Amir Sharif Researcher

Amir Sharif is a researcher in the Security & Trust Research Unit of the Cybersecurity Center at Fondazione Bruno Kessler. He earned his Ph.D. in Secure and Reliable Systems from Università Degli Studi di Genova in 2021, specializing in computer science and systems engineering.

With over 5 years of experience in the field of identity management and data security, Amir is deeply engaged in pioneering research. He is currently a member of the Italian delegation in the eIDAS Expert Group, contributing to the development of the European Digital Identity Architecture and Reference Framework.

His accomplishments include receiving the prestigious OpenID Foundation Kim Cameron Award in 2023, as well as securing the Best Paper Award at the “17th International Workshop on Frontiers in Availability, Reliability, and Security.” Notably, Amir’s expertise has been acknowledged by industry leaders, including Cisco, for identifying a Webex authentication security flaw, and by the OpenID Foundation for highlighting specification violations in “Sign in with Apple”.

Amir’s academic contributions extend to publishing peer-reviewed papers in the field of identity management and data security, a selection of them showcased in the Publications section. He has also shared his expertise at various international events on identity management, listed in the Dissemination section.

His research currently focuses on identity and access management, exploring decentralized identity solutions within the context of the European Digital Identity Wallet, specifically investigating PID issuance. His expertise encompasses a solid understanding of federated identity and access management standards such as OAuth, OpenID Connect, and SAML. Amir is well-versed in OAuth and OpenID Connect profiles (iGov, FAPI, Identity Assurance), as well as relevant regulatory frameworks like eIDAS, PSD2, and NIS2.

His research interests include identity management solution design and security analysis, decentralized identity, and data hiding techniques.

Publications

2024

Andrea Flamini, Giada Sciarretta, Mario Scuro, Amir Sharif, Alessandro Tomasi, Silvio Ranise
On Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials
In: Journal of Information Security and Applications (JISA) (DOI, news)

2023

Andrea Flamini, Silvio Ranise, Giada Sciarretta, Mario Scuro, Amir Sharif, Alessandro Tomasi
A First Appraisal of Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials
In: 20th International Conference on Security and Cryptography (SECRYPT 2023) (DOI, news)
Gianluca Sassetti, Amir Sharif, Giada Sciarretta, Roberto Carbone, Silvio Ranise
Assurance, Consent and Access Control for Privacy-Aware OIDC Deployments
In: Proceedings of the 37th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2023) (DOI, news)
Matteo Bitussi, Riccardo Longo, Francesco Antonio Marino, Umberto Morelli, Amir Sharif, Chiara Spadafora, Alessandro Tomasi
Coercion-resistant i-voting with short PIN and OAuth 2.0
In: International Joint Conference on Electronic Voting (E-Vote-ID 2023)
Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, Roberto Carbone, Silvio Ranise
Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities
In: 18th International Conference on Availability, Reliability and Security (ARES 2023) (DOI, news)

2022

Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Silvio Ranise
SoK: A Survey on Technological Trends for (pre)Notified eIDAS Electronic Identity Schemes
In: 17th International Workshop on Frontiers in Availability, Reliability and Security (FARES2022) (DOI, complementary material, news)
Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Francesco Antonio Marino, Silvio Ranise
The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes
In: MDPI Journal of Applied Science (APPLSCI) (DOI, complementary material, news)

2021

Salimeh Dashti, Amir Sharif, Roberto Carbone, Silvio Ranise
Automated Risk Assessment and What-if Analysis of OpenID Connect and OAuth 2.0 Deployments
In: Proceedings of the 35th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2021) (news)
Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
Best Current Practices for OAuth/OIDC Native Apps: A Study of their Adoption in Popular Providers and Top-Ranked Android Clients
In: Journal of Information Security and Applications (JISA) (DOI, news)

2020

Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
Automated and Secure Integration of the OpenID Connect iGov Profile in Mobile Native Applications
In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI, complementary material)

2019

Amir Sharif, Roberto Carbone, Silvio Ranise, Giada Sciarretta
A Wizard-Based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
In: 16th International Conference on Security and Cryptography (SECRYPT 2019) (DOI, complementary material, news)

Theses

Amir Sharif (PhD Thesis, University of Genoa, 2021)
Analysis of Best Current Practices to Assist Native App Developers with Secure OAuth/OIDC Implementations (link)
Supervisor: Roberto Carbone | Co-supervisors: Silvio Ranise, Giada Sciarretta

Projects

Former

STAnD

Security Tools for App Development

Dissemination

2024

June 4- 7, 2024 • Specialized
Amir Sharif, Giada Sciarretta
The eIDAS 2.0 Era: Exploring the Security Landscape of Digital Identity Wallets
European Identity and Cloud Conference (EIC) (Event)

January 19, 2024 • Specialized
Amir Sharif, Giada Sciarretta, Roberto Carbone, Silvio Ranise, Francesco Antonio Marino, Giuseppe De Marco
Waiting for the EUDI Wallet: Securing the transition from SAML 2.0 to OpenID Connect
OpenID Summit Tokyo 2024 (Event)

2023

June 6, 2023 • Specialized
Amir Sharif
Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities
1st International Workshop on Trends in Digital Identity 2023 (Event, Program)

May 11, 2023 • Specialized
Francesco Antonio Marino, Giada Sciarretta, Amir Sharif
Past, Present, and Future of the Italian Digital Identity Ecosystem
European Identity and Cloud (EIC) Conference 2023 (Event, Session)

2022

June 23, 2022 • Specialized
Joseph Heenan, Amir Sharif
Top OAuth/OpenID Connect Mistakes Found in Production Mobile Apps
Identiverse 2022 (Video)

May 5, 2022 • Specialized
Roberto Carbone, Giuseppe De Marco, Francesco Antonio Marino, Silvio Ranise, Giada Sciarretta, Amir Sharif
Cross-Domain Sharing of User Claims: A Proposal for OIDC
OAuth Security Workshop (OSW) 2022 (Event)

May 4, 2022 • Specialized
Joseph Heenan, Amir Sharif
Top OAuth/OpenID Connect Mistakes Found in Production Mobile Apps
OAuth Security Workshop (OSW) 2022 (Event)

2021

February 24, 2021 • Specialized
Amir Sharif
Security Issues in OAuth/OIDC-based app Implementations
Sec4dev Conference and Bootcamp 2021 (Event, Program, Video)

2019

March 22, 2019 • Specialized
Roberto Carbone, Silvio Ranise, Giada Sciarretta, Amir Sharif
An Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
OAuth Security Workshop (OSW) 2019 (Event, Program)

Supervised Theses

2024

Simone Avancini (Bachelor's Thesis, University of Trento, 2024)
A First Appraisal of Threat Modeling for EU Digital Identity Wallets
Supervisor: Silvio Ranise | Co-supervisors: Amir Sharif, Giada Sciarretta

2023

Gianluca Sassetti (Master's Thesis, University of Trento, 2023)
Privacy Guidelines and Compliance Analysis for OpenID Connect Deployments
Supervisor: Silvio Ranise | Co-supervisors: Amir Sharif, Giada Sciarretta, Roberto Carbone

2018

Saverio Turetta (Bachelor's Thesis, University of Trento, 2018)
Analysis of the State of the Art in Android Dynamic Analysis Tools
Supervisor: Silvio Ranise | Co-supervisors: Roberto Carbone, Amir Sharif

Contacts

asharif@fbk.eu

Links