Glad to announce that our paper “Treant: Training Evasion-Aware Decision Trees” has been accepted on Data Mining and Knowledge Discovery. The paper will also be presented in the Journal Track of ECML/PKDD 2020, so don’t miss the talk 🙂
Glad to announce that our paper on inconsistencies in click-jacking protection has been accepted at the USENIX Security Symposium and is now available online!
The published versions of our ITASEC’20 and CSF’20 papers are finally available! Feel free to take a look at them 🙂
I’m happy to announce the birth of SecWeb 2020, the first workshop on “designing security for the Web”, which I will co-chair with Ben Stock (CISPA). The goal of the workshop is discussing how to move forward the current state of web security mechanisms, possibly by breaking today’s Web to improve its security tomorrow. The workshop aims at making industry… Read more »
Our last NDSS paper on the CSP deployment from 2012 to 2018 is finally available here.
I’m glad to announce that our paper on language-based techniques to enforce integrity of web sessions has been accepted at IEEE CSF 2020! A lot of work was put into this project and I look forward to uploading the final version incorporating the reviewers’ comments as soon as possible.
Our historical analysis of the evolution of the CSP deployment has been accepted at NDSS 2020! Great collaboration with colleagues from CISPA and Stony Brooks, the paper will be available online soon.
Excited to have our first paper on adversarial learning accepted at CIKM 2019! In the paper we show how to generalize the adversarial training approach by Madry et al. to decision trees, an important class of models which do not fit the assumptions underlying the original construction. If you are interested in the topic, you can find the paper here.
Our latest paper on web session security has been accepted at ESORICS 2019! It presents an overview of attacks and existing countermeasures, and proposes testing strategies to identify implementation flaws which may undermine security. Our approach found several vulnerabilities in existing websites, have a look here for more!
Our paper on automated black-box detection of CSRF vulnerabilities has been accepted at the IEEE European Symposium on Security and Privacy. You can read about our research here.