Software Security

Carlotta Tagliaro, Martina Komsic, Andrea Continella, Kevin Borgolte, Martina Lindorfer

Proceedings of the 27th International Symposium on Recent Advances in Intrusion Detection (RAID), September 2024

@inproceedings{raid2024-iot-backends,
  title     = {{Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols}},
  author    = {Tagliaro, Carlotta and Komsic, Martina and Continella, Andrea and Borgolte, Kevin and Lindorfer, Martina},
  booktitle = {Proceedings of the 27th International Symposium on Recent Advances in Intrusion Detection (RAID)},
  series    = {Lecture Notes in Computer Science (LNCS)},
  date      = {2024-09},
  doi       = {https://doi.org/10.1145/3678890.3678899},
  edition   = {27},
  editor    = {Aafer, Yousra and Fratantonio, Yanick},
  isbn      = {979-8-4007-0959},
  location  = {Padua, Italy},
  publisher = {Springer International Publishing},
  url       = {https://doi.org/10.1145/3678890.3678899}
}

Ting-Han Chen, Carlotta Tagliaro, Martina Lindorfer, Kevin Borgolte, Jeroen van der Ham-de Vos

Proceedings of the 9th International Workshop on Traffic Measurements for Cybersecurity (WTMC), July 2024

@inproceedings{wtmc2024are-you-sure-you-want-to-do-cvd,
  title     = {{Are You Sure You Want To Do Coordinated Vulnerability Disclosure?}},
  author    = {Chen, Ting-Han and Tagliaro, Carlotta and Lindorfer, Martina and Borgolte, Kevin and van der Ham-de Vos, Jeroen},
  booktitle = {Proceedings of the 9th International Workshop on Traffic Measurements for Cybersecurity (WTMC)},
  date      = {2024-07-08},
  doi       = {10.1109/EuroSPW61312.2024.00039},
  edition   = {9},
  location  = {Vienna, Austria},
  publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
  url       = {https://doi.org/10.1109/EuroSPW61312.2024.00039}
}

David Schmidt, Carlotta Tagliaro, Kevin Borgolte, Martina Lindorfer

Proceedings of the 30th ACM SIGSAC Conference on Computer and Communications Security (CCS), November 2023

@inproceedings{ccs2023-iotflow,
  title     = {{IoTFlow: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis}},
  author    = {Schmidt, David and Tagliaro, Carlotta and Borgolte, Kevin and Lindorfer, Martina},
  booktitle = {Proceedings of the 30th ACM SIGSAC Conference on Computer and Communications Security (CCS)},
  date      = {2023-11},
  doi       = {10.1145/3576915.3623211},
  edition   = {30},
  editor    = {Cremers, Cas and Kirda, Engin},
  location  = {Copenhagen, Denmark},
  publisher = {Association for Computing Machinery (ACM)},
  url       = {https://doi.org/10.1145/3576915.3623211}
}

Antonio Bianchi, Kevin Borgolte, Jacopo Corbetta, Francesco Disperati, Andrew Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Nick Stephens, Giovanni Vigna, Ruoyu Wang

Phrack (Volume 15, Issue 70), October 2021

Authors listed alphabetically.

@article{phrack2021-cyber-grand-shellphish,
  title     = {{Cyber Grand Shellphish}},
  author    = {Bianchi, Antonio and Borgolte, Kevin and Corbetta, Jacopo and Disperati, Francesco and Dutcher, Andrew and Grosen, John and Grosen, Paul and Machiry, Aravind and Salls, Christopher and Shoshitaishvili, Yan and Stephens, Nick and Vigna, Giovanni and Wang, Ruoyu},
  date      = {2021-10-05},
  journal   = {Phrack},
  number    = {70},
  publisher = {The Phrack Staff},
  url       = {http://phrack.org/papers/cyber_grand_shellphish.html},
  volume    = {15}
}

Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Amat Cama, Jacopo Corbetta, Francesco Disperati, Andrew Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Christopher Salls, Nick Stephens, Ruoyu Wang, Giovanni Vigna

IEEE Security & Privacy, March 2018

@article{spm2018-mechanical-phish,
  title     = {{Mechanical Phish: Resilient Autonomous Hacking}},
  author    = {Shoshitaishvili, Yan and Bianchi, Antonio and Borgolte, Kevin and Cama, Amat and Corbetta, Jacopo and Disperati, Francesco and Dutcher, Andrew and Grosen, John and Grosen, Paul and Machiry, Aravind and Salls, Christopher and Stephens, Nick and Wang, Ruoyu and Vigna, Giovanni},
  date      = {2018-03/2018-04},
  doi       = {10.1109/MSP.2018.1870858},
  issn      = {1558-4046},
  journal   = {IEEE Security \& Privacy},
  number    = {2},
  pages     = {12--22},
  publisher = {Institute of Electrical and Electronics Engineers (IEEE)},
  url       = {https://doi.org/10.1109/MSP.2018.1870858},
  volume    = {16}
}

Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupé, Yanick Fratantonio, Luca Invernizzi, Dhilung Kirat, Yan Shoshitaishvili

Proceedings of the 1st USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE), August 2014

@inproceedings{3gse2014-10-years-of-ictf,
  title     = {{Ten Years of iCTF: The Good, The Bad, and The Ugly}},
  author    = {Vigna, Giovanni and Borgolte, Kevin and Corbetta, Jacopo and Doupé, Adam and Fratantonio, Yanick and Invernizzi, Luca and Kirat, Dhilung and Shoshitaishvili, Yan},
  booktitle = {Proceedings of the 1st USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE)},
  date      = {2014-08},
  edition   = {1},
  editor    = {Peterson, Zachary N. J.},
  location  = {San Diego, CA},
  publisher = {USENIX Association},
  url       = {https://www.usenix.org/conference/3gse14/summit-program/presentation/vigna}
}