education and working experience
- 2013 - now research consultant at Ca'Foscari working on Access Control and Web security
- 2013 bachelor degree in Computer Science under the supervision of Michele Bugliesi and Stefano Calzavara with the thesis: Towards formal verification of Liferay RBAC
- 2002 - 2018 IT professional on systems administration, web development and more (check my linkedin profile for more on this subject)
publications
- A tale of two headers: A formal analysis of inconsistent click-jacking protection on the Web with Stefano Calzavara, Sebastian Roth, Michael Backs and Ben Stock, in USENIX Security Symposium, 2020.
- A hard lesson - assessing HTTPS deployment on Italian universities websites with Stefano Calzavara, Riccardo Focardi and Lorenzo Soligo, in Italian Conference on Cybersecurity (ITASEC), 2020.
- Machine learning for web vulnerability detection: the case of cross-site request forgery with Stefano Calzavara, Mauro Conti, Riccardo Focardi and Gabriele Tolomei, in IEEE Security & Privacy Magazine, 2020.
- Testing for integrity flaws in web sessions with Stefano Calzavara, Alessio Ragazzo and Michele Bugliesi, in European Symposium On Research in Computer Security (ESORICS), 2019 - to appear.
- Semantically sound analysis of content security policies short paper with Stefano Calzavara and Michele Bugliesi, in IFIP Joint International Conference on Formal Techniques for Distributed Systems (FORTE), 2019.
- Mitch: A machine learning approach to the black-box detection of CSRF vulnerabilities with Stefano Calzavara, Mauro Conti, Riccardo Focardi, and Gabriele Tolomei, in IEEE European Symposium on Security and Privacy (EuroS&P), 2019.
- Postcards from the post-HTTP world: Amplification of HTTPS vulnerabilities in the web ecosystem with Stefano Calzavara, Riccardo Focardi, Matus Nemec and Marco Squarcina, in IEEE Symposium on Security and Privacy (S&P), 2019. (also featured on Wired)
- Sub-session hijacking on the Web: root causes and prevention with Stefano Calzavara and Michele Bugliesi, in Journal of Computer Security (JCS), 2018.
- Dr Cookie and Mr Token - Web session implementations and how to live with them with Stefano Calzavara and Michele Bugliesi, in Italian Conference on Cybersecurity (ITASEC), 2018.
- Semantics-based analysis of Content Security Policy deployment with Stefano Calzavara and Michele Bugliesi, in ACM Transactions on the Web (TWEB), 2018.
- CCSP: Controlled relaxation of content security policies by runtime policy composition with Stefano Calzavara and Michele Bugliesi, in USENIX Security Symposium, 2017.
- Content Security Problems? Evaluating the effectiveness of Content Security Policy in the wild with Stefano Calzavara and Michele Bugliesi, in ACM Conference on Computer and Communication Security (CCS), 2016.
- Static detection of collusion attacks in ARBAC-based workflow systems with Enrico Steffinlongo, Stefano Calzavara and Michele Bugliesi, in IEEE Computer Security Foundations Symposium (CSF), 2016.
- Compositional typed analysis of ARBAC policies with Stefano Calzavara and Michele Bugliesi, in IEEE Computer Security Foundations Symposium (CSF), 2015.
- Formal verification of Liferay RBAC with Stefano Calzavara and Michele Bugliesi, in International Symposium on Engineering Secure Software and Systems (ESSoS), 2015.
research interests
- web security
- privacy
- network security
- access control