Roberto Carbone

Roberto Carbone Head of Unit

Publications

2022 (3)

  • Stefano Berlato, Roberto Carbone, Umberto Morelli, Silvio Ranise
    End-to-End Protection of IoT Communications Through Cryptographic Enforcement of Access Control Policies
    In: Proceedings of the 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2022) (DOI, complementary material)
  • Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    SoK: A Survey on Technological Trends for (pre)Notified eIDAS Electronic Identity Schemes
    In: 17th International Workshop on Frontiers in Availability, Reliability and Security (FARES2022) (DOI, complementary material, news)
  • Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Francesco Antonio Marino, Silvio Ranise
    The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes
    In: MDPI Journal of Applied Science (APPLSCI) (DOI, complementary material, news)

2021 (6)

  • Salimeh Dashti, Amir Sharif, Roberto Carbone, Silvio Ranise
    Automated Risk Assessment and What-if Analysis of OpenID Connect and OAuth 2.0 Deployments
    In: Proceedings of the 35th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2021) (news)
  • Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    Best Current Practices for OAuth/OIDC Native Apps: A Study of their Adoption in Popular Providers and Top-Ranked Android Clients
    In: Journal of Information Security and Applications (JISA) (DOI, news)
  • Andreas Heider-Aviet, Danny Roswin Ollik, Stefano Berlato, Silvio Ranise, Roberto Carbone, Van Thanh Le, Nabil El Ioini, Claus Pahl, Hamid R. Berzegar
    Blockchain Based RAN Data Sharing
    In: IEEE International Conference on Smart Data Services (SMDS 2021) (DOI)
  • Stefano Berlato, Roberto Carbone, Silvio Ranise
    Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment
    In: 18th International Conference on Security and Cryptography (SECRYPT 2021) (complementary material, news)
  • Andrea Bisegna, Roberto Carbone, Silvio Ranise
    Integrating a Pentesting Tool for IdM Protocols in a Continuous Delivery Pipeline
    In: 4th International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2021) (DOI)
  • Marco Centenaro, Stefano Berlato, Roberto Carbone, Gianfranco Burzio, Giuseppe Faranda Cordella, Roberto Riggio, Silvio Ranise
    Safety-Related Cooperative, Connected, and Automated Mobility Services: Interplay Between Functional and Security Requirements
    In: IEEE Vehicular Technology Magazine, Volume 16, Issue 4, December 2021, Pages 78-88 (DOI)

2020 (8)

  • Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
    Automated and Secure Integration of the OpenID Connect iGov Profile in Mobile Native Applications
    In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI, complementary material)
  • Andrea Bisegna, Roberto Carbone, Mariano Ceccato, Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi, Emanuele Viglianisi
    Automated Assistance to the Security Assessment of API for Financial Services in book Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures
    In: Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures (DOI)
  • Stefano Berlato, Roberto Carbone, Adam J. Lee, Silvio Ranise
    Exploring Architectures for Cryptographic Access Control Enforcement in the Cloud for Fun and Optimization
    In: 15th ACM ASIA Conference on Computer and Communications Security (ASIACCS 2020) (DOI, complementary material, news)
  • Roberto Carbone, Silvio Ranise, Giada Sciarretta, Luca ViganĂ²
    Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login
    In: ACM Transactions on Privacy and Security (TOPS) (DOI, complementary material, news)
  • Stefano Berlato, Roberto Carbone, Adam J. Lee, Silvio Ranise
    Formal Modelling and Automated Trade-Off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud
    In: ACM Transactions on Privacy and Security (TOPS) (complementary material)
  • Andrea Bisegna, Roberto Carbone, Giulio Pellizzari, Silvio Ranise
    Micro-Id-Gym: a Flexible Tool for Pentesting Identity Management Protocols in the Wild and in the Laboratory
    In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI)
  • Marco Centenaro, Stefano Berlato, Roberto Carbone, Gianfranco Burzio, Giuseppe Faranda Cordella, Silvio Ranise, Roberto Riggio
    Security Considerations on 5G-Enabled Back-Situation Awareness for CCAM
    In: 3rd IEEE 5G World Forum (5GWF20) (news)
  • Marco Pernpruner, Roberto Carbone, Silvio Ranise, Giada Sciarretta
    The Good, the Bad and the (Not So) Ugly of Out-Of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
    In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY 2020) (DOI, complementary material, news)

2019 (3)

  • Amir Sharif, Roberto Carbone, Silvio Ranise, Giada Sciarretta
    A Wizard-Based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
    In: 16th International Conference on Security and Cryptography (SECRYPT 2019) (DOI, complementary material, news)
  • Andrea Bisegna, Roberto Carbone, Ivan Martini, Valentina Odorizzi, Giulio Pellizzari, Silvio Ranise
    Micro-Id-Gym: Identity Management Workouts with Container-Based Microservices
    In: International Journal of Information Security and Cybercrime (IJISP), Volume 8, Issue 1 (DOI)
  • Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Silvio Ranise
    MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols
    In: Emerging Technologies for Authorization and Authentication (ETAA 2019) (DOI, complementary material, news)

2018 (2)

  • Roberto Carbone, Silvio Ranise, Giada Sciarretta
    Design and Security Assessment of Usable Multi-factor Authentication and Single Sign-On Solutions for Mobile Applications
    In: Privacy and Identity Management. Fairness, Accountability, and Transparency in the Age of Big Data (DOI)
  • Giada Sciarretta, Roberto Carbone, Silvio Ranise, Luca ViganĂ²
    Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience
    In: Principles of Security and Trust (POST 2018) (DOI, news)

2017 (3)

  • Giada Sciarretta, Roberto Carbone, Silvio Ranise, Alessandro Armando
    Anatomy of the Facebook solution for mobile single sign-on: Security assessment and improvements
    In: Computers & Security Journal (COSE), Volume 71, November 2017, Pages 71-86 (DOI)
  • Avinash Sudhodanan, Roberto Carbone, Luca Compagna, Nicolas Dolgin, Alessandro Armando, Umberto Morelli
    Large-scale Analysis & Detection of Authentication Cross-Site Request Forgeries
    In: 2nd IEEE European Symposium on Security and Privacy (EUROS&P 2017) (DOI, news)
  • Federico Sinigaglia, Gabriele Costa, Roberto Carbone
    Strong Authentication for e-Banking: a Survey on European Regulations and Implementations
    In: 14th International Conference on Security and Cryptography (SECRYPT 2017) (DOI, news)

2016 (3)

  • Giada Sciarretta, Roberto Carbone, Silvio Ranise
    A delegated authorization solution for smart-city mobile applications
    In: 2nd International Forum on Research and Technologies for Society and Industry (RTSI 2016) (DOI)
  • Avinash Sudhodanan, Alessandro Armando, Luca Compagna, Roberto Carbone
    Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications
    In: Network and Distributed System Security Symposium (NDSS 2016) (news)
  • Giada Sciarretta, Alessandro Armando, Roberto Carbone, Silvio Ranise
    Security of Mobile Single Sign-On: a Rational Reconstruction of Facebook Login Solution
    In: 13th International Conference on Security and Cryptography (SECRYPT 2016) (DOI, news)

2014 (3)

  • Alessandro Armando, Roberto Carbone, Eyasu Getahun Chekole, Silvio Ranise
    Attribute Based Access Control for APIs in Spring Security
    In: 18th ACM Symposium on Access Control Models and Technologies (SACMAT 2014) (DOI, news)
  • Alessandro Armando, Roberto Carbone, Luca Compagna
    SATMC: A SAT-Based Model Checker for Security-Critical Systems
    In: 20th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2014) (DOI)
  • Alessandro Armando, Roberto Carbone, Eyasu Getahun Chekole, Claudio Petrazzuolo, Andrea Ranalli, Silvio Ranise
    Selective Release of Smart Metering Data in Multi-domain Smart Grids
    In: Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14) (DOI, news)

2011 (1)

  • Alessandro Armando, Roberto Carbone, Silvio Ranise
    Automated analysis of semantic-aware access control policies: a logic-based approach
    In: 2011 IEEE Fifth International Conference on Semantic Computing (ICSC 2011) (DOI)
Contacts