User Tools

Site Tools


publications

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
publications [2021/03/29 10:41]
ivan.pashchenko@unitn.it [2021]
publications [2021/04/01 08:24] (current)
ducly.vu@unitn.it update the publisher versions
Line 11: Line 11:
 ===== 2020 ===== ===== 2020 =====
    * Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci. **Vuln4Real:​ A Methodology for Counting Actually Vulnerable Dependencies**. //IEEE Transactions on Software Engineering Journal//, 2020 - {{:​research_activities:​vulnerability-analysis:​pashchenko-vuln4real.pdf|Author-accepted manuscript}}    * Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci. **Vuln4Real:​ A Methodology for Counting Actually Vulnerable Dependencies**. //IEEE Transactions on Software Engineering Journal//, 2020 - {{:​research_activities:​vulnerability-analysis:​pashchenko-vuln4real.pdf|Author-accepted manuscript}}
-   * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Poster: ​Towards Using Source Code Repositories to Identify Software Supply Chain Attacks**. ​To Appear in Proceedings of //the ACM Conference on Computer and Communications Security (CCS)//, 2020 - {{:​research_activities:​experiments:​ccs2020poster.pdf|Author'​s preprint}}, {{:​research_activities:​experiments:​poster_ccs-20.pdf|poster}}+   * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Towards Using Source Code Repositories to Identify Software Supply Chain Attacks**. ​In Proceedings of //the ACM Conference on Computer and Communications Security (CCS)//, 2020 - {{:​research_activities:​experiments:​ccs2020poster.pdf|Author'​s preprint}}, {{:​research_activities:​experiments:​poster_ccs-20.pdf|poster}}, [[https://​doi.org/​10.1145/​3372297.3420015|Publisher Version]]
    * Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, and William Robertson. ** Cached and Confused: Web Cache Deception in the Wild**, The 29th USENIX Security Symposium (USENIX Security 20), 2020. [[https://​www.usenix.org/​system/​files/​sec20-mirheidari.pdf|PDF]] [[https://​www.usenix.org/​conference/​usenixsecurity20/​presentation/​mirheidari|Media]]\\ [[https://​portswigger.net/​research/​top-10-web-hacking-techniques-of-2019|Voted and let to an award as Top Web Hacking Technique of 2019.]]\\ [[https://​www.cybersecurity-insiders.com/​investigating-the-top-10-application-vulnerabilities/​|Selected among Top 10 Application Vulnerabilities of 2019 by WhiteHat Security.]]\\ [[https://​www.csaw.io/​research|CSAW 2020 Finalist: Nominated for the Best Applied Research in the 17th annual CSAW conference (CSAW’20).]]\\ [[https://​pwnies.com/​nominations/​active/​most-innovative-research/​web-cache-deception-in-the-wild/​|Pwnie Award Nominee: Nominated for the Most Innovative Research of 2020.]]    * Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, and William Robertson. ** Cached and Confused: Web Cache Deception in the Wild**, The 29th USENIX Security Symposium (USENIX Security 20), 2020. [[https://​www.usenix.org/​system/​files/​sec20-mirheidari.pdf|PDF]] [[https://​www.usenix.org/​conference/​usenixsecurity20/​presentation/​mirheidari|Media]]\\ [[https://​portswigger.net/​research/​top-10-web-hacking-techniques-of-2019|Voted and let to an award as Top Web Hacking Technique of 2019.]]\\ [[https://​www.cybersecurity-insiders.com/​investigating-the-top-10-application-vulnerabilities/​|Selected among Top 10 Application Vulnerabilities of 2019 by WhiteHat Security.]]\\ [[https://​www.csaw.io/​research|CSAW 2020 Finalist: Nominated for the Best Applied Research in the 17th annual CSAW conference (CSAW’20).]]\\ [[https://​pwnies.com/​nominations/​active/​most-innovative-research/​web-cache-deception-in-the-wild/​|Pwnie Award Nominee: Nominated for the Most Innovative Research of 2020.]]
    * Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic. **An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags**, To Appear in Proceedings of //the 2nd Workshop on Cyber Range Technologies and Applications (CACOE 2020)//, 2020 - {{:​research_activities:​cacoe6.pdf|Author'​s preprint}}    * Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic. **An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags**, To Appear in Proceedings of //the 2nd Workshop on Cyber Range Technologies and Applications (CACOE 2020)//, 2020 - {{:​research_activities:​cacoe6.pdf|Author'​s preprint}}
    * Giorgio Di Tizio, Chan Nam Ngo. **Are You a Favorite Target For Cryptojacking?​ A Case-Control Study On The Cryptojacking Ecosystem**,​ To Appear in Proceedings of //the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020)//, 2020 - {{:​research_activities:​wacco17.pdf|Author'​s preprint}}    * Giorgio Di Tizio, Chan Nam Ngo. **Are You a Favorite Target For Cryptojacking?​ A Case-Control Study On The Cryptojacking Ecosystem**,​ To Appear in Proceedings of //the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020)//, 2020 - {{:​research_activities:​wacco17.pdf|Author'​s preprint}}
-   * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **A Qualitative Study of Dependency Management and Its Security Implications**, ​To Appear in Proceedings of //the ACM Conference on Computer and Communications Security (CCS)//, 2020 {{:​research_activities:​experiments:​ccs-2020-preprint.pdf|Author'​s preprint}} +   * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **A Qualitative Study of Dependency Management and Its Security Implications**, ​In Proceedings of //the ACM Conference on Computer and Communications Security (CCS)//, 2020 {{:​research_activities:​experiments:​ccs-2020-preprint.pdf|Author'​s preprint}}, [[https://​doi.org/​10.1145/​3372297.3417232|Publisher Version]] 
-   * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Typosquatting and Combosquatting Attacks on the Python Ecosystem**. ​To Appear in Proceedings of //the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020)//, 2020 - {{:​research_activities:​experiments:​ly2020typosquatting.pdf|Author'​s preprint}}+   * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Typosquatting and Combosquatting Attacks on the Python Ecosystem**. ​In Proceedings of //the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020)//, 2020 - {{:​research_activities:​experiments:​ly2020typosquatting.pdf|Author'​s preprint}}, [[https://​doi.org/​10.1109/​EuroSPW51379.2020.00074|Publisher Version]]
    * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **Preliminary Findings on FOSS Dependencies and Security A Qualitative Study on Developers’ Attitudes and Experience (Poster)**. In Proceedings of //the 42nd International Conference on Software Engineering (ICSE)//, 2020 - {{:​research_activities:​experiments:​poster_icse-20.pdf|poster}},​ {{:​research_activities:​experiments:​pashchenko2020preliminary.pdf|Author'​s preprint}} [[https://​doi.org/​10.1145/​3377812.3390903|Publisher Version]]    * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **Preliminary Findings on FOSS Dependencies and Security A Qualitative Study on Developers’ Attitudes and Experience (Poster)**. In Proceedings of //the 42nd International Conference on Software Engineering (ICSE)//, 2020 - {{:​research_activities:​experiments:​poster_icse-20.pdf|poster}},​ {{:​research_activities:​experiments:​pashchenko2020preliminary.pdf|Author'​s preprint}} [[https://​doi.org/​10.1145/​3377812.3390903|Publisher Version]]
    * Fabio Massacci, Chan Nam Ngo. **Distributed Financial Exchanges: Security Challenges and Design Principles** IEEE Security & Privacy (Early Access) [[https://​ieeexplore.ieee.org/​document/​9115212|Publisher Version]] [[:​sp-2019-05-0134.r1_ngo.pdf|Author'​s preprint]]    * Fabio Massacci, Chan Nam Ngo. **Distributed Financial Exchanges: Security Challenges and Design Principles** IEEE Security & Privacy (Early Access) [[https://​ieeexplore.ieee.org/​document/​9115212|Publisher Version]] [[:​sp-2019-05-0134.r1_ngo.pdf|Author'​s preprint]]
publications.txt · Last modified: 2021/04/01 08:24 by ducly.vu@unitn.it