Stefano Calzavara

ACM Trans. Web, February, 2024

Watermarking Decision Tree Ensembles.

[BibT_eX]

[DOI]

CoRR, 2024

Timber! Poisoning Decision Trees.

[BibT_eX]

[DOI]

Massimo Vettori

CoRR, 2024

Verifiable Boosted Tree Ensembles.

[BibT_eX]

[DOI]

Giulio Ermanno Pibiri

CoRR, 2024

Web Platform Threats: Automated Detection of Web Security Issues With WPT.

[BibT_eX]

[DOI]

Pedro Bernardo

Lorenzo Veronese

Valentino Dalla Valle

Proceedings of the 33rd USENIX Security Symposium, 2024

2023

Special issue: 35th IEEE Computer Security Symposium - CSF 2022.

[BibT_eX]

[DOI]

David A. Naumann

J. Comput. Secur., 2023

Certifying machine learning models against evasion attacks by program analysis.

[BibT_eX]

[DOI]

Pietro Ferrara

J. Comput. Secur., 2023

Explainable Global Fairness Verification of Tree-Based Classifiers.

[BibT_eX]

[DOI]

Proceedings of the 2023 IEEE Conference on Secure and Trustworthy Machine Learning, 2023

You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements.

[BibT_eX]

[DOI]

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

Verifiable Learning for Robust Tree Ensembles.

[BibT_eX]

[DOI]

Giulio Ermanno Pibiri

Nicola Prezza

Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023

Cryptographic Web Applications: from Security Engineering to Formal Analysis.

[BibT_eX]

[DOI]

Proceedings of the Handbook of Formal Analysis and Verification in Cryptography, 2023

2022

Beyond robustness: Resilience verification of tree-based classifiers.

[BibT_eX]

[DOI]

Comput. Secur., 2022

The Security Lottery: Measuring Client-Side Web Security Inconsistencies.

[BibT_eX]

[DOI]

Proceedings of the 31st USENIX Security Symposium, 2022

2021

Feature partitioning for robust tree ensembles and their certification in adversarial scenarios.

[BibT_eX]

[DOI]

EURASIP J. Inf. Secur., 2021

Measuring Web Session Security at Scale.

[BibT_eX]

[DOI]

Comput. Secur., 2021

Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web.

[BibT_eX]

[DOI]

Proceedings of the 30th USENIX Security Symposium, 2021

The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches.

[BibT_eX]

[DOI]

Marco Squarcina

Matteo Maffei

Proceedings of the IEEE Security and Privacy Workshops, 2021

Reining in the Web's Inconsistencies with Site Policy.

[BibT_eX]

[DOI]

Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021

AMEBA: An Adaptive Approach to the Black-Box Evasion of Machine Learning Models.

[BibT_eX]

[DOI]

Proceedings of the ASIA CCS '21: ACM Asia Conference on Computer and Communications Security, 2021

2020

Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery.

[BibT_eX]

[DOI]

IEEE Secur. Priv., 2020

Treant: training evasion-aware decision trees.

[BibT_eX]

[DOI]

Data Min. Knowl. Discov., 2020

Can I Take Your Subdomain? Exploring Related-Domain Attacks in the Modern Web.

[BibT_eX]

[DOI]

CoRR, 2020

A Tale of Two Headers: A Formal Analysis of Inconsistent Click-Jacking Protection on the Web.

[BibT_eX]

[DOI]

Proceedings of the 29th USENIX Security Symposium, 2020

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies.

[BibT_eX]

[DOI]

Proceedings of the 27th Annual Network and Distributed System Security Symposium, 2020

A Hard Lesson: Assessing the HTTPS Deployment of Italian University Websites.

[BibT_eX]

[DOI]

Proceedings of the Fourth Italian Conference on Cyber Security, 2020

On Compliance of Cookie Purposes with the Purpose Specification Principle.

[BibT_eX]

[DOI]

Proceedings of the IEEE European Symposium on Security and Privacy Workshops, 2020

SecWeb 2020 Preface.

[BibT_eX]

[DOI]

Ben Stock

Proceedings of the IEEE European Symposium on Security and Privacy Workshops, 2020

Bulwark: Holistic and Verified Security Monitoring of Web Protocols.

[BibT_eX]

[DOI]

Lorenzo Veronese

Luca Compagna

Proceedings of the Computer Security - ESORICS 2020, 2020

Certifying Decision Trees Against Evasion Attacks by Program Analysis.

[BibT_eX]

[DOI]

Pietro Ferrara

Proceedings of the Computer Security - ESORICS 2020, 2020

Language-Based Web Session Integrity.

[BibT_eX]

[DOI]

Proceedings of the 33rd IEEE Computer Security Foundations Symposium, 2020

2019

Sub-session hijacking on the web: Root causes and prevention.

[BibT_eX]

[DOI]

J. Comput. Secur., 2019

Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem.

[BibT_eX]

[DOI]

Proceedings of the 2019 IEEE Symposium on Security and Privacy, 2019

Semantically Sound Analysis of Content Security Policies.

[BibT_eX]

[DOI]

Proceedings of the Formal Techniques for Distributed Objects, Components, and Systems, 2019

Mitch: A Machine Learning Approach to the Black-Box Detection of CSRF Vulnerabilities.

[BibT_eX]

[DOI]

Proceedings of the IEEE European Symposium on Security and Privacy, 2019

Testing for Integrity Flaws in Web Sessions.

[BibT_eX]

[DOI]

Proceedings of the Computer Security - ESORICS 2019, 2019

Adversarial Training of Gradient-Boosted Decision Trees.

[BibT_eX]

[DOI]

Gabriele Tolomei

Proceedings of the 28th ACM International Conference on Information and Knowledge Management, 2019

2018

Semantics-Based Analysis of Content Security Policy Deployment.

[BibT_eX]

[DOI]

ACM Trans. Web, 2018

WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring.

[BibT_eX]

[DOI]

Proceedings of the 27th USENIX Security Symposium, 2018

Dr Cookie and Mr Token - Web Session Implementations and How to Live with Them.

[BibT_eX]

[DOI]

Proceedings of the Second Italian Conference on Cyber Security, Milan, Italy, February 6th - to, 2018

2017

Formal methods for web security.

[BibT_eX]

[DOI]

Riccardo Focardi

J. Log. Algebraic Methods Program., 2017

Surviving the Web: A Journey into Web Session Security.

[BibT_eX]

[DOI]

ACM Comput. Surv., 2017

CCSP: Controlled Relaxation of Content Security Policies by Runtime Policy Composition.

[BibT_eX]

[DOI]

Proceedings of the 26th USENIX Security Symposium, 2017

A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications.

[BibT_eX]

[DOI]

Proceedings of the 30th IEEE Computer Security Foundations Symposium, 2017

2016

Security protocol specification and verification with AnBx.

[BibT_eX]

[DOI]

J. Inf. Secur. Appl., 2016

HornDroid: Practical and Sound Static Analysis of Android Applications by SMT Solving.

[BibT_eX]

[DOI]

Ilya Grishchenko

Matteo Maffei

Proceedings of the IEEE European Symposium on Security and Privacy, 2016

Static Detection of Collusion Attacks in ARBAC-Based Workflow Systems.

[BibT_eX]

[DOI]

Proceedings of the IEEE 29th Computer Security Foundations Symposium, 2016

Micro-policies for Web Session Security.

[BibT_eX]

[DOI]

Proceedings of the IEEE 29th Computer Security Foundations Symposium, 2016

Content Security Problems?: Evaluating the Effectiveness of Content Security Policy in the Wild.

[BibT_eX]

[DOI]

Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016

2015

A Supervised Learning Approach to Protect Client Authentication on the Web.

[BibT_eX]

[DOI]

ACM Trans. Web, 2015

Affine Refinement Types for Secure Distributed Programming.

[BibT_eX]

[DOI]

ACM Trans. Program. Lang. Syst., 2015

CookiExt: Patching the browser against session hijacking attacks.

[BibT_eX]

[DOI]

J. Comput. Secur., 2015

Formal Verification of Liferay RBAC.

[BibT_eX]

[DOI]

Proceedings of the Engineering Secure Software and Systems - 7th International Symposium, 2015

Fine-Grained Detection of Privilege Escalation Attacks on Browser Extensions.

[BibT_eX]

[DOI]

Proceedings of the Programming Languages and Systems, 2015

Compositional Typed Analysis of ARBAC Policies.

[BibT_eX]

[DOI]

Proceedings of the IEEE 28th Computer Security Foundations Symposium, 2015

2014

Quite a mess in my cookie jar!: leveraging machine learning to protect web authentication.

[BibT_eX]

[DOI]

Proceedings of the 23rd International World Wide Web Conference, 2014

Client Side Web Session Integrity as a Non-interference Property.

[BibT_eX]

[DOI]

Proceedings of the Information Systems Security - 10th International Conference, 2014

Automatic and Robust Client-Side Protection for Cookie-Based Sessions.

[BibT_eX]

[DOI]

Proceedings of the Engineering Secure Software and Systems - 6th International Symposium, 2014

Provably Sound Browser-Based Enforcement of Web Session Integrity.

[BibT_eX]

[DOI]

Proceedings of the IEEE 27th Computer Security Foundations Symposium, 2014

2013

Static verification and enforcement of authorization policies.

[BibT_eX]

[DOI]

PhD thesis, 2013

Logical Foundations of Secure Resource Management in Protocol Implementations.

[BibT_eX]

[DOI]

Proceedings of the Principles of Security and Trust - Second International Conference, 2013

Lintent: Towards Security Type-Checking of Android Applications.

[BibT_eX]

[DOI]

Alvise Spanò

Proceedings of the Formal Techniques for Distributed Systems, 2013

2012

Affine Refinement Types for Authentication and Authorization.

[BibT_eX]

[DOI]

Proceedings of the Trustworthy Global Computing - 7th International Symposium, 2012

Gran: Model Checking Grsecurity RBAC Policies.

[BibT_eX]

[DOI]

Proceedings of the 25th IEEE Computer Security Foundations Symposium, 2012

2011

Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols.

[BibT_eX]

[DOI]

Proceedings of the 24th IEEE Computer Security Foundations Symposium, 2011

2010

Secrecy and Authenticity Types for Secure Distributed Messaging.

[BibT_eX]

[DOI]