Our latest work on adversarial machine learning was accepted for publication at Computers & Security. We propose resilience, a new formal notion of security for classifiers deployed in adversarial settings, which mitigates significant problems of the traditional robustness notion. We thus propose an algorithm to soundly verify resilience for tree-based classifiers like Random Forest and we experimentally prove the effectiveness… Read more »

Glad to announce that our paper on client-side web security inconsistencies has been accepted at USENIX Security and will be presented in August 2022! Read how web application security crumbles when the same page grants different levels of protection to different clients, thus leading to the “security lottery” phenomenon 🙂 The paper is available here

Our work “Certifying machine learning models against evasion attacks by program analysis” has been accepted at the Journal of Computer Security! This is a significantly extended version of prior work published at ESORICS 2020, where we only focused on decision tree models. In this version we extend the same approach to other classes of machine learning models and we leverage… Read more »

Happy to announce that our empirical analysis of the use of web storage in the wild has been accepted for publication at MadWeb’22, co-located with NDSS. This is joint work with students Zubair Ahmad and Samuele Casarin: congratulations to them on their first paper!

Our article on “secure feature partitioning” has been accepted at the EURASIP Journal on Information Security! We discuss how to improve the robustness of machine learning models by training ensembles of classifiers based on disjoint sets of features. This provides state-of-the-art security against attackers based on the L0-distance. More information in our article.

Happy to announce that our latest web session security study has been accepted for publication at Computers & Security! Grab it while it’s fresh here.

I’m happy to announce that our investigation on same-site attacks has been accepted at the USENIX Security Symposium 2021. The paper is available on this site, I hope you will enjoy that!

I’m glad to announce that two papers got recently accepted and will be available online soon: “The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches” identifies a new attack on service workers caches, quantifies its prevalence in the wild and proposes countermeasures “AMEBA: An Adaptive Approach to the Black-Box Evasion of Machine Learning Models” identifies a trade-off… Read more »

Glad to announce that our work on web security inconsistencies and our Site Policy proposal to fix them has been accepted to the next edition of NDSS! The paper will be available soon on this site.

I’m happy to announce that two papers have been accepted at ESORICS 2020. The first one is about the security certification of decision tree models, while the other one is about a holistic and formally verified approach to the security monitoring of web protocols. Both papers will be available soon on my homepage.