Salvatore Manfredi Researcher

Salvatore Manfredi is a researcher at the Center for Cybersecurity.

He earned his Ph.D. in Secure and Reliable Systems from the University of Genoa in 2023, focusing on the automated assistance of TLS configurations. In the last few years, he has worked on the security analysis of the authentication scheme for the Italian eID (CIE 3.0), the Horizon 2020-funded FINSEC project, and the definition of learning outcomes for the MERIT Master of Research. He recently joined Universitat Politècnica de Catalunya as an adjunct professor.

His research interests include network security, awareness training, and risk management of TLS configurations. He also holds dissemination events for middle, high school and the general public.

Publications

2024

Riccardo Germenia, Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta, Alessandro Tomasi, Silvio Ranise
Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints
In: 21th International Conference on Security and Cryptography (SECRYPT 2024) (DOI, complementary material, news)
Silvia Ricciuti, Simona Stoklin, Francesca Giuliano, Christian Mari, Massimiliano Zanchiello, Salvatore Manfredi
Emerging security and legal challenges within renewable energy communities: key prevention and defence strategies
In: 2024 AEIT International Annual Conference (AEIT 2024) (DOI)

2022

Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
A Modular and Extensible Framework for Securing TLS
In: Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy (CODASPY 2022) (DOI, news)
Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
Demo: TLSAssistant v2 - A Modular and Extensible Framework for Securing TLS
In: Proceedings of the 27th ACM Symposium on Access Control Models and Technologies (SACMAT 2022) (DOI, news)
Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
Empirical Validation on the Usability of Security Reports for Patching TLS Misconfigurations: User- and Case-Studies on Actionable Mitigations
In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (DOI)

2021

Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
Do Security Reports Meet Usability? - Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations
In: The 16th International Conference on Availability, Reliability and Security (ARES 2021) (ETACS 2021) (DOI, complementary material, news)

2020

Andrea Bisegna, Roberto Carbone, Mariano Ceccato, Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi, Emanuele Viglianisi
Automated Assistance to the Security Assessment of API for Financial Services in book Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures
In: Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures (DOI)
Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi
TLSAssistant goes FINSEC: A Security Platform Integration Extending Threat Intelligence Language
In: 1st International Workshop on Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP 2020)

2019

Salvatore Manfredi, Silvio Ranise, Giada Sciarretta
Lost in TLS? No More! Assisted Deployment of Secure TLS Configurations
In: Proceedings of the 33rd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2019), vol. 11559, pp. 201-220 (DOI, news)

Theses

Salvatore Manfredi (PhD Thesis, University of Genoa, 2023)
Automated Assistance for Actionable Security: Security and Compliance of TLS Configurations (link)
Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
Salvatore Manfredi (Master's Thesis, University of Trento, 2019)
Assisting users in securing TLS configurations
Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta

Projects

Former

FINSEC

Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures

Dissemination

2024

March 21, 2024 • School
Salvatore Manfredi, Giada Sciarretta
Identità digitale
Liceo Scientifico "Galileo Galilei", Trento

March 15, 2024 • School
Salvatore Manfredi, Giada Sciarretta
Consapevolezza e Sicurezza Informatica
ENAIP Trentino, Trento

2023

September 29, 2023 • General
Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta
Siamo al sicuro? Mettiamoci alla prova! Un viaggio nel mondo della sicurezza informatica
Notte della Ricerca 2023 (Event)

February 16-17, 2023 • School
Salvatore Manfredi, Giada Sciarretta
Avvicinamento alla sicurezza informatica
Istituto Comprensivo Civezzano, Trento

2022

February 21-25, 2022 • School
Salvatore Manfredi, Giada Sciarretta
Giornata mondiale per la Sicurezza in Rete
Istituto Comprensivo Civezzano, Trento

2021

November 11, 2021 • Specialized
Salvatore Manfredi
TLSAssistant - uno strumento per identificare e mitigare le vulnerabilità di TLS
Security Summit Streaming Edition 2021 (Details, Slides)

September 30, 2021 • Specialized
Salvatore Manfredi
TLSAssistant - a comprehensive tool for identifying and mitigating TLS vulnerabilities
OWASP Italy Meetup 2021 (Event)

September 24, 2021 • General
Salvatore Manfredi, Umberto Morelli, Giada Sciarretta, Alessandro Tomasi
Siamo al sicuro? Mettiamoci alla prova! Avvicinamento alla sicurezza informatica
Notte dei Ricercatori 2021 (Event)

2019

September 27, 2019 • General
Salvatore Manfredi, Umberto Morelli, Alessandro Tomasi
Ti senti al sicuro? Sicurezza online, identità digitale e uso della carta d'identità elettronica
Notte dei Ricercatori 2019 (Event, Program)

February 18-22, 2019 • School
Matteo Leonelli, Salvatore Manfredi, Umberto Morelli, Giada Sciarretta, Silvio Ranise
Pro[M] Camp 2019
Pro[M] Camp 2019 (Event)

Supervised Theses

2024

Matteo Bregola (Bachelor's Thesis, University of Trento, 2024)
Comprehensive Analysis of Breach and Attack Simulation Tools - A Theoretical and Framework-Driven Assessment of Their Capabilities, Advantages, and Limitations
Supervisor: Silvio Ranise | Co-supervisors: Matteo Rizzi, Salvatore Manfredi, Pietro De Matteis
Filippo De Grandi (Bachelor's Thesis, University of Trento, 2024)
BAS Tools - Implementation of an Attack Pattern to Mimic a Threat Actor
Supervisor: Domenico Siracusa | Co-supervisors: Matteo Rizzi, Salvatore Manfredi, Pietro De Matteis
Alessandro Fontana (Bachelor's Thesis, University of Trento, 2024)
Rilevamento Automatico di Vulnerabilità TLS su iOS e Android
Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi

2023

Sara Sorrentino (Bachelor's Thesis, University of Trento, 2023)
Use of Gamification for Effective Cybersecurity Awareness Programs: Study and Design of a Novel Framework
Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi
Riccardo Germenia (Bachelor's Thesis, University of Trento, 2023)
A Module to Evaluate the Security Compliance of TLS Deployments: Design and Implementation of a Mechanized Methodology
Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi

2022

Federico Cucino (Bachelor's Thesis, University of Trento, 2022)
Miglioramento delle capacità di analisi di TLSAssistant - Automatizzazione delle mitigazioni per NGINX
Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Giada Sciarretta
Ivan Valentini (Bachelor's Thesis, University of Trento, 2022)
Estensione delle capacità di analisi di TLSAssistant - Rilevazione e mitigazione di ALPACA, POODLE e Raccoon
Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Giada Sciarretta

2021

Matteo Rizzi (Bachelor's Thesis, University of Trento, 2021)
TLS Analyzers for Android Apps: State-of-the-art Analysis and Integration in TLSAssistant
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Salvatore Manfredi
Awards: 3rd place at thesis award "Innovare la sicurezza delle informazioni 2021", sponsored by CLUSIT
Alessandro Pegoraro (Bachelor's Thesis, University of Trento, 2021)
Payment Services Directive 2 in the Wild - A comparison between Open Banking UK and NextGenPSD2
Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Salvatore Manfredi

Contacts

Links