Security & Trust

Salvatore Manfredi

Salvatore Manfredi Researcher

Salvatore Manfredi is a researcher at the Center for Cybersecurity.

He earned his Bachelor’s degree in Computer Science from the University of Catania in 2016 and his Master’s degree in 2019 from the University of Trento. He received his Ph.D. in Secure and Reliable Systems from the University of Genoa in 2023.

In recent years, he has worked on the security analysis of the authentication scheme for the Italian electronic identity card (CIE 3.0) and on the Horizon 2020-funded FINSEC project. Recently, he joined the team working on MERIT, an EU project that aims to create a dynamic educational ecosystem for the training of digital specialists.

His research interests include network security, awareness training, and risk management of TLS configurations.

Publications

2022

  • Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
    A Modular and Extensible Framework for Securing TLS
    In: Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy (CODASPY 2022) (DOI, news)
  • Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
    Demo: TLSAssistant v2 - A Modular and Extensible Framework for Securing TLS
    In: Proceedings of the 27th ACM Symposium on Access Control Models and Technologies (SACMAT 2022) (DOI, news)
  • Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
    Empirical Validation on the Usability of Security Reports for Patching TLS Misconfigurations: User- and Case-Studies on Actionable Mitigations
    In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (DOI)

2021

  • Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
    Do Security Reports Meet Usability? - Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations
    In: The 16th International Conference on Availability, Reliability and Security (ARES 2021) (ETACS 2021) (DOI, complementary material, news)

2020

  • Andrea Bisegna, Roberto Carbone, Mariano Ceccato, Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi, Emanuele Viglianisi
    Automated Assistance to the Security Assessment of API for Financial Services in book Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures
    In: Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures (DOI)
  • Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi
    TLSAssistant goes FINSEC: A Security Platform Integration Extending Threat Intelligence Language
    In: 1st International Workshop on Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP 2020)

2019

  • Salvatore Manfredi, Silvio Ranise, Giada Sciarretta
    Lost in TLS? No More! Assisted Deployment of Secure TLS Configurations
    In: Proceedings of the 33rd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2019), vol. 11559, pp. 201-220 (DOI, news)

Theses

  • Salvatore Manfredi (PhD Thesis, University of Genoa, 2023)
    Automated Assistance for Actionable Security: Security and Compliance of TLS Configurations (link)
    Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
  • Salvatore Manfredi (Master's Thesis, University of Trento, 2019)
    Assisting users in securing TLS configurations
    Supervisors: Silvio Ranise | Co-supervisor: Giada Sciarretta

Projects

Former

Dissemination

2023

  • September 29, 2023 • General
    Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta
    Siamo al sicuro? Mettiamoci alla prova! Un viaggio nel mondo della sicurezza informatica
    Notte della Ricerca 2023 (Event)
  • February 16-17, 2023 • School
    Salvatore Manfredi, Giada Sciarretta
    Avvicinamento alla sicurezza informatica
    Istituto Comprensivo Civezzano, Trento

2022

  • February 21-25, 2022 • School
    Salvatore Manfredi, Giada Sciarretta
    Giornata mondiale per la Sicurezza in Rete
    Istituto Comprensivo Civezzano, Trento

2021

  • November 11, 2021 • Specialized
    Salvatore Manfredi
    TLSAssistant - uno strumento per identificare e mitigare le vulnerabilità di TLS
    Security Summit Streaming Edition 2021 (Details, Slides)
  • September 30, 2021 • Specialized
    Salvatore Manfredi
    TLSAssistant - a comprehensive tool for identifying and mitigating TLS vulnerabilities
    OWASP Italy Meetup 2021 (Event)
  • September 24, 2021 • General
    Salvatore Manfredi, Umberto Morelli, Giada Sciarretta, Alessandro Tomasi
    Siamo al sicuro? Mettiamoci alla prova! Avvicinamento alla sicurezza informatica
    Notte dei Ricercatori 2021 (Event)

2019

  • September 27, 2019 • General
    Salvatore Manfredi, Umberto Morelli, Alessandro Tomasi
    Ti senti al sicuro? Sicurezza online, identità digitale e uso della carta d'identità elettronica
    Notte dei Ricercatori 2019 (Event, Program)
  • February 18-22, 2019 • School
    Matteo Leonelli, Salvatore Manfredi, Umberto Morelli, Giada Sciarretta, Silvio Ranise
    Pro[M] Camp 2019
    Pro[M] Camp 2019 (Event)

Supervised Theses

2023

  • Sara Sorrentino (Bachelor's Thesis, University of Trento, 2023)
    Use of Gamification for Effective Cybersecurity Awareness Programs: Study and Design of a Novel Framework
    Supervisors: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi
  • Riccardo Germenia (Bachelor's Thesis, University of Trento, 2023)
    A Module to Evaluate the Security Compliance of TLS Deployments: Design and Implementation of a Mechanized Methodology
    Supervisors: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi

2022

  • Federico Cucino (Bachelor's Thesis, University of Trento, 2022)
    Miglioramento delle capacità di analisi di TLSAssistant - Automatizzazione delle mitigazioni per NGINX
    Supervisors: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Giada Sciarretta
  • Ivan Valentini (Bachelor's Thesis, University of Trento, 2022)
    Estensione delle capacità di analisi di TLSAssistant - Rilevazione e mitigazione di ALPACA, POODLE e Raccoon
    Supervisors: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Giada Sciarretta

2021

  • Matteo Rizzi (Bachelor's Thesis, University of Trento, 2021)
    TLS Analyzers for Android Apps: State-of-the-art Analysis and Integration in TLSAssistant
    Supervisors: Silvio Ranise | Co-supervisors: Giada Sciarretta, Salvatore Manfredi
    Awards: 3rd place at thesis award "Innovare la sicurezza delle informazioni 2021", sponsored by CLUSIT
  • Alessandro Pegoraro (Bachelor's Thesis, University of Trento, 2021)
    Payment Services Directive 2 in the Wild - A comparison between Open Banking UK and NextGenPSD2
    Supervisors: Silvio Ranise | Co-supervisors: Giada Sciarretta, Salvatore Manfredi