Giada Sciarretta Researcher

Giada Sciarretta is a researcher of the Security & Trust research unit of Fondazione Bruno Kessler. She obtained her MSc in mathematics at the University of Trento in 2012 and received her Ph.D. in computer science at the same University in 2018 while working with the Security & Trust unit. Her research activities involve the design, security analysis (with informal and formal specifications), and risk assessment of access delegation and single sign-on protocols (e.g., OAuth 2.0 and OpenID Connect), multi-factor authentication (e.g., based on biometric or eID cards) and fully-remote enrollment procedures. She is currently working on several projects related to identity and access management, focusing on various aspects in the context of the European Digital Identity Wallet (e.g, PID issuing, mDL presentation, selective disclosure).

Publications

2025

Zahra Ebadi Ansaroudi, Giada Sciarretta, Andrea De Maria, Silvio Ranise
Navigating secure storage requirements for EUDI Wallets: a review paper
In: EURASIP Journal on Information Security (JINS) (DOI, news)
Cecilia Pasquini, Marco Pernpruner, Giada Sciarretta, Silvio Ranise
Towards a Fine-Grained Threat Model for Video-Based Remote Identity Proofing
In: Machine Learning and Principles and Practice of Knowledge Discovery in Databases, Communications in Computer and Information Science, volume 2134 (DOI, news)

2024

Marco Pernpruner, Roberto Carbone, Giada Sciarretta, Silvio Ranise
An Automated Multi-Layered Methodology to Assist the Secure and Risk-Aware Design of Multi-Factor Authentication Protocols
In: IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 21, Issue 4, July/August 2024, Pages 1935-1950 (DOI, complementary material, news)
Riccardo Germenia, Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta, Alessandro Tomasi, Silvio Ranise
Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints
In: 21st International Conference on Security and Cryptography (SECRYPT 2024) (DOI, complementary material, news)
Marco Pernpruner, Cecilia Pasquini, Giada Sciarretta, Silvio Ranise
Beyond Screens: Investigating Identity Proofing for the Metaverse Through Cross-Device Flows
In: 2nd International Conference on Intelligent Metaverse Technologies & Applications (iMETA2024) (DOI, news)
Andrea Flamini, Giada Sciarretta, Mario Scuro, Amir Sharif, Alessandro Tomasi, Silvio Ranise
On Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials
In: Journal of Information Security and Applications (JISA) (DOI, news)

2023

Andrea Flamini, Silvio Ranise, Giada Sciarretta, Mario Scuro, Amir Sharif, Alessandro Tomasi
A First Appraisal of Cryptographic Mechanisms for the Selective Disclosure of Verifiable Credentials
In: 20th International Conference on Security and Cryptography (SECRYPT 2023) (DOI, news)
Gianluca Sassetti, Amir Sharif, Giada Sciarretta, Roberto Carbone, Silvio Ranise
Assurance, Consent and Access Control for Privacy-Aware OIDC Deployments
In: Proceedings of the 37th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2023) (DOI, news)
Zahra Ebadi Ansaroudi, Roberto Carbone, Giada Sciarretta, Silvio Ranise
Control is Nothing Without Trust a First Look into Digital Identity Wallet Trends
In: Proceedings of the 37th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2023) (DOI)
Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, Roberto Carbone, Silvio Ranise
Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities
In: 18th International Conference on Availability, Reliability and Security (ARES 2023) (DOI, news)

2022

Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
A Modular and Extensible Framework for Securing TLS
In: Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy (CODASPY 2022) (DOI, news)
Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
Demo: TLSAssistant v2 - A Modular and Extensible Framework for Securing TLS
In: Proceedings of the 27th ACM Symposium on Access Control Models and Technologies (SACMAT 2022) (DOI, news)
Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
Empirical Validation on the Usability of Security Reports for Patching TLS Misconfigurations: User- and Case-Studies on Actionable Mitigations
In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (DOI)
Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Silvio Ranise
SoK: A Survey on Technological Trends for (pre)Notified eIDAS Electronic Identity Schemes
In: 17th International Workshop on Frontiers in Availability, Reliability and Security (FARES2022) (DOI, complementary material, news)
Awards: Best paper award
Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Francesco Antonio Marino, Silvio Ranise
The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes
In: MDPI Journal of Applied Science (APPLSCI) (DOI, complementary material, news)

2021

Marco Pernpruner, Giada Sciarretta, Silvio Ranise
A Framework for Security and Risk Analysis of Enrollment Procedures: Application to Fully-Remote Solutions Based on eDocuments
In: 18th International Conference on Security and Cryptography (SECRYPT 2021) (DOI, complementary material)
Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
Best Current Practices for OAuth/OIDC Native Apps: A Study of their Adoption in Popular Providers and Top-Ranked Android Clients
In: Journal of Information Security and Applications (JISA) (DOI, news)
Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
Do Security Reports Meet Usability? - Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations
In: The 16th International Conference on Availability, Reliability and Security (ARES 2021) (ETACS 2021) (DOI, complementary material, news)
Matteo Leonelli, Umberto Morelli, Silvio Ranise, Giada Sciarretta
Secure Pull Printing with QR Codes and National eID Cards: A Software-oriented Design and an Open-source Implementation
In: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy (CODASPY 2021) (DOI, complementary material, news)

2020

Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
Automated and Secure Integration of the OpenID Connect iGov Profile in Mobile Native Applications
In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI, complementary material)
Andrea Bisegna, Roberto Carbone, Mariano Ceccato, Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi, Emanuele Viglianisi
Automated Assistance to the Security Assessment of API for Financial Services in book Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures
In: Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures (DOI)
Roberto Carbone, Silvio Ranise, Giada Sciarretta, Luca Viganò
Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login
In: ACM Transactions on Privacy and Security (TOPS) (DOI, complementary material, news)
Marco Pernpruner, Roberto Carbone, Silvio Ranise, Giada Sciarretta
The Good, the Bad and the (Not So) Ugly of Out-Of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY 2020) (DOI, complementary material, news)
Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi
TLSAssistant goes FINSEC: A Security Platform Integration Extending Threat Intelligence Language
In: 1st International Workshop on Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP 2020)

2019

Amir Sharif, Roberto Carbone, Silvio Ranise, Giada Sciarretta
A Wizard-Based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
In: 16th International Conference on Security and Cryptography (SECRYPT 2019) (DOI, complementary material, news)
Umberto Morelli, Silvio Ranise, Damiano Sartori, Giada Sciarretta, Alessandro Tomasi
Audit-Based Access Control with a Distributed Ledger: Applications to Healthcare Organizations
In: 15th International Workshop on Security and Trust Management (STM 2019) (DOI, news)
Sergii Kushch, Silvio Ranise, Giada Sciarretta
Blockchain Tree for eHealth
In: 2019 IEEE Global Conference on Internet of Things (GCIoT 2019) (DOI)
Silvio Ranise, Giada Sciarretta, Alessandro Tomasi
Enroll, and authentication will follow: eID-based enrollment for a customized, secure, and frictionless authentication experience
In: 12th International Symposium on Foundations & Practice of Security (FPS 2019) (DOI, news)
Salvatore Manfredi, Silvio Ranise, Giada Sciarretta
Lost in TLS? No More! Assisted Deployment of Secure TLS Configurations
In: Proceedings of the 33rd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2019), vol. 11559, pp. 201-220 (DOI, news)

2018

Roberto Carbone, Silvio Ranise, Giada Sciarretta
Design and Security Assessment of Usable Multi-factor Authentication and Single Sign-On Solutions for Mobile Applications
In: Privacy and Identity Management. Fairness, Accountability, and Transparency in the Age of Big Data (DOI)
Giada Sciarretta, Roberto Carbone, Silvio Ranise, Luca Viganò
Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience
In: Principles of Security and Trust (POST 2018) (DOI, news)

2017

Giada Sciarretta, Roberto Carbone, Silvio Ranise, Alessandro Armando
Anatomy of the Facebook solution for mobile single sign-on: Security assessment and improvements
In: Computers & Security Journal (COSE), Volume 71, November 2017, Pages 71-86 (DOI)

2016

Giada Sciarretta, Roberto Carbone, Silvio Ranise
A delegated authorization solution for smart-city mobile applications
In: 2nd International Forum on Research and Technologies for Society and Industry (RTSI 2016) (DOI)
Giada Sciarretta, Alessandro Armando, Roberto Carbone, Silvio Ranise
Security of Mobile Single Sign-On: a Rational Reconstruction of Facebook Login Solution
In: 13th International Conference on Security and Cryptography (SECRYPT 2016) (DOI, news)

Theses

Giada Sciarretta (PhD Thesis, University of Trento, 2018)
A Methodology for the Design and Security Assessment of Mobile Identity Management: Applications to real-world scenarios (link)
Supervisor: Silvio Ranise | Co-supervisors: Alessandro Armando, Roberto Carbone

Projects

Former

FIDES 2015

Federated Identity Management System

FIDES 2016

Federated Identity Management System

STAnD

Security Tools for App Development

Dissemination

2024

December 2, 2024 • Specialized
Amir Sharif, Giada Sciarretta, Alessandro Tomasi
European Digital Identity Wallet: Opportunities and Security Challenges
16th IEEE International Workshop on Information Forensics And Security (WIFS 2024) (Event)

September 27, 2024 • General
Giada Sciarretta
La cultura della cybersecurity
Wired Next Fest 2024 Trentino (Event)

June 4- 7, 2024 • Specialized
Amir Sharif, Giada Sciarretta
The eIDAS 2.0 Era: Exploring the Security Landscape of Digital Identity Wallets
European Identity and Cloud Conference (EIC) (Event)

March 21, 2024 • School
Salvatore Manfredi, Giada Sciarretta
Identità digitale
Liceo Scientifico "Galileo Galilei", Trento

March 15, 2024 • School
Salvatore Manfredi, Giada Sciarretta
Consapevolezza e Sicurezza Informatica
ENAIP Trentino, Trento

January 19, 2024 • Specialized
Amir Sharif, Giada Sciarretta, Roberto Carbone, Silvio Ranise, Francesco Antonio Marino, Giuseppe De Marco
Waiting for the EUDI Wallet: Securing the transition from SAML 2.0 to OpenID Connect
OpenID Summit Tokyo 2024 (Event)

2023

September 29, 2023 • General
Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta
Siamo al sicuro? Mettiamoci alla prova! Un viaggio nel mondo della sicurezza informatica
Notte della Ricerca 2023 (Event)

May 11, 2023 • Specialized
Francesco Antonio Marino, Giada Sciarretta, Amir Sharif
Past, Present, and Future of the Italian Digital Identity Ecosystem
European Identity and Cloud (EIC) Conference 2023 (Event, Session)

April 14, 2023 • School
Matteo Rizzi, Giada Sciarretta
Cybersecurity: l'esperienza di due giovani professionisti
Liceo Steam International, Rovereto

February 16-17, 2023 • School
Salvatore Manfredi, Giada Sciarretta
Avvicinamento alla sicurezza informatica
Istituto Comprensivo Civezzano, Trento

2022

May 5, 2022 • Specialized
Roberto Carbone, Giuseppe De Marco, Francesco Antonio Marino, Silvio Ranise, Giada Sciarretta, Amir Sharif
Cross-Domain Sharing of User Claims: A Proposal for OIDC
OAuth Security Workshop (OSW) 2022 (Event)

February 21-25, 2022 • School
Salvatore Manfredi, Giada Sciarretta
Giornata mondiale per la Sicurezza in Rete
Istituto Comprensivo Civezzano, Trento

2021

September 24, 2021 • General
Salvatore Manfredi, Umberto Morelli, Giada Sciarretta, Alessandro Tomasi
Siamo al sicuro? Mettiamoci alla prova! Avvicinamento alla sicurezza informatica
Notte dei Ricercatori 2021 (Event)

May 5, 2021 • General
Marco Pernpruner, Giada Sciarretta, Alessandro Tomasi
Identità digitale: identificazione e autenticazione
PMI Academy, Accademia d'Impresa (Event, Video)

2020

May 5, 2020 • General
Marco Pernpruner, Giada Sciarretta, Silvio Ranise
Cyber Security & Servizi Finanziari
FBK Academy (News and video)

2019

March 22, 2019 • Specialized
Roberto Carbone, Silvio Ranise, Giada Sciarretta, Amir Sharif
An Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
OAuth Security Workshop (OSW) 2019 (Event, Program)

February 18-22, 2019 • School
Matteo Leonelli, Salvatore Manfredi, Umberto Morelli, Giada Sciarretta, Silvio Ranise
Pro[M] Camp 2019
Pro[M] Camp 2019 (Event)

Supervised Theses

2024

Simone Avancini (Bachelor's Thesis, University of Trento, 2024)
A First Appraisal of Threat Modeling for EU Digital Identity Wallets
Supervisor: Silvio Ranise | Co-supervisors: Amir Sharif, Giada Sciarretta
Marco Pernpruner (PhD Thesis, University of Genoa, 2024)
Integrating Security by Design and Automated Security Analysis for Digital Identity Management (link)
Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
Marco Frassoni (Master's Thesis, University of Trento, 2024)
European Digital Identity Wallet and ePrescriptions: finding the right balance between security, privacy and legal aspects
Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
Federico Graziola (Master's Thesis, University of Verona, 2024)
Potenzialità e sfide nell'analisi formale di protocolli per l'identità digitale con Tamarin
Supervisor: Mariano Ceccato | Co-supervisors: Marco Pernpruner, Giada Sciarretta

2023

Salvatore Manfredi (PhD Thesis, University of Genoa, 2023)
Automated Assistance for Actionable Security: Security and Compliance of TLS Configurations (link)
Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
Gianluca Sassetti (Master's Thesis, University of Trento, 2023)
Privacy Guidelines and Compliance Analysis for OpenID Connect Deployments
Supervisor: Silvio Ranise | Co-supervisors: Amir Sharif, Giada Sciarretta, Roberto Carbone

2022

Nicola Casagrande (Bachelor's Thesis, University of Trento, 2022)
Dematerialized Documents: The Italian Driving License Use Case
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Tahir Ahmad
Federico Cucino (Bachelor's Thesis, University of Trento, 2022)
Miglioramento delle capacità di analisi di TLSAssistant - Automatizzazione delle mitigazioni per NGINX
Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Giada Sciarretta
Ivan Valentini (Bachelor's Thesis, University of Trento, 2022)
Estensione delle capacità di analisi di TLSAssistant - Rilevazione e mitigazione di ALPACA, POODLE e Raccoon
Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Giada Sciarretta
Rupert Gobber (Master's Thesis, University of Trento, 2022)
Design and implementation of a verifiable credentials service for a data marketplace
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Alessandro Tomasi
Martina Vecellio Reane (Bachelor's Thesis, University of Trento, 2022)
Automated Security and Risk Analysis of Remote Identity Proofing Procedures
Supervisor: Silvio Ranise | Co-supervisors: Marco Pernpruner, Giada Sciarretta

2021

Matteo Rizzi (Bachelor's Thesis, University of Trento, 2021)
TLS Analyzers for Android Apps: State-of-the-art Analysis and Integration in TLSAssistant
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Salvatore Manfredi
Awards: 3rd place at thesis award "Innovare la sicurezza delle informazioni 2021", sponsored by CLUSIT
Matteo Longato (Bachelor's Thesis, University of Trento, 2021)
Verifiable credentials applied to self reporting applications
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Alessandro Tomasi
Leonardo Xompero (Bachelor's Thesis, University of Trento, 2021)
A Survey of Risk-Based Authentication: How features and security actions can be used to mitigate attackers
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner
Giuseppe Lamorgese (Bachelor's Thesis, University of Trento, 2021)
Autenticazione password-less con FIDO2: Descrizione del flusso e considerazioni sulla sicurezza
Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
Giacomo Zanolli (Bachelor's Thesis, University of Trento, 2021)
FIDO2 Passwordless Authentication: From the basics to an implementation in the context of an authorization system
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner
Amir Sharif (PhD Thesis, University of Genoa, 2021)
Analysis of Best Current Practices to Assist Native App Developers with Secure OAuth/OIDC Implementations (link)
Supervisor: Roberto Carbone | Co-supervisors: Silvio Ranise, Giada Sciarretta
Alessandro Pegoraro (Bachelor's Thesis, University of Trento, 2021)
Payment Services Directive 2 in the Wild - A comparison between Open Banking UK and NextGenPSD2
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Salvatore Manfredi
Adrien Beaugendre (Master's Thesis, University of Rennes 1 and University of Trento, 2021)
A Flexible Risk Analysis on MuFASA Tool
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner

2020

Alessio Valenza (Bachelor's Thesis, University of Trento, 2020)
Autenticazione bancaria post-PSD2: siamo al sicuro? Analisi automatica del rischio di protocolli di autenticazione
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Marco Pernpruner

2019

Salvatore Manfredi (Master's Thesis, University of Trento, 2019)
Assisting users in securing TLS configurations
Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
Marco Pernpruner (Master's Thesis, University of Verona, 2019)
A passwordless out-of-band authentication protocol based on eID cards and push notifications: Design and formal security analysis
Supervisor: Massimo Merro | Co-supervisors: Giada Sciarretta, Roberto Carbone
Davide Piva (Bachelor's Thesis, University of Trento, 2019)
Assisting Developers in Securing OAuth 2.0 Deployment: Demystifying Threats and Protection Techniques for Bearer Credentials
Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta

2018

Giovanni Ferronato (Bachelor's Thesis, University of Trento, 2018)
Multi-factor Authentication Through Push Notification and NFC-enabled Identity Card: A solution for secure authentication in unsecure contexts
Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
Awards: 3rd place at thesis award "Innovare la sicurezza delle informazioni 2019", sponsored by CLUSIT
Daniele Del Sale (Bachelor's Thesis, University of Trento, 2018)
Procedure di autenticazione multi-fattore basate su push notification: Analisi dello stato dell'arte e specifica delle best-practice per un'implementazione sicura
Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta

Contacts

Links