CALZAVARA Stefano

Qualifica
Professore Associato
Telefono
041 234 8463
E-mail
stefano.calzavara@unive.it
SSD
INFORMATICA [INF/01]
Sito web
www.unive.it/persone/stefano.calzavara (scheda personale)
Struttura
Dipartimento di Scienze Ambientali, Informatica e Statistica
Sito web struttura: https://www.unive.it/dais
Sede: Campus scientifico via Torino (edificio Alfa)
Stanza: studio Z.B13 (edificio Zeta B)
Research Institute
Research Institute for Complexity

Pubblicazioni per tipologia

Articolo su rivista
  • Calzavara S.; Conti M.; Focardi R.; Rabitti A.; Tolomei G. (2020), Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery in IEEE SECURITY & PRIVACY, vol. 18, pp. 8-16 (ISSN 1540-7993)
    Link DOI Link al documento: 10278/3729046
  • Calzavara S.; Lucchese C.; Tolomei G.; Abebe S.A.; Orlando S. (2020), Treant: training evasion-aware decision trees in DATA MINING AND KNOWLEDGE DISCOVERY, vol. N/A (ISSN 1384-5810)
    Link DOI Link al documento: 10278/3728013
  • Calzavara, Stefano*; Rabitti, Alvise; Bugliesi, Michele (2019), Sub-session hijacking on the web: Root causes and prevention in JOURNAL OF COMPUTER SECURITY, vol. 27, pp. 233-257 (ISSN 0926-227X)
    Link DOIURL correlato Link al documento: 10278/3713216
  • Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele (2018), Semantics-based analysis of content security policy deployment in ACM TRANSACTIONS ON THE WEB, vol. 12, pp. 1-36 (ISSN 1559-1131)
    Link DOIURL correlato Link al documento: 10278/3698102
  • Bugliesi, Michele; Calzavara, Stefano; Focardi, Riccardo (2017), Formal methods for web security in THE JOURNAL OF LOGICAL AND ALGEBRAIC METHODS IN PROGRAMMING, vol. 87, pp. 110-126 (ISSN 2352-2216)
    Link DOIURL correlato Link al documento: 10278/3685125
  • Calzavara, Stefano; Focardi, Riccardo; Squarcina, Marco; Tempesta, Mauro (2017), Surviving the Web: A Journey into Web Session Security in ACM COMPUTING SURVEYS, vol. 50 (ISSN 0360-0300)
    Link DOI Link al documento: 10278/3685081
  • Bugliesi, Michele; Calzavara, Stefano; Mödersheim, Sebastian; Modesti, Paolo (2016), Security protocol specification and verification with AnBx in JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, vol. 30, pp. 46-63 (ISSN 2214-2126)
    Link DOIURL correlato Link al documento: 10278/3685123
  • Calzavara, S.; Tolomei, G.; Casini, A.; Bugliesi, M.; Orlando, S. (2015), A Supervised Learning Approach to Protect Client Authentication on the Web in ACM TRANSACTIONS ON THE WEB, Association for Computing Machinery, vol. 9, pp. 1-30 (ISSN 1559-1131)
    Link DOIURL correlato Link al documento: 10278/3661257
  • Bugliesi, Michele; Calzavara, Stefano; Eigner, Fabienne; Maffei, Matteo (2015), Affine Refinement Types for Secure Distributed Programming in ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS, Association for Computing Machinery, vol. 37, pp. 1-66 (ISSN 0164-0925)
    Link DOIURL correlato Link al documento: 10278/3661939
  • Bugliesi, Michele; Calzavara, Stefano; Focardi, Riccardo; Khan, Wilayat (2015), CookiExt: Patching the browser against session hijacking attacks in JOURNAL OF COMPUTER SECURITY, vol. 23, pp. 509-537 (ISSN 0926-227X)
    Link DOIURL correlato Link al documento: 10278/3663357
Articolo in Atti di convegno
  • Calzavara S.; Cazzaro L.; Lucchese C. (2021), AMEBA: An Adaptive Approach to the Black-Box Evasion of Machine Learning Models , ASIA CCS 2021 - Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 292-306, Convegno: 16th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2021, 2021 (ISBN 9781450382878)
    Link DOI Link al documento: 10278/3742611
  • Calzavara, S; Urban, T; Tatang, D; Steffens, M; Stock, B (2021), Reining in the Web's Inconsistencies with Site Policy , Proceedings of the Network and Distributed System Security Symposium 2021, 1775 WIEHLE AVE, STE 201, RESTON, VA, UNITED STATES, INTERNET SOC, Convegno: 28TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2021) (ISBN 1-891562-66-5)
    Link DOI Link al documento: 10278/3742612
  • Squarcina M.; Calzavara S.; Maffei M. (2021), The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches , Proceedings - 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021, Institute of Electrical and Electronics Engineers Inc., pp. 432-443, Convegno: 2021 IEEE Symposium on Security and Privacy Workshops, SPW 2021, 2021 (ISBN 978-1-6654-3732-5)
    Link DOI Link al documento: 10278/3742610
  • Calzavara S.; Focardi R.; Rabitti A.; Soligo L. (2020), A hard lesson: Assessing the HTTPS deployment of Italian university websites , CEUR Workshop Proceedings, CEUR-WS, vol. 2597, pp. 93-104, Convegno: 4th Italian Conference on Cyber Security, ITASEC 2020, 2020 (ISSN 1613-0073)
    URL correlato Link al documento: 10278/3729045
  • Calzavara S.; Roth S.; Rabitti A.; Backes M.; Stock B. (2020), A tale of two headers: A formal analysis of inconsistent click-jacking protection on the web , Proceedings of the 29th USENIX Security Symposium, USENIX Association, pp. 683-697, Convegno: 29th USENIX Security Symposium, 2020
    Link al documento: 10278/3731395
  • Veronese L.; Calzavara S.; Compagna L. (2020), Bulwark: Holistic and verified security monitoring of web protocols , Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Science and Business Media Deutschland GmbH, vol. 12308, pp. 23-41, Convegno: 25th European Symposium on Research in Computer Security, ESORICS 2020, 2020 (ISBN 978-3-030-58950-9; 978-3-030-58951-6) (ISSN 0302-9743)
    Link DOI Link al documento: 10278/3731398
  • Calzavara S.; Ferrara P.; Lucchese C. (2020), Certifying decision trees against evasion attacks by program analysis , Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Science and Business Media Deutschland GmbH, vol. 12309, pp. 421-438, Convegno: 25th European Symposium on Research in Computer Security, ESORICS 2020, 2020 (ISBN 978-3-030-59012-3; 978-3-030-59013-0) (ISSN 0302-9743)
    Link DOI Link al documento: 10278/3731397
  • Roth, S; Barron, T; Calzavara, S; Nikiforakis, N; Stock, B (2020), Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies , Proceedings of the Network and Distributed System Security Symposium 2020, 1775 WIEHLE AVE, STE 201, RESTON, VA, UNITED STATES, INTERNET SOC, Convegno: 27TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2020) (ISBN 1-891562-61-4)
    Link DOI Link al documento: 10278/3742613
  • Calzavara S.; Focardi R.; Grimm N.; Maffei M.; Tempesta M. (2020), Language-Based Web Session Integrity , Proceedings - IEEE Computer Security Foundations Symposium, IEEE Computer Society, vol. 2020-, pp. 107-122, Convegno: 33rd IEEE Computer Security Foundations Symposium, CSF 2020, 2020 (ISBN 978-1-7281-6572-1) (ISSN 1940-1434)
    Link DOI Link al documento: 10278/3731394
  • Fouad I.; Santos C.; Al Kassar F.; Bielova N.; Calzavara S. (2020), On Compliance of Cookie Purposes with the Purpose Specification Principle , Proceedings - 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020, Institute of Electrical and Electronics Engineers Inc., pp. 326-333, Convegno: 5th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2020, 2020 (ISBN 978-1-7281-8597-2)
    Link DOI Link al documento: 10278/3734042
  • Calzavara S.; Lucchese C.; Tolomei G. (2019), Adversarial training of gradient-boosted decision trees , International Conference on Information and Knowledge Management, Proceedings, Association for Computing Machinery, pp. 2429-2432, Convegno: 28th ACM International Conference on Information and Knowledge Management, CIKM 2019, 2019 (ISBN 9781450369763)
    Link DOI Link al documento: 10278/3722896
  • Stefano Calzavara; Mauro Conti; Riccardo Focardi; Alvise Rabitti; Gabriele Tolomei (2019), Mitch: A machine learning approach to the black-box detection of CSRF vulnerabilities , Proceedings - 2019 IEEE European Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers Inc., pp. 528-543, Convegno: 4th IEEE European Symposium on Security and Privacy
    Link DOI Link al documento: 10278/3713410
  • Stefano Calzavara; Riccardo Focardi; Matus Nemec; Alvise Rabitti; Marco Squarcina (2019), Postcards from the post-HTTP world: Amplification of HTTPS vulnerabilities in the web ecosystem , Proceedings - 2019 IEEE Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers Inc., vol. 1, pp. 948-965, Convegno: 40th IEEE Symposium on Security and Privacy
    Link DOI Link al documento: 10278/3713409
  • Calzavara S.; Rabitti A.; Bugliesi M. (2019), Semantically Sound Analysis of Content Security Policies , Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, vol. 11535, pp. 293-297, Convegno: 39th IFIP WG 6.1 International Conference on Formal Techniques for Distributed Objects, Components, and Systems, FORTE 2019 held as part of the 14th International Federated Conference on Distributed Computing Techniques, DisCoTec 2019, 2019 (ISBN 978-3-030-21758-7; 978-3-030-21759-4) (ISSN 0302-9743)
    Link DOIURL correlato Link al documento: 10278/3716810
  • Calzavara S.; Rabitti A.; Ragazzo A.; Bugliesi M. (2019), Testing for Integrity Flaws in Web Sessions , Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer, vol. 11736, pp. 606-624, Convegno: 24th European Symposium on Research in Computer Security, ESORICS 2019, 2019 (ISBN 978-3-030-29961-3; 978-3-030-29962-0) (ISSN 0302-9743)
    Link DOIURL correlato Link al documento: 10278/3722895
  • Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele (2018), Dr Cookie and Mr Token - Web session implementations and how to live with them in Calzavara, Stefano, CEUR Workshop Proceedings in CEUR WORKSHOP PROCEEDINGS, CEUR-WS, vol. 2058, Convegno: 2nd Italian Conference on Cyber Security, ITASEC 2018, 2018 (ISSN 1613-0073)
    URL correlato Link al documento: 10278/3698101
  • Stefano Calzavara, Riccardo Focardi, Matteo Maffei, Clara Schneidewind, Marco Squarcina, Mauro Tempesta (2018), WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring , Proceedings of the 27th USENIX Security Symposium, USENIX Association, pp. 1493-1510, Convegno: USENIX Security (ISBN 978-1-931971-46-1)
    Link al documento: 10278/3704779
  • Calzavara, Stefano; Grishchenko, Ilya; Koutsos, Adrien; Maffei, Matteo (2017), A Sound Flow-Sensitive Heap Abstraction for the Static Analysis of Android Applications , Proceedings - IEEE Computer Security Foundations Symposium in PROCEEDINGS IEEE COMPUTER SECURITY FOUNDATIONS SYMPOSIUM, 345 E 47TH ST, NEW YORK, NY 10017 USA, IEEE, pp. 22-36, Convegno: 30th IEEE Computer Security Foundations Symposium, CSF 2017, 2017 (ISBN 9781538632161) (ISSN 1940-1434)
    Link DOI Link al documento: 10278/3697728
  • Stefano Calzavara, Alvise Rabitti, Michele Bugliesi (2017), CCSP: Controlled relaxation of content security policies by runtime policy composition , Proceedings of the 26th USENIX Security Symposium, USENIX Association, pp. 695-712, Convegno: USENIX Security Symposium
    Link al documento: 10278/3698103
  • Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele (2016), Content Security Problems? Evaluating the Effectiveness of Content Security Policy in the Wild , Proceedings of the ACM Conference on Computer and Communications Security, NEW YORK, ASSOC COMPUTING MACHINERY, vol. 24-28-, pp. 1365-1375, Convegno: 23rd ACM Conference on Computer and Communications Security, CCS 2016, 2016 (ISBN 9781450341394; 9781450341394)
    Link DOI Link al documento: 10278/3685122
  • Calzavara, Stefano; Grishchenko, Ilya; Maffei, Matteo (2016), HornDroid: Practical and Sound Static Analysis of Android Applications by SMT Solving , Proceedings - 2016 IEEE European Symposium on Security and Privacy, EURO S and P 2016, 345 E 47TH ST, NEW YORK, NY 10017 USA, IEEE, pp. 47-62, Convegno: 1st IEEE European Symposium on Security and Privacy, EURO S and P 2016, 2016 (ISBN 9781509017515; 9781509017515)
    Link DOI Link al documento: 10278/3685117
  • Calzavara, Stefano; Focardi, Riccardo; Grimm, Niklas; Maffei, Matteo (2016), Micro-Policies for Web Session Security , IEEE 29th Computer Security Foundations Symposium, CSF 2016, 345 E 47TH ST, NEW YORK, NY 10017 USA, IEEE, pp. 179-193, Convegno: IEEE 29th Computer Security Foundations Symposium (ISBN 978-1-5090-2607-4)
    Link DOIURL correlato Link al documento: 10278/3684380
  • Calzavara, Stefano; Rabitti, Alvise; Steffinlongo, Enrico; Bugliesi, Michele (2016), Static Detection of Collusion Attacks in ARBAC-based Workflow Systems , Proceedings - IEEE Computer Security Foundations Symposium, 345 E 47TH ST, NEW YORK, NY 10017 USA, IEEE, vol. 2016-, pp. 458-470, Convegno: 29th IEEE Computer Security Foundations Symposium, CSF 2016, 2016 (ISBN 9781509026074; 9781509026074)
    Link DOI Link al documento: 10278/3685120
  • Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele (2015), Compositional Typed Analysis of ARBAC Policies , Proceedings of the Computer Security Foundations Workshop, 345 E 47TH ST, NEW YORK, NY 10017 USA, IEEE, vol. 2015-, pp. 33-45, Convegno: 28th IEEE Computer Security Foundations Symposium, CSF 2015, 2015 (ISBN 9781467375382; 9781467375382)
    Link DOI Link al documento: 10278/3679811
  • Calzavara, Stefano; Bugliesi, Michele; Crafa, S.; Steffinlongo, Enrico (2015), Fine-grained Detection of Privilege Escalation Attacks on Browser Extensions in Stefano Calzavara, Michele Bugliesi, Silvia Crafa, Enrico Steffinlongo, ESOP 2015, Springer Verlag, vol. 9032, pp. 510-534, Convegno: 24th European Symposium on Programming, ESOP 2015 held as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, 2015 (ISBN 9783662466681) (ISSN 0302-9743)
    Link DOI Link al documento: 10278/3655341
  • Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele (2015), Formal verification of Liferay RBAC , Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, vol. 8978, pp. 1-16, Convegno: 7th International Symposium on Engineering Secure Software and Systems, ESSoS 2015, 2015 (ISBN 9783319156170) (ISSN 0302-9743)
    Link DOIURL correlato Link al documento: 10278/3679815
  • M. Bugliesi; S. Calzavara; R. Focardi; W. Khan (2014), Automatic and robust client-side protection for cookie-based sessions , Engineering Secure Software and Systems, Springer, Convegno: 6th International Symposium, ESSoS 2014 (ISBN 9783319048963) (ISSN 0302-9743)
    Link DOI Link al documento: 10278/42442
  • Khan, Wilayat; Calzavara, Stefano; Bugliesi, Michele; DE GROEF, W.; Piessens, F. (2014), Client Side Web Session Integrity as a Non-Interference Property in KHAN W., CALZAVARA S., BUGLIESI M., DE GROEF W.,PIESSENS F., Information Systems Security - 10th International Conference, ICISS 2014,, Springer Verlag, vol. 8880, pp. 89-108, Convegno: Information Systems Security - 10th International Conference, ICISS 2014,, 2014 (ISBN 9783319138404; 9783319138411) (ISSN 1611-3349)
    Link DOIURL correlato Link al documento: 10278/44059
  • Michele Bugliesi; Stefano Calzavara; Riccardo Focardi; Wilayat Khan; Mauro Tempesta (2014), Provably Sound Browser-Based Enforcement of Web Session Integrity , Proceedings of the 27th Computer Security Foundations Symposium, IEEE, Convegno: Computer Security Foundations Symposium, 19-22 July 2014 (ISBN 9781479942909)
    Link DOI Link al documento: 10278/42652
  • Stefano Calzavara;Gabriele Tolomei;Michele Bugliesi;Salvatore Orlando (2014), Quite a mess in my cookie jar! Leveraging machine learning to protect web authentication , Proceedings of the 23rd international conference on World wide web - WWW '14, ACM Press, pp. 189-200, Convegno: International Conference on World Wide Web (ISBN 9781450327442)
    Link DOI Link al documento: 10278/42600
  • Michele Bugliesi; Stefano Calzavara; Fabienne Eigner; Matteo Maffei (2013), Affine Refinement Types for Authentication and Authorization , 7th International Symposium on Trustworthy Global Computing, Berlin Heidelberg, Springer- Verlag, vol. 8191, pp. 19-33, Convegno: TGC 2012 (ISBN 9783642411564) (ISSN 0302-9743)
    Link DOI Link al documento: 10278/37560
  • Michele Bugliesi; Stefano Calzavara; Alvise Spano (2013), Lintent: Towards Security Type-Checking of Android Applications , FMOODS/FORTE, Berlin Hidelberg, SPRINGER-VERLAG, vol. 7892, pp. 289-304, Convegno: Formal Techniques for Distributed Systems - Joint IFIP WG 6.1 International Conference, FMOODS/FORTE 2013, Held as Part of the 8th International Federated Conference on Distributed Computing Techniques, DisCoTec, June 3-5, 2013 (ISBN 9783642385919) (ISSN 0302-9743)
    Link DOI Link al documento: 10278/39004
  • Michele Bugliesi; Stefano Calzavara; Fabienne Eigner; Matteo Maffei (2013), Logical Foundations of Secure Resource Management in Protocol Implementations , 2nd Conference on Principles of Security and Trust, SPRINGER-VERLAG, vol. 7796, pp. 105-125, Convegno: POST 2013 (ISBN 9783642368295) (ISSN 0302-9743)
    Link DOI Link al documento: 10278/37534
  • BUGLIESI M.; CALZAVARA S.; FOCARDI R.; SQUARCINA M; (2012), Gran: model checking grsecurity RBAC policies , Proceedings 2012 IEEE 25th Computer Security Foundations Symposium CSF 2012, IEEE Computer Society, pp. 126-138, Convegno: CSF 2012, 25-27 June 2012 (ISBN 9780769547183)
    Link DOI Link al documento: 10278/39019
  • BUGLIESI M.; CALZAVARA S.; MAFFEI M.; EIGNER F. (2011), Resource-Aware Authorization Policies for Statically Typed Cryptographic Protocols , Proceedings of the 24th IEEE Computer Security Foundations Symposium, CSF 2011, IEEE Computer Society, pp. 83-98, Convegno: CSF 2011, 26-29 June 2011 (ISBN 9781612846446)
    Link DOI Link al documento: 10278/28120
  • Bugliesi M.; Calzavara S.; Macedonio D. (2010), Secrecy and Authenticity Types for Secure Distributed Messaging , Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security - Joint Workshop, ARSPA-WITS 2010, Paphos, Cyprus, March 27-28, 2010. Revised Selected Papers, SPRINGER-VERLAG, vol. 6186, pp. 23-40, Convegno: ARSPA-WITS 2010 (ISBN 9783642160738) (ISSN 0302-9743)
    Link DOI Link al documento: 10278/24296
Abstract in Atti di convegno
  • Calzavara S.; Focardi R.; Squarcina M.; Tempesta M. (2018), Surviving the Web: A Journey into Web Session Security , The Web Conference 2018 - Companion of the World Wide Web Conference, WWW 2018, Association for Computing Machinery, Inc, pp. 451-455, Convegno: 27th International World Wide Web, WWW 2018, 2018 (ISBN 9781450356404)
    Link DOI Link al documento: 10278/3729048