Security & Trust

Amir Sharif

Amir Sharif Researcher

Amir Sharif is a researcher in the Security & Trust Research Unit of the Cybersecurity Center at Fondazione Bruno Kessler. He earned his Ph.D. in Secure and Reliable Systems from Università Degli Studi di Genova in 2021, specializing in computer science and systems engineering.

With over 5 years of experience in the field of identity management and data security, Amir is deeply engaged in pioneering research. He is currently a member of the Italian delegation in the eIDAS Expert Group, contributing to the development of the European Digital Identity Architecture and Reference Framework.

His accomplishments include receiving the prestigious OpenID Foundation Kim Cameron Award in 2023, as well as securing the Best Paper Award at the “17th International Workshop on Frontiers in Availability, Reliability, and Security.” Notably, Amir’s expertise has been acknowledged by industry leaders, including Cisco, for identifying a Webex authentication security flaw, and by the OpenID Foundation for highlighting specification violations in “Sign in with Apple”.

Amir’s academic contributions extend to publishing peer-reviewed papers in the field of identity management and data security, a selection of them showcased in the Publications section. He has also shared his expertise at various international events on identity management, listed in the Dissemination section.

His research currently focuses on identity and access management, exploring decentralized identity solutions within the context of the European Digital Identity Wallet, specifically investigating PID issuance. His expertise encompasses a solid understanding of federated identity and access management standards such as OAuth, OpenID Connect, and SAML. Amir is well-versed in OAuth and OpenID Connect profiles (iGov, FAPI, Identity Assurance), as well as relevant regulatory frameworks like eIDAS, PSD2, and NIS2.

His research interests include identity management solution design and security analysis, decentralized identity, and data hiding techniques.

Publications

2024

  • Andrea Flamini, Giada Sciarretta, Mario Scuro, Amir Sharif, Alessandro Tomasi, Silvio Ranise
    On Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials
    In: Journal of Information Security and Applications (JISA) (DOI, news)

2023

  • Andrea Flamini, Silvio Ranise, Giada Sciarretta, Mario Scuro, Amir Sharif, Alessandro Tomasi
    A First Appraisal of Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials
    In: 20th International Conference on Security and Cryptography (SECRYPT 2023) (DOI, news)
  • Gianluca Sassetti, Amir Sharif, Giada Sciarretta, Roberto Carbone, Silvio Ranise
    Assurance, Consent and Access Control for Privacy-Aware OIDC Deployments
    In: Proceedings of the 37th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2023) (DOI, news)
  • Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, Roberto Carbone, Silvio Ranise
    Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities
    In: 18th International Conference on Availability, Reliability and Security (ARES 2023) (DOI, news)

2022

  • Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    SoK: A Survey on Technological Trends for (pre)Notified eIDAS Electronic Identity Schemes
    In: 17th International Workshop on Frontiers in Availability, Reliability and Security (FARES2022) (DOI, complementary material, news)
  • Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Francesco Antonio Marino, Silvio Ranise
    The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes
    In: MDPI Journal of Applied Science (APPLSCI) (DOI, complementary material, news)

2021

  • Salimeh Dashti, Amir Sharif, Roberto Carbone, Silvio Ranise
    Automated Risk Assessment and What-if Analysis of OpenID Connect and OAuth 2.0 Deployments
    In: Proceedings of the 35th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2021) (news)
  • Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    Best Current Practices for OAuth/OIDC Native Apps: A Study of their Adoption in Popular Providers and Top-Ranked Android Clients
    In: Journal of Information Security and Applications (JISA) (DOI, news)

2020

  • Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    Automated and Secure Integration of the OpenID Connect iGov Profile in Mobile Native Applications
    In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI, complementary material)

2019

  • Amir Sharif, Roberto Carbone, Silvio Ranise, Giada Sciarretta
    A Wizard-Based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
    In: 16th International Conference on Security and Cryptography (SECRYPT 2019) (DOI, complementary material, news)

Theses

  • Amir Sharif (PhD Thesis, University of Genoa, 2021)
    Analysis of Best Current Practices to Assist Native App Developers with Secure OAuth/OIDC Implementations (link)
    Supervisor: Roberto Carbone | Co-supervisors: Silvio Ranise, Giada Sciarretta

Projects

Former

Dissemination

2024

  • January 19, 2024 • Specialized
    Amir Sharif, Giada Sciarretta, Roberto Carbone, Silvio Ranise, Francesco Antonio Marino, Giuseppe De Marco
    Waiting for the EUDI Wallet: Securing the transition from SAML 2.0 to OpenID Connect
    OpenID Summit Tokyo 2024 (Event)

2023

  • June 6, 2023 • Specialized
    Amir Sharif
    Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities
    1st International Workshop on Trends in Digital Identity 2023 (Event, Program)
  • May 11, 2023 • Specialized
    Francesco Antonio Marino, Giada Sciarretta, Amir Sharif
    Past, Present, and Future of the Italian Digital Identity Ecosystem
    European Identity and Cloud (EIC) Conference 2023 (Event, Session)

2022

  • June 23, 2022 • Specialized
    Joseph Heenan, Amir Sharif
    Top OAuth/OpenID Connect Mistakes Found in Production Mobile Apps
    Identiverse 2022 (Video)
  • May 5, 2022 • Specialized
    Roberto Carbone, Giuseppe De Marco, Francesco Antonio Marino, Silvio Ranise, Giada Sciarretta, Amir Sharif
    Cross-Domain Sharing of User Claims: A Proposal for OIDC
    OAuth Security Workshop (OSW) 2022 (Event)
  • May 4, 2022 • Specialized
    Joseph Heenan, Amir Sharif
    Top OAuth/OpenID Connect Mistakes Found in Production Mobile Apps
    OAuth Security Workshop (OSW) 2022 (Event)

2021

  • February 24, 2021 • Specialized
    Amir Sharif
    Security Issues in OAuth/OIDC-based app Implementations
    Sec4dev Conference and Bootcamp 2021 (Event, Program, Video)

2019

  • March 22, 2019 • Specialized
    Roberto Carbone, Silvio Ranise, Giada Sciarretta, Amir Sharif
    An Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
    OAuth Security Workshop (OSW) 2019 (Event, Program)

Supervised Theses

2023

  • Gianluca Sassetti (Master's Thesis, University of Trento, 2023)
    Privacy Guidelines and Compliance Analysis for OpenID Connect Deployments
    Supervisors: Silvio Ranise | Co-supervisors: Amir Sharif, Giada Sciarretta, Roberto Carbone

2018

  • Saverio Turetta (Bachelor's Thesis, University of Trento, 2018)
    Analysis of the State of the Art in Android Dynamic Analysis Tools
    Supervisors: Silvio Ranise | Co-supervisors: Roberto Carbone, Amir Sharif