Cybersecurity

Collaborazioni

• Vienna University of Technology [ENG]
• Masaryk University [ENG] (con un doppio programma di dottorato in Cybsersecurity)
• CISPA Helmholtz Center for Information Security [ENG]

---

Pubblicazioni

• Riccardo Focardi and Flaminia Luccio. A formally verified configuration for Hardware Security Modules in the cloud. [ENG] In Giovanni Vigna, Elaine Shi, Proceedings of the ACM Conference on Computer and Communications Security (ACM CCS), pp. 412-428 - 2021
• Stefano Calzavara, Riccardo Focardi, Matús Nemec, Alvise Rabitti, Marco Squarcina: Postcards from the Post- HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. [ENG] IEEE Symposium on Security and Privacy (IEEE S&P 2019), pp. 281-298 - 2019
• Claudio Bozzato, Riccardo Focardi, Francesco Palmarini. Shaping the Glitch: Optimizing Voltage Fault Injection Attacks. [ENG] In Transactions on Cryptographic Hardware and Embedded Systems (TCHES), vol. 2019, pp. 199-224 (ISSN 2569-2925) - 2019
• Riccardo Focardi, Francesco Palmarini, Marco Squarcina, Graham Steel, Mauro Tempesta: Mind Your Keys? A Security Evaluation of Java Keystores. Proceedings of the Network and Distributed System Security Symposium (NDSS 2018). - 2018
• Stefano Calzavara, Riccardo Focardi, Matteo Maffei, Clara Schneidewind, Marco Squarcina, Mauro Tempesta WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring , Proceedings of the 27th USENIX Security Symposium, pp. 1493-1510 - 2018

---

Casi di studio

• L'articolo "Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem" sull’analisi della sicurezza sul web è stato presentato al convegno IEEE S&P del 2019 e citato dalla rivista Wired:
  • Lily Hay Newman, HTTPS Isn’t Always as Secure as it Seems, 28 marzo 2019, Wired
  • Catherine Chapman , False sense of security? HTTPS is no panacea, researchers warn, 16 maggio 2019, The Daily Swig
  • Video di anteprima
• L'articolo "Mind Your Keys? A Security Evaluation of Java Keystores" ha migliorato in maniera significativa la sicurezza dei Java keystore dopo i nostri risultati. Consultare i relativi rapporti sulla vulnerabilità di Oracle:
  • CVE-2018-2794, Oracle Java, CVSS 3.0 punteggio base 7.7 (ALTO)
  • CVE-2017-10356, Oracle Java, CVSS 3.0 punteggio base 6.2 (MEDIO)
  • CVE-2017-10345, Oracle Java, CVSS 3.0 punteggio base 3.1 (BASSO)

---

Progetti di ricerca

• SOFT: Security Oriented Formal Techniques (Principal Investigator: Riccardo Focardi)
  PRIN - Research Projects of National Relevance, funded by the Italian Ministry of University and Research, durata: 09/2008 – 09/2010
• DOMHO: Secure IoT home automation system for smart buildings (Local PI: Riccardo Focardi)
  ROP ERDF: Regional Operational Programme, European Regional Development Fund, durata: 11/2017 – 10/2020
• SAFE PLACE: IoT systems for healthy and safe living environments (Local PI: Riccardo Focardi)
  ROP ERDF: Regional Operational Programme, European Regional Development Fund, durata: 01/2021 – 12/2022
• Cybersecurity in IOT Devices for smart building (Local PI: Flaminia Luccio)
  Funded by Confindustria Vento SIAV Spa, AVI/077A/19, durata: 06/2020 - 12/2021
• Securing Smartibuilding Devices (Local PI: Flaminia Luccio)
  Funded by BFT SpA, durata: 07/2020 - 12/2020
• UniKey (Local PI: Flaminia Luccio)
  Project co-funded by the SMACT competence center in collaboration with Keyline SpA, durata: 07/2020 - 12/2020
• FilieraSicura: Security of national infrastructures (Local PI: Riccardo Focardi)
  Research project funded by CISCO and Leonardo, durata: 01/2017 – 12/2019
• Security Horizons (Local PI: Riccardo Focardi)
  PRIN - Research Projects of National Relevance, funded by the Italian Ministry of University and Research, durata: 02/2013 – 02/2016
• Formal methods for security (Local PI: Riccardo Focardi)
  PRIN - Research Projects of National Relevance, funded by the Italian Ministry of University and Research, durata: 12/2001 – 12/2003
• MyThS: Models and Types for Security in Mobile Distributed Systems (Local PI: Michele Bugliesi, Key personnel: Riccardo Focardi)
  FET-Global Computing, IST-2001-32617, durata: 2002 – 2004