publications
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
publications [2020/06/26 10:53] – [2020] ivan.pashchenko@unitn.it | publications [2022/09/14 17:41] (current) – Add "Web Cache Deception Escalates!" matteo.golinelli@unitn.it | ||
---|---|---|---|
Line 2: | Line 2: | ||
This page presents the publication of the [[start|Security Group]] in chronological order. You can find them also in the individual [[research_activities|research topics]] or in the pages of the individual [[security_group|members]]. | This page presents the publication of the [[start|Security Group]] in chronological order. You can find them also in the individual [[research_activities|research topics]] or in the pages of the individual [[security_group|members]]. | ||
+ | |||
+ | ===== 2022 ===== | ||
+ | * Seyed Ali Mirheidari, Matteo Golinelli, Kaan Onarlioglu, Engin Kirda, Bruno Crispo. ** Web Cache Deception Escalates!**, | ||
+ | * Giorgio Di Tizio, Michele Armellini, Fabio Massacci, **Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats**. IEEE Transactions on Software Engineering (TSE), 2022 - [[https:// | ||
+ | ===== 2021 ===== | ||
+ | * Giorgio Di Tizio, Fabio Massacci, **A Calculus of Tracking: Theory and Practice**. In Proceedings of the 21st Privacy Enhancing Technologies Symposium (PETS 2021), 2021 - {{:: research_activities: | ||
+ | * Duc-Ly Vu, Fabio Massacci, Ivan Pashchenko, Henrik Plate, and Antonino Sabetta. **LastPyMile: | ||
+ | * Duc-Ly Vu, Ivan Pashchenko, and Fabio Massacci. **Please hold on: more time = more patches? Automated program repair as anytime algorithms**. In Proceedings of //ACM/IEEE International Conference on Software Engineering - Automated Program Repair (APR) workshop//, 2021 - {{ : | ||
+ | * Fabio Massacci and Ivan Pashchenko. **Technical Leverage: dependencies mixed blessing**. To Appear in //IEEE Security and Privacy Magazine - Dept. Building Security In//, 2021 - [[ https:// | ||
+ | * Fabio Massacci and Ivan Pashchenko. **Technical Leverage in a Software Ecosystem: Development Opportunities and Security Risks**. To Appear in //ACM/IEEE International Conference on Software Engineering//, | ||
+ | * Ivan Pashchenko, Riccardo Scandariato, | ||
===== 2020 ===== | ===== 2020 ===== | ||
- | * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **A Qualitative Study of Dependency Management and Its Security Implications**, | + | * Ivan Pashchenko, Henrik Plate, Serena Elisa Ponta, Antonino Sabetta, and Fabio Massacci. **Vuln4Real: |
- | * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Typosquatting and Combosquatting Attacks on the Python Ecosystem**. | + | * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Towards Using Source Code Repositories to Identify Software Supply Chain Attacks**. In Proceedings of //the ACM Conference on Computer and Communications Security (CCS)//, 2020 - {{: |
+ | * Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda, and William Robertson. ** Cached and Confused: Web Cache Deception in the Wild**, The 29th USENIX Security Symposium (USENIX Security 20), 2020. [[https:// | ||
+ | * Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic. **An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags**, To Appear in Proceedings of //the 2nd Workshop on Cyber Range Technologies and Applications (CACOE 2020)//, 2020 - {{: | ||
+ | * Giorgio Di Tizio, Chan Nam Ngo. **Are You a Favorite Target For Cryptojacking? | ||
+ | * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **A Qualitative Study of Dependency Management and Its Security Implications**, | ||
+ | * Duc-Ly Vu, Ivan Pashchenko, Fabio Massacci, Henrik Plate, Antonino Sabetta. **Typosquatting and Combosquatting Attacks on the Python Ecosystem**. | ||
* Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **Preliminary Findings on FOSS Dependencies and Security A Qualitative Study on Developers’ Attitudes and Experience (Poster)**. In Proceedings of //the 42nd International Conference on Software Engineering (ICSE)//, 2020 - {{: | * Ivan Pashchenko, Duc-Ly Vu, Fabio Massacci. **Preliminary Findings on FOSS Dependencies and Security A Qualitative Study on Developers’ Attitudes and Experience (Poster)**. In Proceedings of //the 42nd International Conference on Software Engineering (ICSE)//, 2020 - {{: | ||
* Fabio Massacci, Chan Nam Ngo. **Distributed Financial Exchanges: Security Challenges and Design Principles** IEEE Security & Privacy (Early Access) [[https:// | * Fabio Massacci, Chan Nam Ngo. **Distributed Financial Exchanges: Security Challenges and Design Principles** IEEE Security & Privacy (Early Access) [[https:// | ||
Line 21: | Line 37: | ||
* de Haan, Johannes; Massacci, Fabio; Sterlini, Pierantonia; | * de Haan, Johannes; Massacci, Fabio; Sterlini, Pierantonia; | ||
===== 2018 ===== | ===== 2018 ===== | ||
+ | * Sajjad Arshad, Seyed Ali Mirheidari, Tobias Lauinger, Bruno Crispo, Engin Kirda, and William Robertson. **Large-Scale Analysis of Style Injection by Relative Path Overwrite.** the 2018 World Wide Web Conference (WWW' | ||
* Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **Demystifying authentication concepts in smartphones: | * Gupta, Sandeep, Attaullah Buriro, and Bruno Crispo. **Demystifying authentication concepts in smartphones: | ||
* Buriro, Attaullah, Bruno Crispo, Sandeep Gupta, and Filippo Del Frari. **Dialerauth: | * Buriro, Attaullah, Bruno Crispo, Sandeep Gupta, and Filippo Del Frari. **Dialerauth: | ||
Line 35: | Line 52: | ||
* I. Pashchenko. **FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools**. In // Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/ | * I. Pashchenko. **FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools**. In // Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/ | ||
* F. Massacci, C.N. Ngo, J. Nie, D. Venturi, J. Williams. **The seconomics (security-economics) vulnerabilities of Decentralized Autonomous Organizations**. To appear in //Security Protocols Workshop (SPW)// 2017. {{: | * F. Massacci, C.N. Ngo, J. Nie, D. Venturi, J. Williams. **The seconomics (security-economics) vulnerabilities of Decentralized Autonomous Organizations**. To appear in //Security Protocols Workshop (SPW)// 2017. {{: | ||
- | * L. Allodi, F. Massacci. **Security Events and Vulnerability Data for Cyber Security Risk Estimation.** To appear in //Risk Analysis// (Special Issue on Risk Analysis and Big Data), 2017.{{http://onlinelibrary.wiley.com/resolve/ | + | * L. Allodi, F. Massacci. **Security Events and Vulnerability Data for Cyber Security Risk Estimation.** To appear in //Risk Analysis// (Special Issue on Risk Analysis and Big Data), 2017.{{https://doi.org/ |
* L. Allodi, F. Massacci, J. Williams. **The Work Averse Attacker Model.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http:// | * L. Allodi, F. Massacci, J. Williams. **The Work Averse Attacker Model.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http:// | ||
* F. Massacci, J. Williams. **Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Adversaries.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http:// | * F. Massacci, J. Williams. **Cyberinsurance and Public Policy: Self-Protection and Insurance with Endogenous Adversaries.** In //Workshop on Economics of Information Security (WEIS)//, 2017. {{http:// |
publications.1593161619.txt.gz · Last modified: 2021/01/29 10:58 (external edit)