Distributed Ledgers, Blockchains and the Protection of Transactional Rents.
Technical Report on SSRN 2888872, (December 22, 2016). Available at SSRN:
http://ssrn.com/abstract=2888872
F. Massacci, C.N. Ngo, J. Williams.
Decentralized Transaction Clearing Beyond Blockchains.
Technical Report on SSRN 2794913, (June 13, 2016). Available at SSRN:
http://ssrn.com/abstract=2794913
F. Massacci, R. Ruprai, M. Collison, J. Williams.
Economic Impacts of Rules-based versus Risk-based Cybersecurity Regulations in Critical Infrastructure Providers (Bulk Electricity Providers). IEEE Security and Privacy Magazine 14(03):52-60, 2016.
Authors' draft.
http://doi.org/10.1109/MSP.2016.48.
V.H. Nguyen, S. Dashevskyi, and F. Massacci.
An Automatic Method for Assessing the Versions Affected by a Vulnerability,
Empirical Software Engineering Journal. 21(6):2268-2297, 2016.
Publisher's copy
A. Buriro, Z. Akhtar, B. Crispo, and Filippo Del Frari. Age, Gender and Operating-Hand Estimation on Smart Mobile Devices. In Proceedings of the 15th International Conference of the Biometrics Special Interest Group (BIOSIG 2016), 21.-23.09.2016, Darmstadt, pp.1–5, 2016.
A. Buriro, B. Crispo, F. Del Frari, and K. Wrona. Hold and Sign: A Novel Behavioral Biometrics for Smartphone User Authentication. In Proceedings of the IEEE Computer Society Security and Privacy Workshops attached with the IEEE Symposium on Security and Privacy (IEEE S&P 2016), pp.276–285, 2016.
2015
L. Allodi.
The Heavy Tails of Vulnerability Exploitation In the Proceedings of ESSoS 2015 PDF.
L. Allodi, F. Massacci.
The Work-Averse Attacker Model. In the Proceedings of the 23rd European Conference on Information Systems (2015). PDF.
M. De Gramatica, F. Massacci, W. Shim, A. Tedeschi, J. Williams
IT Interdependence and the Economic Fairness of Cyber-security Regulations for Civil Aviation. IEEE Security and Privacy Magazine 13(5):52-61, 2015.
Authors' draft PDF.
http://doi.org/10.1109/MSP.2015.98
M. de Gramatica, K. Labunets, F. Massacci, F. Paci, A. Tedeschi.
The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals In the Proceedings of REFSQ 2015. PDF.
K. Labunets, Y. Li, F. Massacci, F. Paci, M. Ragosta, B. Solhaug, K. Stølen, A. Tedeschi.
Preliminary Experiments on the Relative Comprehensibility of Tabular and Graphical Risk Models, In
the Proceedings of 5th SESAR Innovation Days (SIDs'15). PDF
K. Labunets, F. Paci, F. Massacci.
Which Security Catalogue Is Better for Novices? In
Proc. of EmpiRE Workshop at IEEE RE'15. PDF (preprint)
M. Ngo, F. Massacci, D. Milushev, F. Piessens.
Runtime Enforcement of Security Policies on Black Box Reactive Programs In Proc. of POPL 2015 PDF.
Y. Zhauniarovich, M. Ahmad, O. Gadyatskaya, B. Crispo, F. Massacci. StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications. Proc. of CODASPY'15. pp. 37-48, 2015.
Y. Zhauniarovich, A. Philippov, O. Gadyatskaya, B. Crispo, F. Massacci. Towards Black Box Testing of Android Apps. Proc. of ARES 2015.pp. 501-510, 2015.
Attaullah Buriro, Bruno Crispo, Filippo Del Frari, Jeffrey Klardie and Konrad Wrona. ITSME: Multi-modal and Unobtrusive Behavioural User Authentication for Smartphones. In Proceedings of the International Conference on Passwords (PASSWORDS 2015), pp.45–61, 2015
Attaullah Buriro, Bruno Crispo, Filippo Del Frari, and Konrad Wrona. Touchstroke: Smartphone User Authentication Based on Touch-Typing Biometrics. In Proceedings of the New Trends in Image Analysis and Processing (ICIAP 2015 Workshops), pp. 27–34, 2015
2014
L. Allodi, F. Massacci.
Comparing vulnerability severity and exploits using case-control studies. In
ACM Transactions on Information and System Security (TISSEC).
PDF (Draft)
S. Dashevskyi, D.R. dos Santos, F. Massacci, and A. Sabetta.
TestREx: a Testbed for Repeatable Exploits, In
Proceedings of the 7th USENIX conference on Cyber Security Experimentation and Test (CSET), 2014.
PDF
M. de Gramatica, F. Massacci and O. Gadyatskaya. An Empirical Study of the Technology Transfer Potential of EU Security and Trust R&D Projects. In Cyber Security and Privacy - Third Cyber Security and Privacy EU Forum, CSP Forum 2014, Athens, Greece, May 21-22, 2014, Revised Selected Papers, pp. 159–170, 2014. Springer.
M. Giacalone, R. Mammoliti, F. Massacci, F. Paci, R. Perugino, and C. Selli.
Security Triage: A Report of a Lean Security Requirements Methodology for Cost-Effective Security Analysis. A short summary appears In
Proc. of EmpiRE Workshop at IEEE RE'14.
3 pages PDF. A longer Industry report appears in
Proc. of ESEM'2014.
PDF (preprint)
O. Gadyatskaya, F. Massacci, and Y. Zhauniarovich.
Emerging Mobile Platforms: Firefox OS and Tizen, In
IEEE Computer, June 2014,
draft.pdf
F. Massacci, V.H. Nguyen.
An Empirical Methodology to Evaluate Vulnerability Discovery Models. In
IEEE Transactions on Software Engineering (TSE), 40(12):1147-1162, 2014.
PDF (draft)
F. Massacci, F. Paci, L.M.S. Tran, A. Tedeschi.
Assessing a requirements evolution approach: Empirical studies in the air traffic management domain. Journal of Systems and Software 95:70-88, 2014.
Publisher's PDF
M. Ngo, F. Massacci.
Programmable Enforcement Framework of Information Flow Policies. In Proc. of ICTCS 2014 PDF.
K. Labunets, F. Massacci, F. Paci, M. Ragosta, B. Solhaug, K. Stølen, A. Tedeschi.
A First Empirical Evaluation Framework for Security Risk Assessment Methods in the ATM Domain, In
the Proceedings of 4th SESAR Innovation Days (SIDs'14). PDF
K. Labunets, F. Paci, F. Massacci, and R. Ruprai.
An Experiment on Comparing Textual vs. Visual Industrial Methods for Security Risk Assessment. In
Proc. of EmpiRE Workshop at IEEE RE'14 PDF
L.M.S. Tran, F. Massacci.
An Approach for Decision Support on the Uncertainty in Feature Model Evolution. Accepted for publication in
Proc. of IEEE RE'14.
PDF Preprint
2013
M. Ngo, F. Massacci, O. Gadyatskaya.
MAP-REDUCE Enforcement Framework of Information Flow Policies. In Informal Proc. of FCS 2013 PDF.
L. Allodi.
Internet-scale vulnerability risk assessment (Extended Abstract). In
Proceedings of Usenix Security LEET 2013, Washington D.C., USA.
PDF
L. Allodi, V. Kotov, F. Massacci.
MalwareLab: Experimenting with Cybercrime Attack Tools. In:
Proc. of Usenix Security CSET 2013, Washington D.C., USA.
PDF
L. Allodi, F. Massacci.
How CVSS is DOSsing your patching policy (and wasting your money). Presentation at
BlackHat USA 2013, Las Vegas, USA.
PDF presentation slides White Paper
L. Allodi, W. Shim, F.Massacci.
Quantitative assessment of risk reduction with cybercrime black market monitoring. In:
Proceedings of the 2013 IEEE S&P International Workshop on Cyber Crime (IWCC'13), May 19-24, 2013, San Francisco, USA.
PDF
P. Barsocchi, Gabriele Oligeri, Claudio Soriente, SHAKE: Single HAsh Key Establishment for Resource Constrained Devices. Ad Hoc Networks (Elsevier), Volume 11, Issue 1, Jannuary 2013, pp. 288-297.
R. Di Pietro, Gabriele Oligeri, Jamming Mitigation in Cognitive Radio Networks. To appear in IEEE Network Magazine, Special Issue on Security in Cognitive Radio Networks.
R. Di Pietro, Gabriele Oligeri, COKE: Crypto-less Over-The-Air Key-establishment. In IEEE Transactions on Information Forensics and Security, Vol. 8, Issue 1, 2013, pp.163-173.
O. Gadyatskaya, F. Massacci, Q.-H. Nguyen, and B. Chetali.
Load time code certification for mobile phone Java cards, In Journal of Information Security and Applications 18/2-3 (Sept 2013) pp. 108–129
.pdf
V. Kotov and F. Massacci.
Anatomy of Exploit Kits: Preliminary Analysis of Exploit Kits as Software Artefacts. Proc. of ESSoS 2013, pp. 181–196
PDF
Labunets, K., Massacci, F., Paci, F., and Tran, L.M.S.
An experimental comparison of two risk-based security methods. In
Proceedings of the 7th ACM International Symposium on Empirical Software Engineering and Measurement (ESEM), 163–172, 2013.
PDF
V.H.Nguyen and F.Massacci.
The (Un)Reliability of Vulnerable Version Data of NVD: an Empirical Experiment on Chrome Vulnerabilities. In:
Proceeding of the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS)'13, May 7-10, 2013, Hangzhou, China
PDF Slides.
M. Rizwan Asghar and Daniele Miorandi.
A holistic view of security and privacy issues in smart grids. In
Proc. of Smart Grid Security (SmartGridSec), volume 7823 of Lecture Notes in Computer Science, pages 58-71. Springer Berlin Heidelberg, 2013.
PDF
Muhammad Rizwan Asghar, Giovanni Russello, Bruno Crispo, and Mihaela Ion. Supporting Complex Queries and Access Policies for Multi-user Encrypted Databases, In Proceedings of The 5th ACM Workshop on Cloud Computing Security Workshop (CCSW) in conjunction with the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 2013.
Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo,
ESPOONERBAC: Enforcing Security Policies in Outsourced Environments,
Elsevier Computers & Security (COSE), Volume 35, 2013.
PDF
S. Roy Chowdhury, Muhammad Imran, Muhammad Rizwan Asghar, Sihem Amer-Yahia, and Carlos Castillo. Tweet4act: Using incident-specific profiles for classifying crisis-related messages. In The 10th International Conference on Information Systems for Crisis Response and Management (ISCRAM), May 2013.
PDF
Tran L.M.S.
Early Dealing with Evolving Risks in Software Systems. In:
The 3rd International Workshop on Information Systems Security Engineering (WISSE'13), co-located with CAiSE 2013.
PDF
Y. Zhauniarovich, O. Gadyatskaya, and B. Crispo.
Demo: Enabling trusted stores for Android, In proc. of ACM CCS 2013
.pdf
2012
Woohyun Shim, Luca Allodi, Fabio Massacci.
Crime Pays If You Are Just an Average Hacker. Proceedings of IEEE/ASE 2012 Cyber Security Conference. Complementary publication in ASE Journal 2012, Vol. 2, Best paper award.
Link,
PDF
Luca Allodi, Fabio Massacci.
A Preliminary Analysis of Vulnerability Scores for Attacks in Wild. In
Proceedings of ACM BADGERS 2012 CCS Workshop.
ACM,
PDF
Luca Allodi. The dark side of vulnerability exploitation. Proceedings of the 2012 ESSoS Conference Doctoral Symposium.
PDF
Muhammad Rizwan Asghar and Giovanni Russello. ACTORS: A goal-driven approach for capturing and managing consent in e-health systems. In 2012 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pages 61-69, July 2012.
PDF
Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo. Securing data provenance in the cloud. In Jan Camenisch and Dogan Kesdogan, editors, Open Problems in Network Security, volume 7039 of Lecture Notes in Computer Science, pages 145-160. Springer Berlin Heidelberg, 2012.
PDF
Muhammad Rizwan Asghar and Giovanni Russello. Flexible and dynamic consent-capturing. In Jan Camenisch and Dogan Kesdogan, editors, Open Problems in Network Security, volume 7039 of Lecture Notes in Computer Science, pages 119-131. Springer Berlin Heidelberg, 2012.
Massacci F., and Paci F.
How to Select a Security Requirements Method? A comparative study with students and practitioners. In
Proceedings of the 17th Nordic Conference in Secure IT Systems (NordSec), 2012.
PDF
Massacci F., Nagaraj D., Paci F., Tran L.M.S, Tedeschi, A.
Assessing a Requirements Evolution Approach: Empirical Studies in the Air Traffic Management Domain. In
Proceedings of International Workshop on Empirical Requirements Engineering (EmpiRE), 49–56, 2012.
PDF.
Paci F., Massacci F., Bouquet F., Debricon, S.Managing Evolution by Orchestrating Requirements and Testing Engineering Processes. In Proceedings of the Third International Workshop on Security Testing (SecTest), 834–841, 2012.
PDF
V.H.Nguyen and F.Massacci.
An Independent Validation of Vulnerability Discovery Models. In:
Proceeding of the 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS)'12, May 2-4, 2012, Seoul, Korean
PDF.
V.H.Nguyen and F.Massacci. An Idea of an Independent Validation of Vulnerability Discovery Models. In: Proceeding of the International Symposium on Engineering Secure Software and Systems (ESSoS)'12, February 16-17, 2012, Eindhoven, The Netherlands
PDF.
O.Gadyatskaya and F.Massacci: Controlling Application Interactions on the Novel Smart Cards with Security-by-Contract. In
Proceedings of HATS-2012 Summer School, Springer
PDF
O.Gadyatskaya, F.Massacci and E.Lostal: Extended Abstract: Embeddable Security-by-Contract Verifier for Java Card. In
BYTECODE-2012, Tallinn, Estonia, 2012.
PDF
O. Gadyatskaya, F. Massacci and A. Philippov: Security-by-Contract for the OSGi Platform. In
Proceedings of 27th IFIP TC 11 Information Security and Privacy Conference (SEC 2012), Springer 2012
PDF
Roberto Di Pietro, Gabriele Oligeri, Claudio Soriente, Gene Tsudik, United We Stand: Intrusion Resilience in Mobile Unattended WSNs. IEEE Transaction on Mobile Computing, Online, 31 May 2012.
2011
Muhammad Rizwan Asghar, Giovanni Russello, and Bruno Crispo. Poster: ESPOONERBAC: Enforcing security policies in outsourced environments with encrypted RBAC. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pages 841-844. ACM, 2011.
Muhammad Rizwan Asghar, Mihaela Ion, Giovanni Russello, and Bruno Crispo. ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments. In The Sixth International Conference on Availability, Reliability and Security, ARES'11, pages 99-108. IEEE Computer Society, August 2011.
PDF
Asnar, Y., Li, T., Massacci, F., Paci, F. Computer Aided Threat Identification. In Proceedings of the IEEE Conference on Commerce and Enterprise Computing (CEC), 145–52, 2011.
PDF
Asnar Y., Massacci F.: A Method for Security Governance, Risk, and Compliance (GRC): A Goal-Process Approach. Foundations of Security Analysis and Design V: Tutorial Lectures 2011:152-184 - This is a tutorial on the GRC Approach.
PDF
Asnar Y., Massacci F., Saïdane A., Riccucci C., Felici M., Tedeschi A., El Khoury P., Li K., Seguran M., Zannone N.: Organizational Patterns for Security and Dependability: From Design to Application. International Journal of Secure Software Engineering 2(3):1-22 (2011)
Felix, E., Delande, O., Massacci, F., Paci, F. Managing Changes with Legacy Security Engineering Processes.In Proceedings of the IEEE Intelligence and Security Informatics Conference (ISI), 137–142, 2011.
PDF
Bergmann, G., Massacci, F., Paci, F., Tun, T.T, Varro, D., Yu, Y. SeCMER: A Tool to Gain Control over Security Requirements Evolution.In Proceedings of ServiceWave, Demonstration Track, 49–56, 2011.
PDF
Bergmann, G., Massacci, F., Paci, F., Tun, T.T, Varro, D., Yu, Y. A Tool for ManagingEvolving Security Requirements. In Proceedings of CAISE'11 FORUM, 110–125, 2011.
PDF
-
Bielova N., Massacci F.: Computer-Aided Generation of Enforcement Mechanisms for Error-Tolerant Policies. Proc. of POLICY’11. p. 89-96. IEEE 2011.
PDF
Bielova N., Massacci F.: Do you really mean what you actually enforced? - Edited automata revisited. .
International Journal of Information Security 10(4):239-254 (2011)
PDF
Bielova N., Massacci F.: Iterative Enforcement by Suppression: Towards Practical Enforcement Theories.
Journal of Computer Security 2011.
PDF
Massacci, F., Mylopoulos, J., Paci, f.,Tun, T.T, Yu, Y. An extended Ontology for Security Requirements.In Proceedings of The First International Workshop on Information Systems Security Engineering (WISSE), 622–636, 2011.
PDF
Tran L.M.S, Massacci, F. Towards a Game-Theoretic Foundation for Software Requirement Evolution. In: 23rd International Conference on Advanced Information Systems Engineering (CAiSE'11) London, June 2011.
PDF
F.Massacci, S.Neuhaus and V.H.Nguyen. After-Life Vulnerabilities: A Study on Firefox Evolution, its Vulnerabilities and Fixes. In Proceeding of the International Symposium on Engineering Secure Software and Systems (ESSoS)'11, February 9-10, 2011, Madrid, Spain.
PDF
O. Gadyatskaya, F. Massacci and E. Lostal:
Load Time Security Verification. In Proceedings of International Conference on Information Systems Security (ICISS 2011), Kolkata, India, vol. LNCS 7093 pp. 250-264, Springer.
PDF
N. Dragoni, O. Gadyatskaya and F. Massacci:
Supporting Software Evolution for Open Smart Cards by Security-by-Contract. In Petre et al.: Dependability and Computer Engineering: Concepts for Software-Intensive Systems, IGI Global, 2011. PDF available at the IGI Global web site
Link
N. Dragoni, O. Gadyatskaya, F. Massacci, F. Paci and E. Lostal:
Loading-Time Verification for Open Multi-Application Smart Cards. In Proceedings of the IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2011), Pisa, Italy, 2011, pp. 153-156, IEEE Computer Society.
PDF
Gabriele Oligeri, Stefano Chessa, Gaetano Giunta. Loss Tollerant Video Streaming Authentication in Heterogeneous Wireless Networks, Computer Communications, Vol. 34, Issue 11, pp. 1307-1315, 15 July 2011.
Gabriele Oligeri, Stefano Chessa, Roberto Di Pietro, Gaetano Giunta. Robust and Efficient Authentication of Video Stream Broadcasting. ACM Transactions on Information and System Security, Vol.14, No.1, pp.1–25, May 2011.
2010
Bielova N., Massacci F.: Predictability of Enforcement. In Proc. of ESSoS’10. Springer p 73-86.
PDF
Compagna L., El Khoury P., Massacci F., Saïdane A.: A Dynamic Security Framework for Ambient Intelligent Systems: A Smart-Home Based eHealth Application. Transactions on Computational Science 10:1-24 (2010)
Karsai G., Massacci F., Osterweil L.J., Schieferdecker I.: Evolving Embedded Systems.
IEEE Computer 43(5): 34-40 2010.
PDF at Publisher
Massacci F. and Zannone N.. Detecting Conflicts between Functional and Security Requirements with Secure Tropos: John Rusnak and the Allied Irish Bank. In Social Modeling for Requirements Engineering. MIT Press, 2010.
F.Massacci and V.H.Nguyen. Which is the Right Source of Vulnerability Studies? An Empirical Analysis on Mozilla Firefox. In Proceeding of the International Workshop on Security Measurement and Metrics (MetriSec)'10, Ed:
Laurie Williams,
Riccardo Scandariato, September 15,2010, Bolzano-Bozen, Italy.
PDF
O. Gadyatskaya, F. Massacci, F. Paci, S. Stankevich:
Java Card Architecture for Autonomous Yet Secure Evolution of Smart Cards Applications. In Proceedings of NordSec 2010, LNCS 7127, pp187-192. Springer 2012.
PDF
N. Dragoni, O. Gadyatskaya and F. Massacci:
Supporting Applications' Evolution in Multi-Application Smart Cards by Security-by-Contract. In Proceedings of the 4th Workshop in Information Security Theory and Practices (WISTP 2010), Passau, Germany, 2010, vol. LNCS 6033, pp.221-228, Springer.
PDF
2009
Bielova N., Massacci F., Micheletti A.: Towards Practical Enforcement Theories. Proc. of NordSec’09 p. 239-254, Springer 2009.
PDF
Compagna L., El Khoury P., Krausová A., Massacci F, and Zannone N..How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artificial Intelligence and Law Journal 17(1):1-30, 2009.
Dragoni N., Massacci F., Saïdane A. A self-protecting and self-healing framework for negotiating services and trust in autonomic communication systems. Computer Networks 53(10):1628-1648 2009.
Dragoni N., Massacci F., Walter T., Schaefer C.. What the Heck is this application doing? - A security-by-contract architecture for pervasive services,
Computer & Security 28(7):566-577 2009.
PDF at Elsevier
Kuper G.M., Massacci F., Rassadko N.. Generalized XML security views. International Journal of Information Security 8(3): 173-203 2009
F. Massacci, F. Piessens, I. Siahaan: Security-by-contract for the future internet. Proc. of FIS’09. LNCS 5468. p. 29-43, Springer 2009.
PDF
2008
Aktug I., Naliuka K.: ConSpec — A formal language for policy specification.
Science of Computer Programming 74(1–2):2-12, 2008.
PDF.
PDF at Elsevier
Bielova N., Dragoni N., Massacci N., Naliuka K., Siahaan I.: Matching in security-by-contract for mobile code.
Journal of Logic and Algebraic Programming 78(5):340-358, (2009)
PDF
Desmet L, Joosen W., Massacci F., Philippaerts P., Piessens F., Siahaan I., Vanoverberghe D., Security-by-contract on the .NET platform.
Information Security Technical Report 13 (1):25-32, Jan 2008. (most cited paper of the journal)
PDF at Elsevier. Short version appeared at ACM CSAW (see below)
Desmet L., Joosen W., Massacci F., Naliuka K., Philippaerts P., Piessens F., Vanoverberghe D.. The S3MS.NET Run Time Monitor. Tool Demonstration. ENTCS 253(5):153-159, 2009.
N. Dragoni, F. Massacci, K. Naliuka: An inline monitoring system for .NET mobile devices. Proc. of IFIPTM’08. 363-366, 2008.
Koshutanski H., Massacci F.: Interactive access control for autonomic systems: From theory to implementation.
ACM Transactions on Autonomous and Autonomic Systems 3(3): 2008.
PDF
F. Massacci, K. Naliuka: Towards practical security monitors of UML policies for mobile applications. Proc. of ARES Workshops’08. p. 1112-1119, 2008.
F. Massacci, I. Siahaan. Simulating Midlet’s Security Claims with Automata Modulo Theory. In Proc. of PLAS’08. May 2008 Tucson (USA), p 1-19, ACM Press, 2008.
2007
L. Desmet, W. Joosen, F. Massacci, K. Naliuka, P. Philippaerts, F. Piessens, D. Vanoverbergh: A flexible security architecture to support third-party applications on mobile devices. In Proc. of CSAW’07. p. 19-28 ACM Press 2007.
PDF
N. Dragoni, F. Massacci: Security-by-contract for web services. In Proc. of SWS’07. p. 90-98 ACM Press 2007.
N. Dragoni, F. Massacci, K. Naliuka, I. Siahaan: Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code. In Proc. of EuroPKI 2007. LNCS, 4582, p. 297-312 Springer, 2007.
PDF
N. Dragoni, F. Massacci, C. Schaefer, T. Walter, E. Vetillard. A Security-by-Contracts Architecture for Pervasive Services. In Proc. of SecPerU’07. p 49 – 54, IEEE Press 2007.
Kohutanski, H., Massacci F.: A Negotiation Scheme for Access Rights Establishment in Autonomic Communication.
Journal of Network and Systems Management 15(1):117-136 2007.
PDF
F. Massacci, K. Naliuka: Towards Practical Security Monitors of UML Policies for Mobile Applications. In Proc. of Policy 2007, p. 278-278. , IEEE Press.
F. Massacci, I. Siahaan. Matching Midlet's Security Claims with a Platform Security Policy using Automata Modulo Theory. In Proc. of NordSec’07. 2007.
PDF
Massacci F., and Mylopoulos J., Zannone N. Computer-aided Support for Secure Tropos. Automated Software Engineering. 14(3): 341-364, 2007.
Massacci F., Mylopoulos J., Zannone N., “From Hippocratic Databases to Secure Tropos: a Computer-Aided Re-Engineering Approach”. International Journal of Software engineering and Knowledge Engineering, 17(2):265-284, 2007.
2006
Bella G., Massacci F., Paulson L.C,: Verifying the SET Purchase Protocols. Journal of Automated Reasoning 36(1-2):5-37, 2006
Dobson S., Denazis S., Fernández A., Gaïti D., Gelenbe E., Massacci F., Nixon P., Saffre F., Schmidt N., Zambonelli F.: A survey of autonomic communications.
ACM Transactions on Autonomous and Autonomic Systems 1(2):223-259, 2006
PDF at Publisher
Giorgini P., Massacci F., Mylopoulos J., Zannone N., “Requirements Engineering for Trust Management: Model, Methodology, and Reasoning”. International Journal of Information Security, 5(4):257-274, 2006.
Massacci F., Mylopoulos J., Zannone N., “Hierarchical Hippocratic Databases with Minimal Disclosure for Virtual Organizations”. In VLDB Journal, 15(4): 370-387. 2006.
2005
Bella G., Massacci F., Paulson L. C., “Overview of the Verification of SET”. International Journal on Information Security, 4(1-2):17-28. 2005.
Massacci F., Prest M., Zannone N., “Using a Security Requirements Engineering Methodology in Practice: the compliance with the Italian Data Protection Legislation”. Computer Standards & Interfaces, 2005, v. 27, n. 5, p. 445-455.
Giorgini P., Massacci F., Zannone N., “Security and Trust Requirements Engineering”. In Foundations of Security Analysis and Design III: Tutorial Lectures. In Aldini A., Gorrieri R., Martinelli F. (eds), Springer, 2005, p. 237-272., Lecture Notes in Computer Science, 3655;
Earlier papers
Bella G., Massacci F., Paulson L. C., “Verifying the SET registration protocols”. IEEE Journal on Selected Areas in Communications, 21(1):77-87, 2003.
Fiorini C., Massacci F., Martinelli E., “How to fake an RSA signature by encoding modular root finding as a SAT problem”. Discrete Applied Mathematics, 130(2): 101-127, 2003.
Massacci F., Marraro L., “Logical Cryptanalysis as a SAT-Problem: Encoding and Analysis of the U.S. Data Encryption Standard”. Journal of Automated Reasoning, 24(1-2):165-203, 2000.
Carlucci Aiello L., Massacci F., “Planning attacks to security protocols: case studies in logic programming”. In Computational logic: logic programming and beyond : essays in honor of Robert A. Kowalski, Springer, 2002. p. 533-560
Massacci F. and Marraro L.. Logical cryptanalysis as a SAT-problem: Encoding and analysis of the U.S. Data Encryption Standard. In SAT-2000: Highlights of Satisfiability Research at the Year 2000, vol. 63 of Frontiers in AI and Applications, p. 343-376. IOS Press, 2000. Essentially the same as the JAR Paper.