Roberto Carbone
Head of Unit
Publications
2022 (3)
-
Stefano Berlato, Roberto Carbone, Umberto Morelli, Silvio Ranise
End-to-End Protection of IoT Communications Through Cryptographic Enforcement of Access Control Policies
In: Proceedings of the 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2022) (DOI, complementary material)
-
Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Silvio Ranise
SoK: A Survey on Technological Trends for (pre)Notified eIDAS Electronic Identity Schemes
In: 17th International Workshop on Frontiers in Availability, Reliability and Security (FARES2022) (DOI, complementary material, news)
-
Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Francesco Antonio Marino, Silvio Ranise
The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes
In: MDPI Journal of Applied Science (APPLSCI) (DOI, complementary material, news)
2021 (6)
-
Salimeh Dashti, Amir Sharif, Roberto Carbone, Silvio Ranise
Automated Risk Assessment and What-if Analysis of OpenID Connect and OAuth 2.0 Deployments
In: Proceedings of the 35th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2021) (news)
-
Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
Best Current Practices for OAuth/OIDC Native Apps: A Study of their Adoption in Popular Providers and Top-Ranked Android Clients
In: Journal of Information Security and Applications (JISA) (DOI, news)
-
Andreas Heider-Aviet, Danny Roswin Ollik, Stefano Berlato, Silvio Ranise, Roberto Carbone, Van Thanh Le, Nabil El Ioini, Claus Pahl, Hamid R. Berzegar
Blockchain Based RAN Data Sharing
In: IEEE International Conference on Smart Data Services (SMDS 2021) (DOI)
-
Stefano Berlato, Roberto Carbone, Silvio Ranise
Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment
In: 18th International Conference on Security and Cryptography (SECRYPT 2021) (complementary material, news)
-
Andrea Bisegna, Roberto Carbone, Silvio Ranise
Integrating a Pentesting Tool for IdM Protocols in a Continuous Delivery Pipeline
In: 4th International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2021) (DOI)
-
Marco Centenaro, Stefano Berlato, Roberto Carbone, Gianfranco Burzio, Giuseppe Faranda Cordella, Roberto Riggio, Silvio Ranise
Safety-Related Cooperative, Connected, and Automated Mobility Services: Interplay Between Functional and Security Requirements
In: IEEE Vehicular Technology Magazine, Volume 16, Issue 4, December 2021, Pages 78-88 (DOI)
2020 (8)
-
Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise
Automated and Secure Integration of the OpenID Connect iGov Profile in Mobile Native Applications
In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI, complementary material)
-
Andrea Bisegna, Roberto Carbone, Mariano Ceccato, Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi, Emanuele Viglianisi
Automated Assistance to the Security Assessment of API for Financial Services in book Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures
In: Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures (DOI)
-
Stefano Berlato, Roberto Carbone, Adam J. Lee, Silvio Ranise
Exploring Architectures for Cryptographic Access Control Enforcement in the Cloud for Fun and Optimization
In: 15th ACM ASIA Conference on Computer and Communications Security (ASIACCS 2020) (DOI, complementary material, news)
-
Roberto Carbone, Silvio Ranise, Giada Sciarretta, Luca ViganĂ²
Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login
In: ACM Transactions on Privacy and Security (TOPS) (DOI, complementary material, news)
-
Stefano Berlato, Roberto Carbone, Adam J. Lee, Silvio Ranise
Formal Modelling and Automated Trade-Off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud
In: ACM Transactions on Privacy and Security (TOPS) (complementary material)
-
Andrea Bisegna, Roberto Carbone, Giulio Pellizzari, Silvio Ranise
Micro-Id-Gym: a Flexible Tool for Pentesting Identity Management Protocols in the Wild and in the Laboratory
In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI)
-
Marco Centenaro, Stefano Berlato, Roberto Carbone, Gianfranco Burzio, Giuseppe Faranda Cordella, Silvio Ranise, Roberto Riggio
Security Considerations on 5G-Enabled Back-Situation Awareness for CCAM
In: 3rd IEEE 5G World Forum (5GWF20) (news)
-
Marco Pernpruner, Roberto Carbone, Silvio Ranise, Giada Sciarretta
The Good, the Bad and the (Not So) Ugly of Out-Of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY 2020) (DOI, complementary material, news)
2019 (3)
-
Amir Sharif, Roberto Carbone, Silvio Ranise, Giada Sciarretta
A Wizard-Based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
In: 16th International Conference on Security and Cryptography (SECRYPT 2019) (DOI, complementary material, news)
-
Andrea Bisegna, Roberto Carbone, Ivan Martini, Valentina Odorizzi, Giulio Pellizzari, Silvio Ranise
Micro-Id-Gym: Identity Management Workouts with Container-Based Microservices
In: International Journal of Information Security and Cybercrime (IJISP), Volume 8, Issue 1 (DOI)
-
Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Silvio Ranise
MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols
In: Emerging Technologies for Authorization and Authentication (ETAA 2019) (DOI, complementary material, news)
2018 (2)
-
Roberto Carbone, Silvio Ranise, Giada Sciarretta
Design and Security Assessment of Usable Multi-factor Authentication and Single Sign-On Solutions for Mobile Applications
In: Privacy and Identity Management. Fairness, Accountability, and Transparency in the Age of Big Data (DOI)
-
Giada Sciarretta, Roberto Carbone, Silvio Ranise, Luca ViganĂ²
Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience
In: Principles of Security and Trust (POST 2018) (DOI, news)
2017 (3)
-
Giada Sciarretta, Roberto Carbone, Silvio Ranise, Alessandro Armando
Anatomy of the Facebook solution for mobile single sign-on: Security assessment and improvements
In: Computers & Security Journal (COSE), Volume 71, November 2017, Pages 71-86 (DOI)
-
Avinash Sudhodanan, Roberto Carbone, Luca Compagna, Nicolas Dolgin, Alessandro Armando, Umberto Morelli
Large-scale Analysis & Detection of Authentication Cross-Site Request Forgeries
In: 2nd IEEE European Symposium on Security and Privacy (EUROS&P 2017) (DOI, news)
-
Federico Sinigaglia, Gabriele Costa, Roberto Carbone
Strong Authentication for e-Banking: a Survey on European Regulations and Implementations
In: 14th International Conference on Security and Cryptography (SECRYPT 2017) (DOI, news)
2016 (3)
-
Giada Sciarretta, Roberto Carbone, Silvio Ranise
A delegated authorization solution for smart-city mobile applications
In: 2nd International Forum on Research and Technologies for Society and Industry (RTSI 2016) (DOI)
-
Avinash Sudhodanan, Alessandro Armando, Luca Compagna, Roberto Carbone
Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications
In: Network and Distributed System Security Symposium (NDSS 2016) (news)
-
Giada Sciarretta, Alessandro Armando, Roberto Carbone, Silvio Ranise
Security of Mobile Single Sign-On: a Rational Reconstruction of Facebook Login Solution
In: 13th International Conference on Security and Cryptography (SECRYPT 2016) (DOI, news)
2014 (3)
-
Alessandro Armando, Roberto Carbone, Eyasu Getahun Chekole, Silvio Ranise
Attribute Based Access Control for APIs in Spring Security
In: 18th ACM Symposium on Access Control Models and Technologies (SACMAT 2014) (DOI, news)
-
Alessandro Armando, Roberto Carbone, Luca Compagna
SATMC: A SAT-Based Model Checker for Security-Critical Systems
In: 20th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2014) (DOI)
-
Alessandro Armando, Roberto Carbone, Eyasu Getahun Chekole, Claudio Petrazzuolo, Andrea Ranalli, Silvio Ranise
Selective Release of Smart Metering Data in Multi-domain Smart Grids
In: Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14) (DOI, news)
2011 (1)
-
Alessandro Armando, Roberto Carbone, Silvio Ranise
Automated analysis of semantic-aware access control policies: a logic-based approach
In: 2011 IEEE Fifth International Conference on Semantic Computing (ICSC 2011) (DOI)