Publications

The versions of the papers given here are not necessarily identical to any of the previously published ones. I believe that the technical contents are the same. The documents distributed by this server have been provided as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author’s copyright. These works may not be reposted without the explicit permission of the copyright holder.

Journal Articles

  1. Semantics-based analysis of Content Security Policy deployment with Alvise Rabitti and Michele Bugliesi, in ACM Transactions on the Web (TWEB), to appear.
  2. Surviving the Web: a journey into web session security with Riccardo Focardi, Marco Squarcina and Mauro Tempesta, in ACM Computing Surveys (CSUR), 2017.
  3. Formal methods for web security with Michele Bugliesi and Riccardo Focardi, in Journal of Logical and Algebraic Methods in Programming (JLAMP), 2017.
  4. Security protocol specification and verification with AnBx with Michele Bugliesi, Paolo Modesti and Sebastian Moedersheim, in Journal of Information Security and Applications (JISA), 2016.
  5. CookiExt: patching the browser against session hijacking attacks with Michele Bugliesi, Riccardo Focardi and Wilayat Khan, in Journal of Computer Security (JCS), 2015.
  6. A supervised learning approach to protect client authentication on the Web with Gabriele Tolomei, Andrea Casini, Michele Bugliesi and Salvatore Orlando, in ACM Transactions on the Web (TWEB), 2015. [ dataset ]
  7. Affine refinement types for secure distributed programming with Michele Bugliesi, Fabienne Eigner and Matteo Maffei, in ACM Transactions on Programming Languages and Systems (TOPLAS), 2015.

Conference Papers

  1. Dr Cookie and Mr Token – Web session implementations and how to live with them with Alvise Rabitti and Michele Bugliesi, in Italian Conference on Cybersecurity (ITASEC), 2018.
  2. Surviving the Web: a journey into web session security (extended abstract) with Riccardo Focardi, Marco Squarcina and Mauro Tempesta, in The Web Conference (Journal Track), 2018. [ full version ]
  3. CCSP: Controlled relaxation of content security policies by runtime policy composition with Alvise Rabitti and Michele Bugliesi, in USENIX Security Symposium, 2017.
  4. A sound flow-sensitive heap abstraction for the static analysis of Android applications with Ilya Grishchenko, Adrien Koutsos and Matteo Maffei, in IEEE Computer Security Foundations Symposium (CSF), 2017.
  5. Content Security Problems? Evaluating the effectiveness of Content Security Policy in the wild with Alvise Rabitti and Michele Bugliesi, in ACM Conference on Computer and Communication Security (CCS), 2016.
  6. Static detection of collusion attacks in ARBAC-based workflow systems with Alvise Rabitti, Enrico Steffinlongo and Michele Bugliesi, in IEEE Computer Security Foundations Symposium (CSF), 2016.
  7. Micro-policies for web session security with Riccardo Focardi, Matteo Maffei and Niklas Grimm, in IEEE Computer Security Foundations Symposium (CSF), 2016.
  8. HornDroid: Sound and practical static analysis of Android applications by SMT solving with Ilya Grishchenko and Matteo Maffei, in IEEE European Symposium on Security and Privacy (EuroS&P), 2016. [ website ]
  9. Compositional typed analysis of ARBAC policies with Alvise Rabitti and Michele Bugliesi, in IEEE Computer Security Foundations Symposium (CSF), 2015. [ full version ]
  10. Fine-grained detection of privilege escalation attacks on browser extensions with Silvia Crafa, Enrico Steffinlongo and Michele Bugliesi, in European Symposium on Programming (ESOP), 2015. [ full version ]
  11. Formal verification of Liferay RBAC with Alvise Rabitti and Michele Bugliesi, in International Symposium on Engineering Secure Software and Systems (ESSoS), 2015. [ full version ]
  12. Client side web session integrity as a non-interference property with Wilayat Khan, Michele Bugliesi, Willem De Groef and Frank Piessens, in International Conference on Information and System Security (ICISS), 2014.
  13. Provably sound browser-based enforcement of web session integrity with Michele Bugliesi, Riccardo Focardi, Wilayat Khan and Mauro Tempesta, in IEEE Computer Security Foundations Symposium (CSF), 2014. [ full version ]
  14. Quite a mess in my cookie jar! Leveraging machine learning to protect web authentication with Gabriele Tolomei, Michele Bugliesi and Salvatore Orlando, in International World Wide Web Conference (WWW), 2014.
  15. Automatic and robust client-side protection for cookie-based sessions with Michele Bugliesi, Riccardo Focardi and Wilayat Khan, in International Symposium on Engineering Secure Software and Systems (ESSoS), 2014.
  16. Lintent: towards security type-checking of Android applications with Michele Bugliesi and Alvise Spanò, in IFIP Joint International Conference on Formal Techniques for Distributed Systems (FORTE/FMOODS), 2013.
  17. Logical foundations of secure resource management in protocol implementations with Michele Bugliesi, Fabienne Eigner and Matteo Maffei, in International Conference on Principles of Security and Trust (POST), 2013.
  18. Affine refinement types for authentication and authorization with Michele Bugliesi, Fabienne Eigner and Matteo Maffei, in International Symposium on Trustworthy Global Computing (TGC), 2012.
  19. Gran: model checking grsecurity RBAC policies with Michele Bugliesi, Riccardo Focardi and Marco Squarcina, in IEEE Computer Security Foundations Symposium (CSF), 2012.
  20. Resource-aware authorization policies for statically typed cryptographic protocols with Michele Bugliesi, Fabienne Eigner and Matteo Maffei, in IEEE Computer Security Foundations Symposium (CSF), 2011.
  21. Secrecy and authenticity types for secure distributed messaging with Michele Bugliesi and Damiano Macedonio, in Joint Workshop on Automated Reasoning for Security Protocol
    Analysis and Issues in the Theory of Security (ARSPA-WITS)
    , 2010.

PhD Dissertation