ACADIA’s talks are held weekly in Sala Riunioni, via Torino 155, Mestre Venezia.

Talks may be introductory lessons or tutorials, seminars on original research topics, reviews of remarkable research results.

  • 19/07/2017 – Talks by Mauro Tempesta, Francesco Palmarini, Heider Wahsheh, Marco Squarcina

    The program of the day will be:

    11.00 Mauro Tempesta
    11.20 Francesco Palmarini
    11.40 Heider Wahsheh
    14.00 Marco Squarcina

    Titles and abstracts follow:

    Title: Run-time Attack Detection in Cryptographic APIs
    Speaker: Marco Squarcina
    Cryptographic APIs are often vulnerable to attacks that compromise
    sensitive cryptographic keys. In the literature we find many proposals
    for preventing or mitigating such attacks but they typically require to
    modify the API or to configure it in a way that might break existing
    applications. This makes it hard to adopt such proposals, especially
    because security APIs are often used in highly sensitive settings, such
    as financial and critical infrastructures, where systems are rarely
    modified and legacy applications are very common. In this talk we
    propose a different approach. We introduce an effective method to
    monitor existing cryptographic systems in order to detect, and possibly
    prevent, the leakage of sensitive cryptographic keys. The method
    collects logs for various devices and cryptographic services and is able
    to detect, offline, any leakage of sensitive keys, under the assumption
    that a key fingerprint is provided for each sensitive key. We define key
    security formally and we prove that the method is sound, complete and
    efficient. We also show that without key fingerprinting completeness is
    lost, i.e., some attacks cannot be detected. We discuss possible
    practical implementations and we develop a proof-of-concept log analysis
    tool for PKCS#11 that is able to detect, on a significant fragment of
    the API, all key-management attacks from the literature.

  • 14/07/2017 – Talk by Matus Namec

    Title: Measuring Popularity of Cryptographic Libraries in Internet-Wide Scans Fingerprinting
    Time: 11:00
    Location: Skype call
    Type: Research Result
    Speaker: Matus Nemec
    We measure the popularity of cryptographic libraries in large datasets of RSA public keys. We do so by improving a recently proposed method based on biases introduced by alternative implementations of prime selection in different cryptographic libraries. We extend the previous work by applying statistical inference to approximate a share of libraries matching an observed distribution of RSA keys in an inspected dataset (e.g., Internet-wide scan of TLS handshakes). The sensitivity of our method is sufficient to detect transient events such as a periodic insertion of keys from a specific library into Certificate Transparency logs and inconsistencies in archived datasets.

    We apply the method on keys from multiple Internet-wide scans collected in years 2010 through 2017, on Certificate Transparency logs and on separate datasets for PGP keys and SSH keys. The results quantify a strong dominance of OpenSSL with more than 84% TLS keys for Alexa 1M domains, steadily increasing since the first measurement. OpenSSL is even more popular for GitHub client-side SSH keys, with a share larger than 96%. Surprisingly, new certificates inserted in Certificate Transparency logs on certain days contain more than 20% keys most likely originating from Java libraries, while TLS scans contain less than 5% of such keys.

    Since the ground truth is not known, we compared our measurements with other estimates and simulated different scenarios to evaluate the accuracy of our method. To our best knowledge, this is the first accurate measurement of the popularity of cryptographic libraries not based on proxy information like web server fingerprinting, but directly on the number of observed unique keys.

  • 14/02/2017 – Talk by Ivan Stojic

    Title: Algorithms for stationary analysis of stochastic Petri nets
    Time: 12:30
    Location: Meeting room, Building Zeta
    Type: Research Result
    Speaker: Ivan Stojic
    Stochastic Petri nets (SPN) are a Markovian formalism for qualitative and quantitative analysis of discrete event dynamic systems. Among other uses, they have been used extensively in performance evaluation of telecommunication systems, computer systems and networks. Analysis of steady-state behaviour of an SPN model usually requires stationary analysis of a continuous-time Markov chain (CTMC) underlying the SPN, whose state space for many practical models is too large to be analysed by direct methods. This serious drawback is shared with many other modeling formalisms and is usually referred to as state space explosion. Usually simulation can be employed to analyse such models. An alternative is to restrict the SPN formalism to product-form SPNs, a class of nets whose unnormalised stationary probability distribution can be obtained in closed form, making stationary analysis much simpler. In this thesis we present algorithms for stationary analysis of SPN models based on efficient encoding of state spaces and transition functions by multi-valued decision diagrams, an efficient data structure. After a short introduction to SPNs and their steady-state analysis, we start with simulation of SPNs and present an algorithm for perfect sampling of SPNs that can be used to directly obtain samples from the stationary distribution. After this, we turn to product-form SPNs and present an algorithm for computation of normalising constant, needed for the normalisation of stationary probabilities in the analysis of product-form models.

  • 15/02/2017 – Talk by Fabiana Zollo

    Title: Social Dynamics on Online Social Media: A Data Science Approach
    Time: 13:00
    Location: Meeting room, Building Zeta
    Type: Research Result
    Speaker: Fabiana Zollo
    Information, rumors, debates shape and reinforce the perception of reality and heavily impact public opinion. Indeed, the way in which individuals influence each other is one of the foundational challenges in several disciplines such as sociology, social psychology, and economics. In particular, on online social networks users tend to select information that is coherent to their system of beliefs and to form polarized groups of like-minded people –i.e, echo chambers– where they reinforce and polarize their pre-existing opinions. Such a context exacerbates misinformation, which has traditionally represented a political, social, and economic risk. In this talk we explore how we can understand social dynamics by analyzing massive data on Facebook. By means of a tight quantitative analysis on 376 millions users we characterize the anatomy of news consumption on a global scale. We show that users tend to focus on a limited set of pages (selective exposure) eliciting a sharp and polarized community structure among news outlets. Moreover, we find similar patterns around the Brexit –the British referendum to leave the European Union– debate, where we observe the spontaneous emergence of two well segregated and polarized groups of users around news oultets. Our findings provide interesting insights about the determinants of polarization and the evolution of core narratives on online debating, and highlight the crucial role of data science techniques to understand and map the information space on online social media. The main aim of this research stream is to identify non-trivial proxies for the early detection of massive (mis)informational cascades. Furthermore, by combining users traces we are able to draft the main concepts and beliefs of the core narrative of an echo chamber and its related perceptions.

  • 21/12/2016 – Talk by Alvise Spanò

    Title: Lw: a new general-purpose programming language
    Time: 13:00
    Location: Meeting room, Building Zeta
    Type: Research Result
    Speaker: Alvise Spanò
    e introduce Lw, a new general purpose, statically typed, strict, impure, functional language supporting cutting-edge features and advanced forms of polymorphism for writing robust, reusable and succinct code. It integrates state-of-the-art advancements in the field of programming languages together with a number of novel bits which makes it ideal for writing big as well as small programs: each heavyweight declarative language construct offers an inferred lightweight counterpart, allowing programmers to design large software architectures that seamlessly coexist with more script-like code.

    Among its highlights: type and kind inference, System-F types and first-class polymorphism, open-world overloading with automatic context-dependant resolution, implicit function parameters and controlled dynamic scoping, Generalized Algebraic Datatypes (GADTs), row types for polymorphic variants and records, powerful kind system supporting higher-order polymorphism and kind polymorphism, first-class modules and much more.

    Resolution of type constraints is central to many language mechanisms, which, combined with overloading, leads to a form of static dispatching that can either be automatic or assisted by the programmer; dually, row-typed records are subject to dynamic dispatching by nature and enables structural subtyping – a.k.a. sound duck typing. And here lies one of Lw’s most notable and novel features: users can turn type constraints into records and viceversa anytime by using a pair of special inject/eject operators, converting a non-first-class entity which basically resembles a dictionary into a first-class record value, and the other way round. This makes two worlds communicate: the world of static resolution and the world of dynamic resolution. Languages out there typically do not define a clear symmetry in this respect; plus, a lot of boilterplate code is often required for switching between the two worlds, when possible at all.
    In Lw this symmetry is crucial and explitly designed, encouraging code reuse.

Read more