Gianluca Sassetti, Amir Sharif, Giada Sciarretta, Roberto Carbone, Silvio Ranise Assurance, Consent and Access Control for Privacy-Aware OIDC Deployments
In: Proceedings of the 37th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2023) (DOI, news)
Amir Sharif, Francesco Antonio Marino, Giada Sciarretta, Giuseppe De Marco, Roberto Carbone, Silvio Ranise Cross-Domain Sharing of User Claims: A Design Proposal for OpenID Connect Attribute Authorities
In: 18th International Conference on Availability, Reliability and Security (ARES 2023) (DOI, news)
2022
Stefano Berlato, Roberto Carbone, Umberto Morelli, Silvio Ranise End-to-End Protection of IoT Communications Through Cryptographic Enforcement of Access Control Policies
In: Proceedings of the 36th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2022) (DOI, complementary material)
Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Silvio Ranise SoK: A Survey on Technological Trends for (pre)Notified eIDAS Electronic Identity Schemes
In: 17th International Workshop on Frontiers in Availability, Reliability and Security (FARES2022) (DOI, complementary material, news)
Amir Sharif, Matteo Ranzi, Roberto Carbone, Giada Sciarretta, Francesco Antonio Marino, Silvio Ranise The eIDAS Regulation: A Survey of Technological Trends for European Electronic Identity Schemes
In: MDPI Journal of Applied Science (APPLSCI) (DOI, complementary material, news)
2021
Salimeh Dashti, Amir Sharif, Roberto Carbone, Silvio Ranise Automated Risk Assessment and What-if Analysis of OpenID Connect and OAuth 2.0 Deployments
In: Proceedings of the 35th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2021) (news)
Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise Best Current Practices for OAuth/OIDC Native Apps: A Study of their Adoption in Popular Providers and Top-Ranked Android Clients
In: Journal of Information Security and Applications (JISA) (DOI, news)
Andreas Heider-Aviet, Danny Roswin Ollik, Stefano Berlato, Silvio Ranise, Roberto Carbone, Van Thanh Le, Nabil El Ioini, Claus Pahl, Hamid R. Berzegar Blockchain Based RAN Data Sharing
In: IEEE International Conference on Smart Data Services (SMDS 2021) (DOI)
Stefano Berlato, Roberto Carbone, Silvio Ranise Cryptographic Enforcement of Access Control Policies in the Cloud: Implementation and Experimental Assessment
In: 18th International Conference on Security and Cryptography (SECRYPT 2021) (complementary material, news)
Andrea Bisegna, Roberto Carbone, Silvio Ranise Integrating a Pentesting Tool for IdM Protocols in a Continuous Delivery Pipeline
In: 4th International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2021) (DOI)
Marco Centenaro, Stefano Berlato, Roberto Carbone, Gianfranco Burzio, Giuseppe Faranda Cordella, Roberto Riggio, Silvio Ranise Safety-Related Cooperative, Connected, and Automated Mobility Services: Interplay Between Functional and Security Requirements
In: IEEE Vehicular Technology Magazine, Volume 16, Issue 4, December 2021, Pages 78-88 (DOI)
2020
Amir Sharif, Roberto Carbone, Giada Sciarretta, Silvio Ranise Automated and Secure Integration of the OpenID Connect iGov Profile in Mobile Native Applications
In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI, complementary material)
Andrea Bisegna, Roberto Carbone, Mariano Ceccato, Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi, Emanuele Viglianisi Automated Assistance to the Security Assessment of API for Financial Services in book Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures
In: Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures (DOI)
Stefano Berlato, Roberto Carbone, Adam J. Lee, Silvio Ranise Exploring Architectures for Cryptographic Access Control Enforcement in the Cloud for Fun and Optimization
In: 15th ACM ASIA Conference on Computer and Communications Security (ASIACCS 2020) (DOI, complementary material, news)
Roberto Carbone, Silvio Ranise, Giada Sciarretta, Luca Viganò Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login
In: ACM Transactions on Privacy and Security (TOPS) (DOI, complementary material, news)
Stefano Berlato, Roberto Carbone, Adam J. Lee, Silvio Ranise Formal Modelling and Automated Trade-Off Analysis of Enforcement Architectures for Cryptographic Access Control in the Cloud
In: ACM Transactions on Privacy and Security (TOPS) (complementary material)
Andrea Bisegna, Roberto Carbone, Giulio Pellizzari, Silvio Ranise Micro-Id-Gym: a Flexible Tool for Pentesting Identity Management Protocols in the Wild and in the Laboratory
In: 3rd International Workshop on Emerging Technologies for Authorization and Authentication (ETAA2020) (DOI)
Marco Centenaro, Stefano Berlato, Roberto Carbone, Gianfranco Burzio, Giuseppe Faranda Cordella, Silvio Ranise, Roberto Riggio Security Considerations on 5G-Enabled Back-Situation Awareness for CCAM
In: 3rd IEEE 5G World Forum (5GWF20) (news)
Marco Pernpruner, Roberto Carbone, Silvio Ranise, Giada Sciarretta The Good, the Bad and the (Not So) Ugly of Out-Of-Band Authentication with eID Cards and Push Notifications: Design, Formal and Risk Analysis
In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy (CODASPY 2020) (DOI, complementary material, news)
2019
Amir Sharif, Roberto Carbone, Silvio Ranise, Giada Sciarretta A Wizard-Based Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
In: 16th International Conference on Security and Cryptography (SECRYPT 2019) (DOI, complementary material, news)
Andrea Bisegna, Roberto Carbone, Ivan Martini, Valentina Odorizzi, Giulio Pellizzari, Silvio Ranise Micro-Id-Gym: Identity Management Workouts with Container-Based Microservices
In: International Journal of Information Security and Cybercrime (IJISP), Volume 8, Issue 1 (DOI)
Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Silvio Ranise MuFASA: A Tool for High-level Specification and Analysis of Multi-factor Authentication Protocols
In: Emerging Technologies for Authorization and Authentication (ETAA 2019) (DOI, complementary material, news)
2018
Roberto Carbone, Silvio Ranise, Giada Sciarretta Design and Security Assessment of Usable Multi-factor Authentication and Single Sign-On Solutions for Mobile Applications
In: Privacy and Identity Management. Fairness, Accountability, and Transparency in the Age of Big Data (DOI)
Giada Sciarretta, Roberto Carbone, Silvio Ranise, Luca Viganò Design, Formal Specification and Analysis of Multi-Factor Authentication Solutions with a Single Sign-On Experience
In: Principles of Security and Trust (POST 2018) (DOI, news)
2017
Giada Sciarretta, Roberto Carbone, Silvio Ranise, Alessandro Armando Anatomy of the Facebook solution for mobile single sign-on: Security assessment and improvements
In: Computers & Security Journal (COSE), Volume 71, November 2017, Pages 71-86 (DOI)
Avinash Sudhodanan, Roberto Carbone, Luca Compagna, Nicolas Dolgin, Alessandro Armando, Umberto Morelli Large-scale Analysis & Detection of Authentication Cross-Site Request Forgeries
In: 2nd IEEE European Symposium on Security and Privacy (EUROS&P 2017) (DOI, news)
Federico Sinigaglia, Gabriele Costa, Roberto Carbone Strong Authentication for e-Banking: a Survey on European Regulations and Implementations
In: 14th International Conference on Security and Cryptography (SECRYPT 2017) (DOI, news)
2016
Giada Sciarretta, Roberto Carbone, Silvio Ranise A delegated authorization solution for smart-city mobile applications
In: 2nd International Forum on Research and Technologies for Society and Industry (RTSI 2016) (DOI)
Avinash Sudhodanan, Alessandro Armando, Luca Compagna, Roberto Carbone Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications
In: Network and Distributed System Security Symposium (NDSS 2016) (news)
Giada Sciarretta, Alessandro Armando, Roberto Carbone, Silvio Ranise Security of Mobile Single Sign-On: a Rational Reconstruction of Facebook Login Solution
In: 13th International Conference on Security and Cryptography (SECRYPT 2016) (DOI, news)
2014
Alessandro Armando, Roberto Carbone, Eyasu Getahun Chekole, Silvio Ranise Attribute Based Access Control for APIs in Spring Security
In: 18th ACM Symposium on Access Control Models and Technologies (SACMAT 2014) (DOI, news)
Alessandro Armando, Roberto Carbone, Luca Compagna SATMC: A SAT-Based Model Checker for Security-Critical Systems
In: 20th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2014) (DOI)
Alessandro Armando, Roberto Carbone, Eyasu Getahun Chekole, Claudio Petrazzuolo, Andrea Ranalli, Silvio Ranise Selective Release of Smart Metering Data in Multi-domain Smart Grids
In: Second Open EIT ICT Labs Workshop on Smart Grid Security (SmartGridSec14) (DOI, news)
2011
Alessandro Armando, Roberto Carbone, Silvio Ranise Automated analysis of semantic-aware access control policies: a logic-based approach
In: 2011 IEEE Fifth International Conference on Semantic Computing (ICSC 2011) (DOI)
May 5, 2022 •
Specialized
Roberto Carbone, Giuseppe De Marco, Francesco Antonio Marino, Silvio Ranise, Giada Sciarretta, Amir Sharif Cross-Domain Sharing of User Claims: A Proposal for OIDC
OAuth Security Workshop (OSW) 2022
(Event)
2021
March 11, 2021 •
Specialized
Andrea Bisegna, Roberto Carbone, Marco Pernpruner, Silvio Ranise Scenari, approcci, esperienze di strong authentication pre e post direttiva PSD2
Tech Talk (DedaGroup)
2019
March 22, 2019 •
Specialized
Roberto Carbone, Silvio Ranise, Giada Sciarretta, Amir Sharif An Approach for Secure Code Generation of Single Sign-On and Access Delegation Solutions for Mobile Native Apps
OAuth Security Workshop (OSW) 2019
(Event, Program)
Supervised Theses
2023
Luigi Dell'Eva (Bachelor's Thesis, University of Trento, 2023) Chatting is Healthy: How Better Cybersecurity Hygiene can be Obtained by Integrating Chatbots with Pentesting Tools
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Ion Andy Ditu (Bachelor's Thesis, University of Trento, 2023) Leveraging Trusted Execution Environment for Efficient Revocation and Security in Cryptographic Access Control
Supervisors: Silvio Ranise |
Co-supervisors: Roberto Carbone, Stefano Berlato
Erica Elia (Master's Thesis, University of Trento, 2023) A Key Recovery Protocol based on Threshold Secret Sharing for Cryptographic Access Control in the Cloud: The CryptoAC use case
Supervisors: Silvio Ranise |
Co-supervisors: Roberto Carbone, Stefano Berlato
Alessandro Biasi (Bachelor's Thesis, University of Trento, 2023) Syntax and Semantics of a Declarative Language for Security Testing of Browser-based Security Protocols
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
2022
Matteo Bitussi (Bachelor's Thesis, University of Trento, 2022) Declarative Specification of Pentesting Strategies for Browser-based Security Protocols: the Case Studies of SAML and OAuth/OIDC
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Eleonora Marchesini (Master's Thesis, University of Trento, 2022) Design and Implementation of a Cybersecurity Chatbot for Identity Management Protocols: the SAML and Slack Use Case
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Sofia Zanrosso (Bachelor's Thesis, University of Trento, 2022) Enlarging the Pen-Test Coverage of SAML Single Sign-On Solutions with Cyber Threat Intelligence
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Michele Zucchelli (Bachelor's Thesis, University of Trento, 2022) Pimp My Micro-Id-Gym: Enhancing the Automation and Usability of a Security Testing Tool for Digital Identity Protocol
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Giuseppe Alessio Sciumè (Bachelor's Thesis, University of Trento, 2022) A Comprehensive Analysis of the OAuth 2.0 Threat Model to Develop a Chatbot Providing Actionable Security Suggestions
Supervisors: Silvio Ranise |
Co-supervisors: Roberto Carbone, Andrea Bisegna
Enrico Marconi (Bachelor's Thesis, University of Trento, 2022) Combining Blockchain-as-a-Service and Cryptographic Access Control for Secure Data Sharing Across Multiple Organizations
Supervisors: Silvio Ranise |
Co-supervisors: Roberto Carbone, Stefano Berlato
Alessandro Colombo (Bachelor's Thesis, University of Trento, 2022) Attribute Based Encryption for Advanced Data Protection in IoT with MQTT
Supervisors: Silvio Ranise |
Co-supervisors: Stefano Berlato, Roberto Carbone
2021
Wendy Barreto (Bachelor's Thesis, University of Trento, 2021) Design and implementation of an attack pattern language for the automated pentesting of OAuth/OIDC deployments
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Veronica Cristiano (Master's Thesis, University of Trento, 2021) Key Management for Cryptographic Enforcement of Access Control Policies in the Cloud: The CryptoAC use case
Supervisors: Silvio Ranise |
Co-supervisors: Roberto Carbone, Stefano Berlato
Luca Bazzanella (Bachelor's Thesis, University of Trento, 2021) Analysis of the State of the Art of DevSecOps: The Gitlab case study
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Francesco Defilippo (Bachelor's Thesis, University of Trento, 2021) Attack Patterns for Pentesting SAML 2.0 Web Browser Single Sign-On deployments
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Chaudhry Muhammad Suleman (Master's Thesis, University of Trento, 2021) Cyber-security Risk Assessment for Cooperative, Connected and Automated Mobility Application to Cooperative Lane Merging
Supervisors: Silvio Ranise |
Co-supervisors: Roberto Carbone, Stefano Berlato
Amir Sharif (PhD Thesis, University of Genoa, 2021) Analysis of Best Current Practices to Assist Native App Developers with Secure OAuth/OIDC Implementations
Supervisor: Roberto Carbone |
Co-supervisors: Silvio Ranise, Giada Sciarretta
2020
Stefano Facchini (Bachelor's Thesis, University of Trento, 2020) Design and implementation of an automated tool for checking SAML SSO vulnerabilities and SPID compliance
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Giulio Pellizzari (Master's Thesis, University of Trento, 2020) Micro-Id-Gym: A Tool to Support Sandboxing and Automated Pentesting of Identity Management Protocols
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Federico Sinigaglia (PhD Thesis, University of Genoa, 2020) Security Analysis of Multi-Factor Authentication Security Protocols
Supervisors: Roberto Carbone, Gabriele Costa
Claudio Grisenti (Bachelor's Thesis, University of Trento, 2020) A pentesting tool for OAuth and OIDC deployments
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
2019
Stefano Berlato (Master's Thesis, University of Trento, 2019) A Pragmatic Approach to Handle "Honest But Curious" Cloud Service Providers: Cryptographic Enforcement of Dynamic Access Control Policies
Supervisors: Silvio Ranise |
Co-supervisors: Roberto Carbone
Awards: 3rd place at thesis award "Innovare la sicurezza delle informazioni 2020", sponsored by CLUSIT
Marco Pernpruner (Master's Thesis, University of Verona, 2019) A passwordless out-of-band authentication protocol based on eID cards and push notifications: Design and formal security analysis
Supervisors: Massimo Merro |
Co-supervisors: Giada Sciarretta, Roberto Carbone
Lorenzo Tait (Bachelor's Thesis, University of Trento, 2019) A Customized Threat Modeling for Secure Deployment And Pentesting of SAML SSO Solutions
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
2018
Valentina Odorizzi (Bachelor's Thesis, University of Trento, 2018) Progettazione e sviluppo di uno strumento per l'analisi automatica di vulnerabilità "Missing XML Validation" in SAML SSO
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Saverio Turetta (Bachelor's Thesis, University of Trento, 2018) Analysis of the State of the Art in Android Dynamic Analysis Tools
Supervisors: Silvio Ranise |
Co-supervisors: Roberto Carbone, Amir Sharif
Ivan Martini (Bachelor's Thesis, University of Trento, 2018) An automated security testing framework for SAML SSO deployments
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Giulio Pellizzari (Bachelor's Thesis, University of Trento, 2018) Design and implementation of a tool to detect Login Cross-Site Request Forgery in SAML SSO: G Suite case study
Supervisors: Silvio Ranise |
Co-supervisors: Andrea Bisegna, Roberto Carbone
Giada Sciarretta (PhD Thesis, University of Trento, 2018) A Methodology for the Design and Security Assessment of Mobile Identity Management: Applications to real-world scenarios
Supervisors: Silvio Ranise |
Co-supervisors: Alessandro Armando, Roberto Carbone
2017
Avinash Sudhodanan (PhD Thesis, University of Trento, 2017) Black-Box Security Testing of Browser-Based Security Protocols
Supervisors: Alessandro Armando |
Co-supervisors: Roberto Carbone, Luca Compagna