Security & Trust

News

  • December 18, 2024: TLSAssistant v3.1 released! release
    • The release introduces a fresh set of analysis modules to detect vulnerabilities in both Android and iOS mobile apps.
  • October 18, 2024: TDI 2025 accepted as a co-located workshop at the Joint National Conference on Cybersecurity events
    • The "3rd International Workshop on Trends in Digital Identity" (TDI 2025) has been officially accepted as a full-day event co-located with the Joint National Conference on Cybersecurity (ITASEC & SERICS 2025). It will take place in Bologna, Italy on February 3, 2025.
  • October 9, 2024: Papers accepted at CRiSIS 2024 papers
    • The papers "Modeling and Assessing Coercion Threats in Electronic Voting" by Riccardo Longo, Majid Mollaeefar, Umberto Morelli, Chiara Spadafora, Alessandro Tomasi, Silvio Ranise, and "Protecting Digital Identity Wallet: A Threat Model in the Age of eIDAS 2.0" by Amir Sharif, Zahra Ebadi Ansaroudi, Giada Sciarretta, Daniela Pöhn, Majid Mollaeefar, Wolfgang Hommel, Silvio Ranise have been accepted at the 19th International Conference on Risks and Security of Internet and Systems (CRiSIS 2024).
  • September 26, 2024: Paper accepted at IEEE Security & Privacy papers
    • The paper "Enhancing Security Testing for Identity Management Implementations: Introducing Micro-Id-Gym Language and Micro-Id-Gym Testing Tool" by Andrea Bisegna, Matteo Bitussi, Roberto Carbone, Silvio Ranise has been accepted at the IEEE Security & Privacy.
  • September 2, 2024: Paper accepted at iMETA2024 papers
    • The paper "Beyond Screens: Investigating Identity Proofing for the Metaverse Through Cross-Device Flows" by Marco Pernpruner, Cecilia Pasquini, Giada Sciarretta, Silvio Ranise has been accepted at the 2nd International Conference on Intelligent Metaverse Technologies & Applications (iMETA2024).
  • June 3, 2024: Talk at the European Identity and Cloud Conference seminars
    • The session “The eIDAS 2.0 Era: Exploring the Security Landscape of Digital Identity Wallets” has been accepted to the European Identity and Cloud Conference (EIC) 2024, which will take place in Berlin, Germany, from June 4 to June 7, 2024.
  • May 10, 2024: Paper accepted at JISA papers
    • The paper "On Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials" by Andrea Flamini, Giada Sciarretta, Mario Scuro, Amir Sharif, Alessandro Tomasi, Silvio Ranise has been accepted at the Journal of Information Security and Applications (JISA).
  • April 24, 2024: Paper accepted at Ital-IA 2024 papers
    • The paper "A Risk-based Approach to Trustworthy AI Systems for Judicial Procedures" by Majid Mollaeefar, Eleonora Marchesini, Roberto Carbone, Silvio Ranise has been accepted at the 4th CINI National Conference on Artificial Intelligence (Ital-IA 2024).
  • April 22, 2024: Paper accepted at SECRYPT 2024 papers
    • The paper "Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints" by Riccardo Germenia, Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta, Alessandro Tomasi, Silvio Ranise has been accepted at the 21th International Conference on Security and Cryptography (SECRYPT 2024).
  • December 19, 2023: Talk at OpenID Summit Tokyo 2024 seminars
    • On January 21, 2024, Amir Sharif will give the talk "Waiting for the EUDI Wallet: Securing the transition from SAML 2.0 to OpenID Connect" in the context of the OpenID Summit Tokyo 2024.
  • November 20, 2023: Paper accepted in the ECML/PKDD 2023 Post-Workshops and Tutorials Proceedings papers
    • The paper "Towards a Fine-Grained Threat Model for Video-Based Remote Identity Proofing" by Cecilia Pasquini, Marco Pernpruner, Giada Sciarretta, Silvio Ranise has been accepted at the Machine Learning and Principles and Practice of Knowledge Discovery in Databases.
  • July 17, 2023: Paper accepted at TDSC papers
    • The paper "An Automated Multi-Layered Methodology to Assist the Secure and Risk-Aware Design of Multi-Factor Authentication Protocols" by Marco Pernpruner, Roberto Carbone, Giada Sciarretta, Silvio Ranise has been accepted at the IEEE Transactions on Dependable and Secure Computing (TDSC).
  • May 25, 2023: Paper accepted at DBSec 2023 papers
    • The paper "Assurance, Consent and Access Control for Privacy-Aware OIDC Deployments" by Gianluca Sassetti, Amir Sharif, Giada Sciarretta, Roberto Carbone, Silvio Ranise has been accepted at the 37th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2023).
  • May 15, 2023: Paper accepted at ARES 2023 papers
    • The paper "Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities" by Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, Roberto Carbone, Silvio Ranise has been accepted at the 18th International Conference on Availability, Reliability and Security (ARES 2023).
  • April 24, 2023: Paper accepted at SECRYPT 2023 papers
    • The paper "A First Appraisal of Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials" by Andrea Flamini, Silvio Ranise, Giada Sciarretta, Mario Scuro, Amir Sharif, Alessandro Tomasi has been accepted at the 20th International Conference on Security and Cryptography (SECRYPT 2023).
  • April 4, 2023: Amir Sharif won the 2023 OpenID Foundation Kim Cameron Award awards
    • Amir Sharif has been chosen as a recipient of the 2023 OpenID Foundation Kim Cameron Award. The award aims to encourage representation from young people who have an interest in subjects consistent with the OpenID Foundation Mission, in creating identity standards that are secure, interoperable, and privacy preserving.
  • March 30, 2023: Session "PID Issuance for the eIDAS 2.0 Wallets: Do not throw the Baby with the Bathwater" at ITASEC 2023 seminars
    • The session “PID Issuance for the eIDAS 2.0 Wallets: Do not throw the Baby with the Bathwater” has been accepted to the Italian Conference on Cybersecurity (ITASEC) 2023, which will take place in Bari, from May 3 to May 5, 2023. The session will be presented by Amir Sharif (FBK).
  • March 28, 2023: Paper accepted at COSE papers
    • The paper "Identifying and Quantifying Trade-offs in Multi-Stakeholder Risk Evaluation with Applications to the Data Protection Impact Assessment of the GDPR" by Majid Mollaeefar, Silvio Ranise has been accepted at the Computers & Security Journal (COSE).
  • February 17, 2023: Session "Past, Present and Future of the Italian Digital Identity Ecosystem" at European Identity and Cloud Conference 2023 seminars
    • The session “Past, Present and Future of the Italian Digital Identity Ecosystem” has been accepted to the European Identity and Cloud Conference (EIC) 2023, which will take place in Berlin, Germany, from May 9 to May 12, 2023.
  • December 8, 2022: Paper accepted at MDPI Journal of Applied Science in the Topical Collection of Innovation in Information Security papers
    • The paper "The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes" by Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Francesco Antonio Marino, Silvio Ranise has been accepted at the MDPI Journal of Applied Science (APPLSCI).
  • November 17, 2022: Bugs reported to Mqtt v.5.0 brokers disclosure
    • Our internship student Stefano da Roit reported seven possible security issues to eight MQTT broker implementations as part of his investigation of DoS attacks exploiting the new features introduced by the MQTT v.5.0 protocol.
  • September 17, 2022: Best Paper Award - FARES'22 (17th Edition) awards
    • The paper "SoK: A Survey on Technological Trends for (pre)Notified eIDAS Electronic Identity Schemes" has been awarded with the best paper award in the "17th International Workshop on Frontiers in Availability, Reliability and Security" (FARES 2022).
  • September 16, 2022: Premio Tesi Clusit "Innovare la sicurezza delle informazioni" - 17a Edizione awards
    • 3rd place for Matteo Rizzi. Congratulations!!!
  • August 18, 2022: POTENTIAL website is now online collaboration
    • We are happy to announce that the POTENTIAL (PilOTs for EuropeaN digiTal Identity wALlet) website is now online: http://www.digital-identity-wallet.eu. The Center for Cybersecurity of FBK is a member of the consortium.
  • June 10, 2022: Papers accepted at FARES2022 papers
    • The papers "Distributed Enforcement of Access Control policies in Intelligent Transportation System (ITS) for Situation Awareness" by Tahir Ahmad, Umberto Morelli, Silvio Ranise, and "SoK: A Survey on Technological Trends for (pre)Notified eIDAS Electronic Identity Schemes" by Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Silvio Ranise have been accepted at the 17th International Workshop on Frontiers in Availability, Reliability and Security (FARES2022).
  • May 26, 2022: Paper accepted at DBSEC 2022 papers
    • The paper "End-to-End Protection of IoT Communications Through Cryptographic Enforcement of Access Control Policies" by Stefano Berlato, Roberto Carbone, Umberto Morelli, Silvio Ranise has been accepted at the 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2022).
  • April 25, 2022: Demo accepted at SACMAT 2022
    • The paper "Demo: TLSAssistant v2 - A Modular and Extensible Framework for Securing TLS" by Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise has been accepted at the 27th ACM Symposium on Access Control Models And Technologies (SACMAT 2022).
  • March 31, 2022: Session "Cross-domain sharing of user claims: a proposal for OIDC" at OAuth Security Workshop 2022 seminars
    • The session “Cross-domain sharing of user claims: a proposal for OIDC” has been accepted to the OAuth Security Workshop (OSW) 2022, which will take place in Trondheim, Norway, from May 4 to May 6, 2022. The session will be presented by Amir Sharif (FBK).
  • March 31, 2022: Session "OAuth2/OpenID Connect mistakes found in production mobile apps" at OAuth Security Workshop 2022 seminars
    • The session “OAuth2/OpenID Connect mistakes found in production mobile apps” has been accepted to the OAuth Security Workshop (OSW) 2022, which will take place in Trondheim, Norway, from May 4 to May 6, 2022. The session will be presented by Amir Sharif (FBK) and Joseph Heenan (Senior Architect at Authlete Inc).
  • March 31, 2022: Session "Top OAuth2/OpenID Connect mistakes found in production mobile apps" at Identiverse 2022 seminars
    • The session “Top OAuth2/OpenID Connect mistakes found in production mobile apps” has been accepted to Identiverse 2022, which will take place in Denver, USA, from June 21 to June 24, 2022. The session will be presented by Amir Sharif (FBK) and Joseph Heenan (Senior Architect at Authlete Inc).
  • December 21, 2021: Paper accepted at CODASPY 2022 papers
    • The paper "A Modular and Extensible Framework for Securing TLS" by Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise has been accepted at the 12th ACM Conference on Data and Application Security and Privacy (CODASPY 2022).
  • December 14, 2021: Paper accepted at JISA papers
    • The paper "Best Current Practices for OAuth/OIDC Native Apps: A Study of their Adoption in Popular Providers and Top-Ranked Android Clients" by Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise has been accepted at the Journal of Information Security and Applications (JISA).
  • October 26, 2021: Paper accepted at T-ITS papers
    • The paper "Smart Card-Based Identity Management Protocols for V2V and V2I Communications in CCAM: a Systematic Literature Review" by Stefano Berlato, Marco Centenaro, Silvio Ranise has been accepted at the IEEE Transactions on Intelligent Transportation Systems (T-ITS).
  • September 22, 2021: Paper accepted at SMDS 2021 papers
    • The paper "Assessing the Effectiveness of the Shared Responsibility Model for Cloud Databases: the Case of Google's Firebase" by Biniam Fisseha Demissie, Silvio Ranise has been accepted at the IEEE International Conference on Smart Data Services (SMDS 2021).
  • September 13, 2021: Notte dei Ricercatori 2021 attendances
    • Venerdì 24 settembre dalle 17 alle 24, l’unità Security & Trust parteciperà alla “Notte dei Ricercatori 2021” con l’attività Siamo al sicuro? Mettiamoci alla prova! Avvicinamento alla sicurezza informatica.
  • July 1, 2021: FBK and Cassa Centrale Banca together for "Cyber Threat Intelligence" collaborations
    • The partnership aims at developing an innovative program in Cyber Threat Intelligence to further consolidate the Group's IT security control.
  • June 25, 2021: Masterclass "How can eID Cards Improve the Security and Usability of Authentication Protocols? From the Design to the Security and Risk Analysis" at Identiverse 2021 seminars
    • The Masterclass “How can eID Cards Improve the Security and Usability of Authentication Protocols? From the Design to the Security and Risk Analysis” has been accepted to Identiverse 2021 and virtually presented on Wednesday June 23rd, 3:30-4:20 PM CEST by Marco Pernpruner.
  • June 5, 2021: Paper accepted at IoT-SECFOR 2021 papers
    • The paper "DoS Attacks in Available MQTT Implementations: Investigating the Impact on Brokers and Devices, and supported Anti-DoS Protections." by Umberto Morelli, Ivan Vaccari, Silvio Ranise, Enrico Cambiaso has been accepted at the The 5th International Workshop on Security and Forensics of IoT (IoT-SECFOR 2021).
  • June 4, 2021: Paper accepted at DBSec 2021 papers
    • The paper "Automated Risk Assessment and What-if Analysis of OpenID Connect and OAuth 2.0 Deployments" by Salimeh Dashti, Amir Sharif, Roberto Carbone, Silvio Ranise has been accepted at the 35th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2021).
  • May 31, 2021: Paper accepted at ETACS 2021 papers
    • The paper "Do Security Reports Meet Usability? - Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations" by Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise has been accepted at the The 16th International Conference on Availability, Reliability and Security (ARES 2021) (ETACS 2021).
  • May 23, 2021: Paper accepted at ICSE 2021 papers
    • The paper "Security Analysis of Permission Re-delegation Vulnerabilities in Android Apps" by Biniam Fisseha Demissie, Mariano Ceccato, Lwin Khin Shar has been accepted at the 43rd Internation Conference on Software Engineering (ICSE 2021).
  • May 17, 2021: Paper accepted at SECRYPT 2021 papers
    • The paper "Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment" by Stefano Berlato, Roberto Carbone, Silvio Ranise has been accepted at the 18th International Conference on Security and Cryptography (SECRYPT 2021).
  • April 28, 2021: Talk at OWASP Italy Day 2021 seminars
    • On April 28, 2021, the Security & Trust Unit will be involved in the "OWASP Italy Day 2021", with Andrea Bisegna holding the presentation "Integrating a Pentesting Tool for IdM Protocols in a Continuous Delivery Pipeline".
  • April 2, 2021: Talk at ITASEC 2021 seminars
    • On April 9, 2021, the Security & Trust Unit will be involved in the Vulnerability Assessment And Penetration Testing session of the Italian Conference on CyberSecurity (ITASEC 2021), with Andrea Bisegna, Roberto Carbone and Silvio Ranise giving the talk “Integrating a Pentesting Tool for IdM Protocols in a Continuous Delivery Pipeline”.
  • March 26, 2021: Bug reported to Cisco
    • Our researcher Amir Sharif has recently reported a security problem in Cisco Webex IOS and Android Clients Authentication Implementation (CSCvw76899).
  • March 11, 2021: Tech Talk "Scenari, approcci, esperienze di strong authentication pre e post direttiva PSD2" seminars
    • On March 11, 2021, the Security & Trust Unit held the Tech Talk “Scenari, approcci, esperienze di strong authentication pre e post direttiva PSD2” for Dedagroup.
  • March 10, 2021: Silvio Ranise gave a talk at the event "SPID e CIE: come arrivare alla svolta per le imprese nel 2021" seminars
    • On March 10, 2021, Silvio Ranise gave the talk “Esperienze di applicazione di CIE” in the context of the event “SPID e CIE: come arrivare alla svolta per le imprese nel 2021”, organised by ClubTI Milano.
  • February 10, 2021: Webinar "Lost in TLS: the importance of mitigating vulnerabilities in the FINSEC platform" seminars
    • On February 23, 2021, the Security & Trust Unit held the webinar “Lost in TLS: the importance of mitigating vulnerabilities in the FINSEC platform”, in the context of the Digital Finance Academy for Security within the FINSEC European Project.
  • January 11, 2021: Participation in "Recent Security Advances in the Finance Sector" Workshop seminars
    • On January 14, 2021, the Security & Trust Unit will be involved in the Finance Sector Security on-Line Training Workshop "Recent Security Advances in the Finance Sector", with Marco Pernpruner holding the webinar "Automated Security and Risk Analysis of Strong Customer Authentication Solutions for the PSD2".
  • January 11, 2021: Amir Sharif at Security for Software Developers (Sec4dev) seminars
    • On February 24, 2021, Amir Sharif will give the talk "Security Issues in OAuth/OIDC implementations" in the context of "Security for Software Developers 2021" (Sec4dev 2021).
  • January 1, 2021: Roberto Carbone appointed as new Head of the Security & Trust Unit
    • Roberto Carbone has been appointed as new Head of the Security & Trust Research Unit of FBK.
  • December 22, 2020: Paper accepted at CODASPY 2021 papers
    • The paper "Secure Pull Printing with QR Codes and National eID Cards: A Software-oriented Design and an Open-source Implementation" by Matteo Leonelli, Umberto Morelli, Silvio Ranise, Giada Sciarretta has been accepted at the 11th ACM Conference on Data and Application Security and Privacy (CODASPY 2021).
  • November 11, 2020: Premio Tesi Clusit "Innovare la sicurezza delle informazioni" - 15a Edizione awards
    • 3rd and 4th place for Stefano Berlato and Carlotta Tagliaro. Congratulations!!!
  • November 5, 2020: Article published on Exprivia Threat Intelligence Report 3Q2020 tools articles
    • Valutazione automatica dei rischi di sicurezza delle procedure di autenticazione bancarie
  • November 4, 2020: Webinar "Autenticazione bancaria siamo al sicuro? Chiediamolo a MuFASA!" seminars
    • On November 4, 2020, the Security & Trust Unit held the webinar "Autenticazione bancaria: siamo al sicuro? Chiediamolo a MuFASA!", in the context of the Apulia CyberSecurity Forum. The webinar deals with the security of financial authentication protocols, with particular regard to the impact of the Payment Services Directive (PSD2).
  • October 10, 2020: Silvio Ranise selected as Director of the Center for Cybersecurity
    • After an international selection, Silvio Ranise has been chosen as Director of the new Center for Cybersecurity of FBK.
  • September 28, 2020: Webinar "Strong Customer Authentication for the PSD2: security issues and possible mitigations to share with end users" seminars
    • On September 28, 2020, the Security & Trust Unit held the webinar “Strong Customer Authentication for the PSD2: security issues and possible mitigations to share with end users”, in the context of the Digital Finance Academy for Security within the FINSEC European Project.
  • July 20, 2020: Paper accepted at 5GWF 2020 papers
    • The paper "Security Considerations on 5G-Enabled Back-Situation Awareness for CCAM" by Marco Centenaro, Stefano Berlato, Roberto Carbone, Gianfranco Burzio, Giuseppe Faranda Cordella, Silvio Ranise, Roberto Riggio has been accepted at the 3rd IEEE 5G World Forum (5GWF20).
  • July 18, 2020: Giada Sciarretta at OSW 2020 attendances papers
    • On July 22, 2020, Giada Sciarretta will present the following paper: Giada Sciarretta, Roberto Carbone, Silvio Ranise, and Luca Viganò "Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login", published at ACM Transactions on Privacy and Security (TOPS).
  • June 11, 2020: Considerazioni su Privacy e Security delle App di Proximity Tracing
    • Il Laboratorio Nazionale di Cybersecurity ha costituito un gruppo di lavoro che ha tenuto traccia dei sistemi di contact tracing e delle possibili vulnerabilità a essi collegate. Il primo risultato è nel white paper “Considerazioni su privacy e security delle app di proximity tracing” sulle minacce per la privacy e la sicurezza dei sistemi di tracciamento.
  • June 3, 2020: Article published on ICT Security Magazine tools articles
    • TLSAssistant: uno strumento per mitigare i problemi di sicurezza di TLS
  • May 5, 2020: Webinar "Cyber Security & Servizi Finanziari" seminars
    • On May 5, 2020, the Security & Trust Unit held the webinar "Cyber Security & Servizi Finanziari" (Cyber Security & Financial Services), in the context of the corporate development program FBK Academy. The webinar deals with the security of financial authentication protocols, with particolar regard to the impact of the Payment Services Directive (PSD2).
  • April 15, 2020: Paper accepted at SECRYPT 2020 papers
    • The paper "Multi-Stakeholder Cybersecurity Risk Assessment for Data Protection" by Majid Mollaeefar, Alberto Siena, Silvio Ranise has been accepted at the 17th International Conference on Security and Cryptography (SECRYPT 2020).
  • April 8, 2020: Paper accepted at SACMAT 2020 papers
    • The paper "Deploying Access Control Enforcement for IoT in the Cloud-Edge Continuum with the help of the CAP Theorem" by Tahir Ahmad, Umberto Morelli, Silvio Ranise has been accepted at the 25th ACM Symposium on Access Control Models And Technologies (SACMAT 2020).
  • March 12, 2020: Paper accepted at TOPS papers
    • The paper "Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login" by Roberto Carbone, Silvio Ranise, Giada Sciarretta, Luca Viganò has been accepted at the ACM Transactions on Privacy and Security (TOPS).
  • February 15, 2020: Paper accepted at ASIACCS 2020 papers
    • The paper "Exploring Architectures for Cryptographic Access Control Enforcement in the Cloud for Fun and Optimization" by Stefano Berlato, Roberto Carbone, Adam J. Lee, Silvio Ranise has been accepted at the 15th ACM ASIA Conference on Computer and Communications Security (ASIACCS 2020).
  • February 2, 2020: Paper accepted at COSE papers
    • The paper "A Survey on Multi-Factor Authentication for Online Banking in the Wild" by Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Nicola Zannone has been accepted at the Computers & Security Journal (COSE).
  • January 29, 2020: Paper accepted at JISA papers
    • The paper "A Large-Scale Study on the Adoption of Anti-Debugging and Anti-Tampering Protections in Android Apps" by Stefano Berlato, Mariano Ceccato has been accepted at the Journal of Information Security and Applications (JISA).
  • January 7, 2020: Papers accepted at ITASEC 2020 papers
    • The papers "Automated Secure Code Generation for OpenID Connect iGov Profile in Mobile Native Applications" by Amir Sharif, Roberto Carbone, Silvio Ranise, Giada Sciarretta, and "Pull Printing with National eID Cards: An Open-source and Software-oriented Implementation" by Matteo Leonelli, Umberto Morelli, Silvio Ranise, Giada Sciarretta have been accepted at the Italian Conference on CyberSecurity (ITASEC 2020).
  • December 1, 2019: Paper accepted at CODASPY 2020 papers
    • The paper "The Good, the Bad and the (Not So) Ugly of Out-Of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis" by Marco Pernpruner, Roberto Carbone, Silvio Ranise, Giada Sciarretta has been accepted at the 10th ACM Conference on Data and Application Security and Privacy (CODASPY 2020).
  • November 11, 2019: Premio Tesi Clusit "Innovare la sicurezza delle informazioni" - 14a Edizione awards
    • 3rd place for Giovanni Ferronato. Congratulations!!!
  • October 1, 2019: Paper accepted at FPS 2019 papers
    • The paper "Enroll, and authentication will follow: eID-based enrollment for a customized, secure, and frictionless authentication experience" by Silvio Ranise, Giada Sciarretta, Alessandro Tomasi has been accepted at the 12th International Symposium on Foundations & Practice of Security (FPS 2019).
  • September 20, 2019: Notte dei Ricercatori 2019 attendances
    • L’unità Security & Trust parteciperà alla “Notte dei Ricercatori 2019” con l’attività “Ti senti al sicuro? Sicurezza online, identità digitale e uso della carta d’identità elettronica”, durante la quale verrà mostrato l’uso dei certificati nella sicurezza delle comunicazioni e di Internet, insieme a loro applicazioni reali e sperimentali attraverso la Carta d’Identità Elettronica 3.0.
  • August 6, 2019: Paper accepted at MSTEC 2019 papers
    • The paper "An Open and Flexible CyberSecurity Training Laboratory in IT/OT Infrastructures" by Umberto Morelli, Silvio Ranise, Lorenzo Nicolodi has been accepted at the 1st Model-driven Simulation and Training Environments for Cybersecurity Workshop (MSTEC 2019).
  • July 30, 2019: Paper accepted at ETAA 2019 papers
    • The paper "MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols" by Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Silvio Ranise has been accepted at the 2nd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA 2019).
  • July 25, 2019: Paper accepted at STM 2019 papers
    • The paper "Audit-Based Access Control with a Distributed Ledger: Applications to Healthcare Organizations" by Umberto Morelli, Silvio Ranise, Damiano Sartori, Giada Sciarretta, Alessandro Tomasi has been accepted at the 15th International Workshop on Security and Trust Management (STM 2019).
  • May 4, 2019: Paper accepted at CSRIoT 2019 papers
    • The paper "MQTTSA: A Tool for Automatically Assisting the Secure Deployments of MQTT brokers" by Andrea Palmieri, Paolo Prem, Silvio Ranise, Umberto Morelli, Tahir Ahmad has been accepted at the IEEE SERVICES Workshop on Cyber Security & Resilience in the Internet of Things (IEEE SERVICES CSRIoT 2019).
  • May 2, 2019: Papers accepted at SECRYPT 2019 papers
    • The papers "A Tool-assisted Methodology for the Data Protection Impact Assessment" by Salimeh Dashti, Silvio Ranise, and "A Wizard-Based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps" by Amir Sharif, Roberto Carbone, Silvio Ranise, Giada Sciarretta have been accepted at the 16th International Conference on Security and Cryptography (SECRYPT 2019).
  • April 15, 2019: Paper accepted at DBSec 2019 papers
    • The paper has been accepted at the 16th International Conference on Security and Cryptography (SECRYPT 2019).
  • October 11, 2018: Paper accepted at FPS 2018 papers
    • The paper "Validating Requirements of Access Control for Cloud-Edge IoT Solutions" by Tahir Ahmad, Silvio Ranise has been accepted at the 11th International Symposium on Foundations & Practice of Security (FPS 2018).
  • April 2, 2018: Paper accepted at SACMAT 2018 papers
    • The paper "A Lazy Approach to Access Control as a Service (ACaaS) for IoT: An AWS Case Study" by Tahir Ahmad, Umberto Morelli, Silvio Ranise, Nicola Zannone has been accepted at the 23rd ACM Symposium on Access Control Models And Technologies (SACMAT 2018).
  • March 14, 2018: OAuth Security Workshop 2018 events
    • The S&T Unit organizes the OAuth Security Workshop 2018.
  • January 25, 2018: Paper accepted at POST 2018 papers
    • The paper "Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience" by Giada Sciarretta, Roberto Carbone, Silvio Ranise, Luca Viganò has been accepted at the 7th International Conference on Principles of Security and Trust (POST 2018).
  • October 17, 2017: Paper accepted at EuroS&P 2017 papers
    • The paper "Large-scale Analysis & Detection of Authentication Cross-Site Request Forgeries" by Avinash Sudhodanan, Roberto Carbone, Luca Compagna, Nicolas Dolgin, Alessandro Armando, Umberto Morelli has been accepted at the 2nd IEEE European Symposium on Security and Privacy (EUROS&P 2017).
  • June 15, 2017: Paper accepted at SECRYPT 2017 papers
    • The paper "Strong Authentication for e-Banking: a Survey on European Regulations and Implementations" by Federico Sinigaglia, Gabriele Costa, Roberto Carbone has been accepted at the 14th International Conference on Security and Cryptography (SECRYPT 2017).
  • June 15, 2017: Paper accepted at IFIPSEC 2017 papers
    • The paper "Assisted Authoring, Analysis and Enforcement of Access Control Policies in the Cloud" by Umberto Morelli, Silvio Ranise has been accepted at the 32nd International Conference on ICT Systems Security and Privacy Protection (IFIPSEC 2017).
  • September 1, 2016: Alessandro Armando ospite al Festival della Comunicazione 2016 attendances
    • Alessandro Armando parteciperà come ospite al Festival della Comunicazione in programma a Camogli dall’8 all’11 settembre.
  • July 18, 2016: DBSec 2016 events
    • The 30th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2016) will be held in Trento, Italy, from July 18th to July 21st 2016. DBSec is an annual international conference covering research in data and applications security and privacy. Newscasts, items of news available here.
  • June 16, 2016: Paper accepted at SECRYPT 2016 papers
    • The paper "Security of Mobile Single Sign-On: a Rational Reconstruction of Facebook Login Solution" by Giada Sciarretta, Alessandro Armando, Roberto Carbone, Silvio Ranise has been accepted at the 13th International Conference on Security and Cryptography (SECRYPT 2016).
  • April 14, 2016: Call for a joint UNIGE-FBK PhD Student Scholarship
    • Call for a joint UNIGE-FBK PhD Student Scholarship in Distributed Application Security.
  • February 16, 2016: Paper accepted at ESSoS 2016 papers
    • The paper "On the Security Cost of Using a Free and Open Source Component in a Proprietary Product" by Stanislav Dashevskyi, Achim D. Brucker, Fabio Massacci has been accepted at the International Symposium on Engineering Secure Software and Systems (ESSoS 2016).
  • February 8, 2016: Winter School SECENTIS 2016 events
    • The SECENTIS Winter School will be held in Trento, Italy on February 8-12, 2016.
  • January 11, 2016: Paper accepted at ABAC 2016 papers
    • The paper "SMT-based Enforcement and Analysis of NATO Content-based Protection and Release Policies" by Alessandro Armando, Silvio Ranise, Riccardo Traverso, Konrad Wrona has been accepted at the 1st International Workshop on Attribute Based Access Control (ABAC 2016).
  • October 23, 2015: Paper accepted at NDSS 2016 papers
    • The paper "Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications" by Avinash Sudhodanan, Alessandro Armando, Luca Compagna, Roberto Carbone has been accepted at the Network and Distributed System Security Symposium (NDSS 2016).
  • June 30, 2015: DBSec 2015 - Best student paper award awards
    • The following DBSec 2015 paper has been selected to be awarded with the BEST STUDENT PAPER AWARD: TITLE: Assisting the Deployment of Security-Sensitive Workflows by Finding Execution Scenarios
  • June 5, 2015: Paper accepted at TaPP 2015 papers
    • The paper "A Proposal Architecture for Logical Data Tracking in Cloud" by Mojtaba Eskandari, Bruno Crispo, Anderson Santana de Oliveira has been accepted at the 7th International Workshop on Theory and Practice of Provenance (TaPP 2015).
  • April 21, 2015: Paper accepted at DBSec 2015 papers
    • The paper "Assisting the Deployment of Security-Sensitive Workflows by Finding Execution Scenarios" by Daniel Ricardo dos Santos, Silvio Ranise, Luca Compagna, Serena Elisa Ponta has been accepted at the 29th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2015).
  • April 1, 2015: Paper accepted at ASIACCS 2015 papers
    • The paper "Automated Synthesis of Run-time Monitors to Enforce Authorization Policies in Business Processes" by Clara Bertolissi, Daniel Ricardo dos Santos, Silvio Ranise has been accepted at the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS2015).
  • March 27, 2015: Tuan Anh successfully defends his PhD thesis. Congratulation!
    • Congratulations to Tuan Anh Truong for successfully defending his thesis on “Efficient Automated Security Analysis of Complex Authorization Policies”.
  • February 7, 2015: Master di II livello in Cyber Security and Data Protection
    • La scadenza per la presentazione delle domande di ammissione al Master di II livello in Cyber Security and Data Protection, organizzato dal Dipartimento DITEN dell’Università di Genova, in collaborazione con ISICT (Istituto Superiore di Studi in Tecnologie dell’Informazione e della Comunicazione) e Fondazione Ansaldo, è fissta per le ore 12.00 del 9 febbraio. Il programma del Master è disponibile sul sito www.mastercybersecurity.it
  • September 23, 2014: Papers accepted at IEEE CloudCom 2014 papers
    • The paper has been accepted at the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS2015).
  • August 28, 2014: Doctoral Course on Security Threat Identification and Testing (grants available)
    • The Doctoral Course on Security Threat Identification and Testing will be held in Trento (Italy), 20-25 November 2014, in the context of the Doctoral School in Information and Communication Technology of the University of Trento, organized in collaboration with the Center for Information Technology of the Bruno Kessler Foundation (FBK).
  • June 9, 2014: Paper accepted at CSET '14 papers
    • The paper "TESTREX: a Testbed for Repeatable Exploits" by Stanislav Dashevskyi, Daniel Ricardo dos Santos, Fabio Massacci, Antonino Sabetta has been accepted at the 7th Workshop on Cyber Security Experimentation and Test (CSET '14).
  • May 20, 2014: Papers accepted at SACMAT 2014 papers
    • The papers "Attribute Based Access Control for APIs in Spring Security" by Alessandro Armando, Roberto Carbone, Eyasu Getahun Chekole, Silvio Ranise, and "Scalable and Precise Automated Analysis of Administrative Temporal Role-Based Access Control" by Silvio Ranise, Tuan Anh Truong, Alessandro Armando have been accepted at the 18th ACM Symposium on Access Control Models and Technologies (SACMAT 2014).
  • April 5, 2014: Roberto Carbone at ETAPS 2014 attendances papers
    • On Monday, 7th April, Roberto Carbone will present the following paper: Alessandro Armando, Roberto Carbone and Luca Compagna. "SATMC: a SAT-based Model Checker for Security-critical Systems".
  • March 7, 2014: Avinash reported a bug in Yahoo's SSO
    • Avinash reported a bug in Yahoo’s Social Sign On using Facebook Connect protocol while he was working on the state of the art techniques of automatic analysis of browser-based security protocols.
  • February 19, 2014: Paper accepted at Workshop on Smart Grid Security papers
    • The paper "Selective Release of Smart Metering Data in Multi-domain Smart Grids" by Alessandro Armando, Roberto Carbone, Eyasu Getahun Chekole, Claudio Petrazzuolo, Andrea Ranalli, Silvio Ranise has been accepted at the Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14).
  • January 30, 2014: ST seminar by Worachet Uttha seminars
    • Seminar "Access Control Modeling and Enforcement in Distributed Web Applications" by Worachet Uttha will be held on Thursday, 30 January 2014 at 12:00 PM.
  • December 18, 2013: SECENTIS seminar by Mojtaba Eskandari seminars
    • Seminar on Security Policy Enforcement and Monitoring by Mojtaba Eskandari will be held on Wednesday, 18 December 2013 at 11:00 AM.
  • December 11, 2013: SECENTIS seminar by Nadia Metoui seminars
    • Seminar on Risk-based Access Control by Nadia Metoui will be held on Wednesday, 11 December 2013 at 11:00 AM.
  • December 9, 2013: SECENTIS seminar by Stanislav Dashevskyi seminars
    • Seminar on Certification of Third-parties Applications by Stanislav Dashevskyi will be held on Monday, 09 December 2013 at 4:00 PM.
  • November 27, 2013: ST seminar "ICT security in Industrial Control Systems: an Overview" seminars
    • Seminar "ICT security in Industrial Control Systems: an Overview" by Alessio Coletta will be held on Wednesday, 27 November 2013 at 11:30 AM.
  • November 20, 2013: SECENTIS seminar by Daniel Ricardo dos Santos seminars
    • Seminar on Automatic Security Analysis of Business Processes by Daniel Ricardo dos Santos will be held on Wednesday, 20 November 2013 at 11:00 AM.
  • November 6, 2013: SECENTIS seminar by Avinash Sudhodanan seminars
    • Seminar on Automatic Analysis of Browser-based Security Protocols by Avinash Sudhodanan will be held on Wednesday, 06 November 2013 at 11:00 AM.
  • November 5, 2013: Paper accepted at IEEE/IFIP NOMS 2014 papers
    • The paper "A Dynamic Risk-based Access Control Architecture for Cloud Computing" by Daniel Ricardo dos Santos, Carla Merkle Westphall, Carlos Becker Westphall has been accepted at the 14th IEEE/IFIP Network Operations and Management Symposium (NOMS 2014).
  • October 23, 2013: Alessandro Armando gives invited talk at PAS 2013 attendances
    • On Wednesday 23 October, Alessandro Armando will give an invited talk titled "Model Checking Programs with Arrays" at PAS 2013.
  • September 27, 2013: Roberto Carbone alla Notte dei Ricercatori 2013 attendances
    • Roberto Carbone parlerà di come fronteggiare le minacce della rete durante la Notte dei Ricercatori a Trento.
  • August 27, 2013: Paper accepted at FPS 2013 papers
    • The paper "Formal Modelling of Content-Based Protection and Release for Access Control in NATO Operations" by Alessandro Armando, Sander Oudkerk, Silvio Ranise, Konrad Wrona has been accepted at the International Symposium on Foundations and Practice of Security (FPS 2013).
  • June 6, 2013: Paper accepted at FroCoS 2013 papers
    • The paper "Verification of Composed Array-based Systems with Applications to Security-Aware Workflows" by Clara Bertolissi, Silvio Ranise has been accepted at the International Symposium on Frontiers of Combining Systems (FroCoS 2013).