Security & Trust

Amir Sharif

Amir Sharif Researcher

Amir Sharif is a researcher in the Security & Trust Research Unit of the Cybersecurity Center of Fondazione Bruno Kessler. He received his Ph.D. in Secure and Reliable Systems from Università Degli Studi di Genova in 2021. He is currently involved in the Security & Trust Research Unit at FBK, in the context of a joint laboratory between FBK and the Italian Government Printing Office and Mint (Poligrafico e Zecca dello Stato Italiano, responsible for producing Italian eID cards), whose primary goal is to conduct research and innovation activities in digital identity solutions.

He is working on different projects related to identity and access management that involves the design, and security analysis of access delegation and single sign-on protocols (e.g., OAuth 2.0 and OpenID Connect). Recently, he starts to work on the topic of decentralized identity solutions and more specifcally explore the various topics in the context of European Digital Identity Wallet (e.g., PID issuance).

His research interests include identity management solution design and security analysis, decentralized identity, and data hiding techniques.

Publications

2023

  • Andrea Flamini, Silvio Ranise, Giada Sciarretta, Mario Scuro, Amir Sharif, Alessandro Tomasi
    A First Appraisal of Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials
    In: 20th International Conference on Security and Cryptography (SECRYPT 2023) (DOI, news)
  • Gianluca Sassetti, Amir Sharif, Giada Sciarretta, Roberto Carbone, Silvio Ranise
    Assurance, Consent and Access Control for Privacy-Aware OIDC Deployments
    In: Proceedings of the 37th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2023) (DOI, news)
  • Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, Roberto Carbone, Silvio Ranise
    Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities
    In: 18th International Conference on Availability, Reliability and Security (ARES 2023) (DOI, news)

2022

  • Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    SoK: A Survey on Technological Trends for (pre)Notified eIDAS Electronic Identity Schemes
    In: 17th International Workshop on Frontiers in Availability, Reliability and Security (FARES2022) (DOI, complementary material, news)
  • Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Francesco Antonio Marino, Silvio Ranise
    The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes
    In: MDPI Journal of Applied Science (APPLSCI) (DOI, complementary material, news)

2021

  • Salimeh Dashti, Amir Sharif, Roberto Carbone, Silvio Ranise
    Automated Risk Assessment and What-if Analysis of OpenID Connect and OAuth 2.0 Deployments
    In: Proceedings of the 35th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2021) (news)
  • Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    Best Current Practices for OAuth/OIDC Native Apps: A Study of their Adoption in Popular Providers and Top-Ranked Android Clients
    In: Journal of Information Security and Applications (JISA) (DOI, news)

2020

  • Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    Automated and Secure Integration of the OpenID Connect iGov Profile in Mobile Native Applications
    In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI, complementary material)

2019

  • Amir Sharif, Roberto Carbone, Silvio Ranise, Giada Sciarretta
    A Wizard-Based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
    In: 16th International Conference on Security and Cryptography (SECRYPT 2019) (DOI, complementary material, news)

Theses

  • Amir Sharif (PhD Thesis, University of Genoa, 2021)
    Analysis of Best Current Practices to Assist Native App Developers with Secure OAuth/OIDC Implementations
    Supervisor: Roberto Carbone | Co-supervisors: Silvio Ranise, Giada Sciarretta

Projects

Former

Dissemination

2023

  • June 6, 2023 • Specialized
    Amir Sharif
    Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities
    1st International Workshop on Trends in Digital Identity 2023 (Event, Program)
  • May 11, 2023 • Specialized
    Francesco Antonio Marino, Giada Sciarretta, Amir Sharif
    Past, Present, and Future of the Italian Digital Identity Ecosystem
    European Identity and Cloud (EIC) Conference 2023 (Event, Session)

2022

  • June 23, 2022 • Specialized
    Joseph Heenan, Amir Sharif
    Top OAuth/OpenID Connect Mistakes Found in Production Mobile Apps
    Identiverse 2022 (Video)
  • May 5, 2022 • Specialized
    Roberto Carbone, Giuseppe De Marco, Francesco Antonio Marino, Silvio Ranise, Giada Sciarretta, Amir Sharif
    Cross-Domain Sharing of User Claims: A Proposal for OIDC
    OAuth Security Workshop (OSW) 2022 (Event)
  • May 4, 2022 • Specialized
    Joseph Heenan, Amir Sharif
    Top OAuth/OpenID Connect Mistakes Found in Production Mobile Apps
    OAuth Security Workshop (OSW) 2022 (Event)

2021

  • February 24, 2021 • Specialized
    Amir Sharif
    Security Issues in OAuth/OIDC-based app Implementations
    Sec4dev Conference and Bootcamp 2021 (Event, Program, Video)

2019

  • March 22, 2019 • Specialized
    Roberto Carbone, Silvio Ranise, Giada Sciarretta, Amir Sharif
    An Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
    OAuth Security Workshop (OSW) 2019 (Event, Program)

Supervised Theses

2018

  • Saverio Turetta (Bachelor's Thesis, University of Trento, 2018)
    Analysis of the State of the Art in Android Dynamic Analysis Tools
    Supervisors: Silvio Ranise | Co-supervisors: Roberto Carbone, Amir Sharif