User Tools

Site Tools


publications

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

publications [2019/11/12 23:41]
fabio.massacci@unitn.it [2019]
publications [2020/09/23 18:30] (current)
ivan.pashchenko@unitn.it [2020]
Line 2: Line 2:
  
 This page presents the publication of the [[start|Security Group]] in chronological order. You can find them also in the individual [[research_activities|research topics]] or in the pages of the individual [[security_group|members]]. This page presents the publication of the [[start|Security Group]] in chronological order. You can find them also in the individual [[research_activities|research topics]] or in the pages of the individual [[security_group|members]].
 +
 +===== 2020 =====
 +   * Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci. **Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies**. To Appear in //IEEE Transactions on Software Engineering Journal//, 2020
 +   * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Poster: Towards Using Source Code Repositories to Identify Software Supply Chain Attacks**. To Appear in Proceedings of //the ACM Conference on Computer and Communications Security (CCS)//, 2020 - {{:research_activities:experiments:ccs2020poster.pdf|Author's preprint}}
 +   * Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, and William Robertson. ** Cached and Confused: Web Cache Deception in the Wild**, The 29th USENIX Security Symposium (USENIX Security 20), 2020. [[https://www.usenix.org/system/files/sec20-mirheidari.pdf|PDF]] [[https://www.usenix.org/conference/usenixsecurity20/presentation/mirheidari|Publisher]]
 +   * Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic. **An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags**, To Appear in Proceedings of //the 2nd Workshop on Cyber Range Technologies and Applications (CACOE 2020)//, 2020 - {{:research_activities:cacoe6.pdf|Author's preprint}}
 +   * Giorgio Di Tizio, Chan Nam Ngo. **Are You a Favorite Target For Cryptojacking? A Case-Control Study On The Cryptojacking Ecosystem**, To Appear in Proceedings of //the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020)//, 2020 - {{:research_activities:wacco17.pdf|Author's preprint}}
 +   * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **A Qualitative Study of Dependency Management and Its Security Implications**, To Appear in Proceedings of //the ACM Conference on Computer and Communications Security (CCS)//, 2020 {{:research_activities:experiments:ccs-2020-preprint.pdf|Author's preprint}}
 +   * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Typosquatting and Combosquatting Attacks on the Python Ecosystem**. To Appear in Proceedings of //the 2nd Workshop on Attackers and Cyber-Crime Operations (WACCO 2020)//, 2020 - {{:research_activities:experiments:ly2020typosquatting.pdf|Author's preprint}}
 +   * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **Preliminary Findings on FOSS Dependencies and Security A Qualitative Study on Developers’ Attitudes and Experience (Poster)**. In Proceedings of //the 42nd International Conference on Software Engineering (ICSE)//, 2020 - {{:research_activities:experiments:poster_icse-20.pdf|poster}}, {{:research_activities:experiments:pashchenko2020preliminary.pdf|Author's preprint}} [[https://doi.org/10.1145/3377812.3390903|Publisher Version]]
 +   * Fabio Massacci, Chan Nam Ngo. **Distributed Financial Exchanges: Security Challenges and Design Principles** IEEE Security & Privacy (Early Access) [[https://ieeexplore.ieee.org/document/9115212|Publisher Version]] [[:sp-2019-05-0134.r1_ngo.pdf|Author's preprint]]
 +   * Luca Allodi, Marco Cremonini, Fabio Massacci, Woohyun Shim. **Measuring the accuracy of software vulnerability assessments: experiments with students and professionals**, Empirical Software Engineering 25:1063–1094 [[https://doi.org/10.1007/s10664-019-09797-4|Open Access PDF]]
 +   * Gabriel Kuper, Fabio Massacci, Woohyun Shim, Julian Williams. **Who Should Pay for Interdependent Risk? Policy Implications for Security Interdependence Among Airports**, Risk Analysis [[https://doi.org/10.1111/risa.13454|Open Access PDF]]
 +   *  Pierantonia Sterlini, Fabio Massacci, Natalia Kadenko, Tobias Fiebig, Michel van Eeten. **Governance Challenges for European Cybersecurity Policies: Stakeholder Views** IEEE Security & Privacy: 17-31 [[https://doi.org/10.1109/MSEC.2019.2945309|Publisher Version]], {{:research_activities:economics:ieee_governance_v28-cleaned.pdf|Author's preprint}}.
 +
 +
  
 ===== 2019 ===== ===== 2019 =====
Line 8: Line 24:
    * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **DriverAuth: A Risk-based Multi-modal Biometric-based Driver Authentication Scheme for Ride-sharing Platforms.** Computers & Security (2019).[[https://www.sciencedirect.com/science/article/pii/S0167404818310113|Full Paper]]    * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **DriverAuth: A Risk-based Multi-modal Biometric-based Driver Authentication Scheme for Ride-sharing Platforms.** Computers & Security (2019).[[https://www.sciencedirect.com/science/article/pii/S0167404818310113|Full Paper]]
    * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **DriverAuth: Behavioral biometric-based driver authentication mechanism for on-demand ride and ridesharing infrastructure.** ICT Express 5.1 (2019): 16-20. [[https://www.sciencedirect.com/science/article/pii/S2405959517302710|Full Paper]]    * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **DriverAuth: Behavioral biometric-based driver authentication mechanism for on-demand ride and ridesharing infrastructure.** ICT Express 5.1 (2019): 16-20. [[https://www.sciencedirect.com/science/article/pii/S2405959517302710|Full Paper]]
 +   * de Haan, Johannes; Massacci, Fabio; Sterlini, Pierantonia; Bernard Ladkin, Peter; Raspotnig, Christian, **The Risk of Relying on a Public Communications Infrastructure.** in Proceedings of the 27th Safety-Critical Systems Symposium, Bristol, UK: Publisher SCSC, 2019. Proceedings of: SCSC, Bristol, UK, 5-7th February 2019{{:research_activities:economics:sss-rdci-tf_final-2019.pdf|PDF}}
 ===== 2018 ===== ===== 2018 =====
 +  * Sajjad Arshad, Seyed Ali Mirheidari, Tobias Lauinger, Bruno Crispo, Engin Kirda, and William Robertson. **Large-Scale Analysis of Style Injection by Relative Path Overwrite.** the 2018 World Wide Web Conference (WWW'18), 2018. [[https://www2018.thewebconf.org/awards/|Honorable Mention award]]  {{:www2018rpo_paper.pdf|PDF}}
   * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **Demystifying authentication concepts in smartphones: Ways and types to secure access.** Mobile Information Systems 2018 (2018). {{https://doi.org/10.1155/2018/2649598|Full Paper}}   * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **Demystifying authentication concepts in smartphones: Ways and types to secure access.** Mobile Information Systems 2018 (2018). {{https://doi.org/10.1155/2018/2649598|Full Paper}}
   * Buriro, Attaullah, Bruno Crispo, Sandeep Gupta, and Filippo Del Frari. **Dialerauth: A motion-assisted touch-based smartphone user authentication scheme.** Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. ACM, 2018.{{https://dl.acm.org/citation.cfm?doid=3176258.3176318|Full Paper}}   * Buriro, Attaullah, Bruno Crispo, Sandeep Gupta, and Filippo Del Frari. **Dialerauth: A motion-assisted touch-based smartphone user authentication scheme.** Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. ACM, 2018.{{https://dl.acm.org/citation.cfm?doid=3176258.3176318|Full Paper}}
   * Buriro, Attaullah, Bruno Crispo, Mojtaba Eskandri, Sandeep Gupta, Athar Mahboob, and Rutger Van Acker. **Snap Auth: A Gesture-Based Unobtrusive Smartwatch User Authentication Scheme.** International Workshop on Emerging Technologies for Authorization and Authentication. Springer, Cham, 2018.{{https://link.springer.com/chapter/10.1007/978-3-030-04372-8_3|Conference paper}}   * Buriro, Attaullah, Bruno Crispo, Mojtaba Eskandri, Sandeep Gupta, Athar Mahboob, and Rutger Van Acker. **Snap Auth: A Gesture-Based Unobtrusive Smartwatch User Authentication Scheme.** International Workshop on Emerging Technologies for Authorization and Authentication. Springer, Cham, 2018.{{https://link.springer.com/chapter/10.1007/978-3-030-04372-8_3|Conference paper}}
-  * I. Pashchenko, H. Plate, S. Ponta, A. Sabetta and F. Massacci. **Vulnerable Open Source Dependencies: Counting Those That Matter** To appear in //International Symposium on Empirical Software Engineering and Measurement (ESEM2018),// 2018. {{https://drive.google.com/file/d/1IewO3T_cZuz2GkRctDJYvyMJAqXxTamc/view?usp=sharing|Camera-ready}}+  * I. Pashchenko, H. Plate, S. Ponta, A. Sabetta and F. Massacci. **Vulnerable Open Source Dependencies: Counting Those That Matter** To appear in //International Symposium on Empirical Software Engineering and Measurement (ESEM2018),// 2018. {{:research_activities:vulnerability_discovery_model:esem-2018-final.pdf|}}
   * F. Massacci, C. N. Ngo, J. Nie, D. Venturi and J. Williams. **FuturesMEX: Secure, Distributed Futures Market Exchange.** To appear in //IEEE Symposium on Security and Privacy (SS&P'18)//, 2018. {{:sp18proceedings.pdf|Prepub version}}, [[https://www.youtube.com/watch?v=cOGgB9GdPT0|IEEE S&P Youtube channel presentation]], also available as {{:research_activities:economics:futuremex-1h-no-animation.pdf|longer talk}}.   * F. Massacci, C. N. Ngo, J. Nie, D. Venturi and J. Williams. **FuturesMEX: Secure, Distributed Futures Market Exchange.** To appear in //IEEE Symposium on Security and Privacy (SS&P'18)//, 2018. {{:sp18proceedings.pdf|Prepub version}}, [[https://www.youtube.com/watch?v=cOGgB9GdPT0|IEEE S&P Youtube channel presentation]], also available as {{:research_activities:economics:futuremex-1h-no-animation.pdf|longer talk}}.
   * F. Massacci, C. N. Ngo, D. Venturi and J. Williams. **Non-Monotonic Security Protocols and Failures in Financial Intermediation** To appear in //Security Protocols Workshop (SPW 18)//, 2018. {{:research_activities:economics:nonmonotonicsecurity.pdf|Prepub version}}   * F. Massacci, C. N. Ngo, D. Venturi and J. Williams. **Non-Monotonic Security Protocols and Failures in Financial Intermediation** To appear in //Security Protocols Workshop (SPW 18)//, 2018. {{:research_activities:economics:nonmonotonicsecurity.pdf|Prepub version}}
publications.1573598519.txt.gz · Last modified: 2019/11/12 23:41 by fabio.massacci@unitn.it