Security & Trust

Salvatore Manfredi

Salvatore Manfredi Researcher

Salvatore Manfredi is a researcher at the Center for Cybersecurity.

He earned his Ph.D. in Secure and Reliable Systems from the University of Genoa in 2023, focusing on the automated assistance of TLS configurations. In the last few years, he has worked on the security analysis of the authentication scheme for the Italian eID (CIE 3.0), the Horizon 2020-funded FINSEC project, and the definition of learning outcomes for the MERIT Master of Research. He recently joined Universitat Politècnica de Catalunya as an adjunct professor.

His research interests include network security, awareness training, and risk management of TLS configurations. He also holds dissemination events for middle, high school and the general public.

Publications

2024

  • Riccardo Germenia, Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta, Alessandro Tomasi, Silvio Ranise
    Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints
    In: 21th International Conference on Security and Cryptography (SECRYPT 2024) (DOI, complementary material, news)
  • Silvia Ricciuti, Simona Stoklin, Francesca Giuliano, Christian Mari, Massimiliano Zanchiello, Salvatore Manfredi
    Emerging security and legal challenges within renewable energy communities: key prevention and defence strategies
    In: 2024 AEIT International Annual Conference (AEIT 2024) (DOI)

2022

  • Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
    A Modular and Extensible Framework for Securing TLS
    In: Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy (CODASPY 2022) (DOI, news)
  • Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
    Demo: TLSAssistant v2 - A Modular and Extensible Framework for Securing TLS
    In: Proceedings of the 27th ACM Symposium on Access Control Models and Technologies (SACMAT 2022) (DOI, news)
  • Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
    Empirical Validation on the Usability of Security Reports for Patching TLS Misconfigurations: User- and Case-Studies on Actionable Mitigations
    In: Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (DOI)

2021

  • Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise
    Do Security Reports Meet Usability? - Lessons Learned from Using Actionable Mitigations for Patching TLS Misconfigurations
    In: The 16th International Conference on Availability, Reliability and Security (ARES 2021) (ETACS 2021) (DOI, complementary material, news)

2020

  • Andrea Bisegna, Roberto Carbone, Mariano Ceccato, Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi, Emanuele Viglianisi
    Automated Assistance to the Security Assessment of API for Financial Services in book Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures
    In: Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures (DOI)
  • Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi
    TLSAssistant goes FINSEC: A Security Platform Integration Extending Threat Intelligence Language
    In: 1st International Workshop on Cyber-Physical Security for Critical Infrastructures Protection (CPS4CIP 2020)

2019

  • Salvatore Manfredi, Silvio Ranise, Giada Sciarretta
    Lost in TLS? No More! Assisted Deployment of Secure TLS Configurations
    In: Proceedings of the 33rd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2019), vol. 11559, pp. 201-220 (DOI, news)

Theses

  • Salvatore Manfredi (PhD Thesis, University of Genoa, 2023)
    Automated Assistance for Actionable Security: Security and Compliance of TLS Configurations (link)
    Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta
  • Salvatore Manfredi (Master's Thesis, University of Trento, 2019)
    Assisting users in securing TLS configurations
    Supervisor: Silvio Ranise | Co-supervisor: Giada Sciarretta

Projects

Former

Dissemination

2024

  • March 21, 2024 • School
    Salvatore Manfredi, Giada Sciarretta
    Identità digitale
    Liceo Scientifico "Galileo Galilei", Trento
  • March 15, 2024 • School
    Salvatore Manfredi, Giada Sciarretta
    Consapevolezza e Sicurezza Informatica
    ENAIP Trentino, Trento

2023

  • September 29, 2023 • General
    Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta
    Siamo al sicuro? Mettiamoci alla prova! Un viaggio nel mondo della sicurezza informatica
    Notte della Ricerca 2023 (Event)
  • February 16-17, 2023 • School
    Salvatore Manfredi, Giada Sciarretta
    Avvicinamento alla sicurezza informatica
    Istituto Comprensivo Civezzano, Trento

2022

  • February 21-25, 2022 • School
    Salvatore Manfredi, Giada Sciarretta
    Giornata mondiale per la Sicurezza in Rete
    Istituto Comprensivo Civezzano, Trento

2021

  • November 11, 2021 • Specialized
    Salvatore Manfredi
    TLSAssistant - uno strumento per identificare e mitigare le vulnerabilità di TLS
    Security Summit Streaming Edition 2021 (Details, Slides)
  • September 30, 2021 • Specialized
    Salvatore Manfredi
    TLSAssistant - a comprehensive tool for identifying and mitigating TLS vulnerabilities
    OWASP Italy Meetup 2021 (Event)
  • September 24, 2021 • General
    Salvatore Manfredi, Umberto Morelli, Giada Sciarretta, Alessandro Tomasi
    Siamo al sicuro? Mettiamoci alla prova! Avvicinamento alla sicurezza informatica
    Notte dei Ricercatori 2021 (Event)

2019

  • September 27, 2019 • General
    Salvatore Manfredi, Umberto Morelli, Alessandro Tomasi
    Ti senti al sicuro? Sicurezza online, identità digitale e uso della carta d'identità elettronica
    Notte dei Ricercatori 2019 (Event, Program)
  • February 18-22, 2019 • School
    Matteo Leonelli, Salvatore Manfredi, Umberto Morelli, Giada Sciarretta, Silvio Ranise
    Pro[M] Camp 2019
    Pro[M] Camp 2019 (Event)

Supervised Theses

2024

  • Matteo Bregola (Bachelor's Thesis, University of Trento, 2024)
    Comprehensive Analysis of Breach and Attack Simulation Tools - A Theoretical and Framework-Driven Assessment of Their Capabilities, Advantages, and Limitations
    Supervisor: Silvio Ranise | Co-supervisors: Matteo Rizzi, Salvatore Manfredi, Pietro De Matteis
  • Filippo De Grandi (Bachelor's Thesis, University of Trento, 2024)
    BAS Tools - Implementation of an Attack Pattern to Mimic a Threat Actor
    Supervisor: Domenico Siracusa | Co-supervisors: Matteo Rizzi, Salvatore Manfredi, Pietro De Matteis
  • Alessandro Fontana (Bachelor's Thesis, University of Trento, 2024)
    Rilevamento Automatico di Vulnerabilità TLS su iOS e Android
    Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi

2023

  • Sara Sorrentino (Bachelor's Thesis, University of Trento, 2023)
    Use of Gamification for Effective Cybersecurity Awareness Programs: Study and Design of a Novel Framework
    Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi
  • Riccardo Germenia (Bachelor's Thesis, University of Trento, 2023)
    A Module to Evaluate the Security Compliance of TLS Deployments: Design and Implementation of a Mechanized Methodology
    Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi

2022

  • Federico Cucino (Bachelor's Thesis, University of Trento, 2022)
    Miglioramento delle capacità di analisi di TLSAssistant - Automatizzazione delle mitigazioni per NGINX
    Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Giada Sciarretta
  • Ivan Valentini (Bachelor's Thesis, University of Trento, 2022)
    Estensione delle capacità di analisi di TLSAssistant - Rilevazione e mitigazione di ALPACA, POODLE e Raccoon
    Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Giada Sciarretta

2021

  • Matteo Rizzi (Bachelor's Thesis, University of Trento, 2021)
    TLS Analyzers for Android Apps: State-of-the-art Analysis and Integration in TLSAssistant
    Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Salvatore Manfredi
    Awards: 3rd place at thesis award "Innovare la sicurezza delle informazioni 2021", sponsored by CLUSIT
  • Alessandro Pegoraro (Bachelor's Thesis, University of Trento, 2021)
    Payment Services Directive 2 in the Wild - A comparison between Open Banking UK and NextGenPSD2
    Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Salvatore Manfredi