Publications

2025

A Study on the Evolution of Kernel Data Types Used in Memory Forensics and Their Dependency on Compilation Options
Andrea Oliveri, Nikola Nemes, Branislav Andjelic, Davide Balzarotti
Forensic Science International: Digital Investigation
PDF Bibtex
PhaseSCA: Exploiting Phase-Modulated Emanations in Side Channels
Pierre Ayoub, Aurélien Hernandez, Romain Cayre, Aurélien Francillon, Clémentine Maurice
IACR Transactions on Cryptographic Hardware and Embedded Systems
PDF Bibtex

2024

BlueScream: Screaming Channels on Bluetooth Low Energy
Pierre Ayoub, Romain Cayre, Aurélien Francillon, Clémentine Maurice
40th Annual Computer Security Applications Conference (ACSAC '24) , Waikiki, Honolulu, Hawaii, United States
PDF Bibtex
On Understanding and Forecasting Fuzzers Performance with Static Analysis
Dongjia Zhang, Andrea Fioraldi, Davide Balzarotti
Proceedings of the 31th ACM conference on Computer and communications security (CCS) , Salt Lake City, UT, USA
PDF Bibtex
LibAFL QEMU: A Library for Fuzzing-oriented Emulation
Romain Malmain, Andrea Fioraldi, Aurélien Francillon
Workshop on Binary Analysis Research (colocated with NDSS Symposium) , San Diego (USA)
PDF Bibtex Crate
Predictive context-sensitive fuzzing
Borrello, Pietro, Fioraldi, Andrea, Cono D'Elia, Daniele, Balzarotti, Davide, Querzoni, Leonardo, Giuffrida, Cristiano
NDSS 2024, Network and Distributed System Security (NDSS) Symposium, 26 February-1 March 2024, San Diego, CA, USA , San Diego
PDF Bibtex
X-Ray-TLS: Transparent Decryption of TLS Sessions by Extracting Session Keys from Memory
Moriconi, Florent, Levillain, Olivier, Francillon, Aurélien, Troncy, Raphael
Proceedings of the 2024 ACM Asia conference on Computer and Communications Security (ASIACCS)
PDF Bibtex Code
Unmasking the Veiled: A Comprehensive Analysis of Android Evasive Malware
Ruggia, Antonio, Nisi, Dario, Dambra, Savino, Merlo, Alessio, Balzarotti, Davide, Aonzo, Simone
Proceedings of the 2024 ACM Asia conference on Computer and Communications Security (ASIACCS)
PDF Bibtex
OASIS: An Intrusion Detection System Embedded in Bluetooth Low Energy Controllers
Cayre, Romain, Nicomette, Vincent, Auriol, Guillaume, Kaâniche, Mohamed, Francillon, Aurélien
Proceedings of the 2024 ACM Asia conference on Computer and Communications Security (ASIACCS)
PDF Bibtex

2023

Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance
Savino Dambra, Yufei Han, Simone Aonzo, Platon Kotzias, Antonino Vitale, Juan Caballero, Davide Balzarotti, Leyla Bilge
Proceedings of the 30th ACM conference on Computer and communications security (CCS) , Copenaghen
Bibtex
Android, Notify Me When It Is Time To Go Phishing
Antonio Ruggia, Andrea Possemato, Alessio Merlo, Dario Nisi, Simone Aonzo
Proceedings of the 8th IEEE European Symposium on Security and Privacy (EuroS\&P'23) , Delft, Netherlands
PDF Bibtex
An OS-agnostic Approach to Memory Forensics
Andrea Oliveri, Matteo Dell'Amico, Davide Balzarotti
Network and Distributed System Security (NDSS) Symposium , San Diego (USA)
PDF Bibtex
WHIP: Improving Static Vulnerability Detection in Web Application by Forcing tools to Collaborate
Feras Al-Kassar, Luca Compagna, Davide Balzarotti
32nd USENIX Security Symposium (USENIX Security 23) , Anaheim, CA
Bibtex
CrabSandwich: Fuzzing Rust with Rust (Registered Report)
Crump, Addison, Zhang, Dongjia, Asif, Syeda Mahnur, Maier, Dominik, Fioraldi, Andrea, Holz, Thorsten, Balzarotti, Davide
Proceedings of the 2nd International Fuzzing Workshop (FUZZING) 2023 , Seattle, WA, USA
PDF Bibtex
ESPwn32: hacking with ESP32 system-on-chips
Cayre, Romain, Cauquil, Damien, Francillon, Aurelien
WOOT 2023, 17th IEEE Workshop on Offensive Technologies, co-located with IEEE S\&P 2023, 25 May 2023, San Francisco, United States , San Francisco
PDF Bibtex
Reflections on Trusting Docker: Invisible Malware in Continuous Integration Systems
Moriconi, Florent, Neergaard, Axel Ilmari, Georget, Lucas, Aubertin, Samuel, Francillon, Aurelien
WOOT 2023, 17th IEEE Workshop on Offensive Technologies, co-located with IEEE S\&P 2023, 25 May 2023, San Francisco, United States , San Francisco
PDF Bibtex Code

2022

LibAFL: A Framework to Build Modular and Reusable Fuzzers
Andrea Fioraldi, Dominik Maier, Dongjia Zhang, Davide Balzarotti
Proceedings of the 29th ACM conference on Computer and communications security (CCS) , Los Angeles, U.S.A.
PDF Bibtex
BreakMi: Reversing, Exploiting and Fixing Xiaomi Fitness Tracking Ecosystem
Casagrande, Marco, Losiouk, Eleonora, Conti, Mauro, Payer, Mathias, Antonioli, Daniele
IACR Transactions on Cryptographic Hardware and Embedded Systems
PDF Bibtex
RE-Mind: a First Look Inside the Mind of a Reverse Engineer
Alessandro Mantovani, Simone Aonzo, Yanick Fratantonio, Davide Balzarotti
31st USENIX Security Symposium (USENIX Security 2022)
PDF Bibtex
How Machine Learning Is Solving the Binary Function Similarity Problem
Andrea Marcelli, Mariano Graziano, Xabier Ugarte-Pedrero, Yanick Fratantonio, Mohamad Mansouri, Davide Balzarotti
31st USENIX Security Symposium (USENIX Security 2022)
PDF Bibtex
Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs
Jayakrishna Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupéand Tiffany Bao, Ruoyu Wang, Christophe Hauser, Yan Shoshitaishvili
31st USENIX Security Symposium (USENIX Security 2022)
PDF Bibtex
When Sally Met Trackers: Web Tracking From the Users' Perspective
Savino Dambra, Iskander Sanchez-Rola, Leyla Bilge, Davide Balzarotti
31st USENIX Security Symposium (USENIX Security 2022)
PDF Bibtex
The Convergence of Source Code and Binary Vulnerability Discovery -- A Case Study
Alessandro Mantovani, Luca Compagna, Yan Shoshitaishvili, Davide Balzarotti
Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS22)
PDF Bibtex
Fuzzing with Data Dependency Information
Alessandro Mantovani, Andrea Fioraldi, Davide Balzarotti
Proceedings of the 7th IEEE European Symposium on Security and Privacy (EuroS\&P'22) , Genoa, Italy
PDF Bibtex
BEERR: Bench of Embedded system Experiments for Reproducible Research
Paul Olivier, Xuan-Huy Ngo, Aurélien Francillon
Workshop on on the Security of Software / Hardware Interfaces (co-located with EuroS\&P'22) , Genoa (Italy)
PDF Bibtex
On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats
Antonioli, Daniele, Payer, Mathias
Proceedings of Workshop on offensive security (WOOT)
PDF Bibtex
BLURtooth: Exploiting Cross-Transport Key Derivation in Bluetooth Classic and Bluetooth Low Energy
Antonioli, Daniele, Tippenhauer, Nils Ole, Rasmussen, Kasper, Payer, Mathias
Proceedings of the Asia conference on computer and communications security (ASIACCS)
PDF Bibtex
Registered Report: Dissecting American Fuzzy Lop - A FuzzBench Evaluation
Andrea Fioraldi, Alessandro Mantovani, Dominik Maier, Davide Balzarotti
Proceedings of the 1st International Fuzzing Workshop (FUZZING) 2022 , San Diego, California
PDF Bibtex
Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications
Feras Al Kassar, Giulia Clerici, Luca Compagna, Fabian Yamaguchi, Davide Balzarotti
Network and Distributed System Security (NDSS) Symposium , San Diego (USA)
PDF Bibtex
In the Land of MMUs: Multiarchitecture OS-Agnostic Virtual Memory Forensics
Andrea Oliveri, Davide Balzarotti
ACM Trans. Priv. Secur. , New York, NY, USA
PDF Bibtex
AutoProfile: Towards Automated Profile Generation for Memory Analysis
Fabio Pagani, Davide Balzarotti
ACM Transactions on Privacy and Security (TOPS)
PDF Bibtex
Dissecting American Fuzzy Lop -- A FuzzBench Evaluation
Fioraldi, Andrea, Mantovani, Alessandro, Maier, Dominik C., Balzarotti, Davide
ACM Trans. Softw. Eng. Methodol.
PDF Bibtex
Noise-SDR: Arbitrary modulation of electromagnetic noise from unprivileged software and its impact on emission security
Giovanni Camurati, Aurélien Francillon
IEEE Symposium on Security and Privacy , San Francisco, CA
PDF Bibtex Details
A Comparison of Systemic and Systematic Risks of Malware Encounters in Consumer and Enterprise Environments
Savino Dambra, Leyla Bilge, Davide Balzarotti
ACM Transactions on Privacy and Security (TOPS)
PDF Bibtex
Automated identification of flaky builds using knowledge graphs
Moriconi, Florent, Troncy, Raphael, Francillon, Aurelien, Zouaoui, Jihane
Bibtex

2021

Tarnhelm: Isolated, Transparent & Confidential Execution of Arbitrary Code in ARM's TrustZone
Davide Quarta, Michele Ianni, Aravind Machiry, Yanick Fratantonio, Eric Gustafson, Davide Balzarotti, Martina Lindorfer, Giovanni Vigna, Christopher Kruegel
CheckMATE Workshop, co-located with ACM CCS
PDF Bibtex
Lost in the Loader: The Many Faces of the Windows PE File Format
Dario Nisi, Mariano Graziano, Yanick Fratantonio, Davide Balzarotti
Symposium on Research in Attacks, Intrusion, and Defenses (RAID) , San Sebastian
Bibtex
When Malware Changed Its Mind: Characterizing the Variability of Malicious and Unwanted Program Behaviors at Scale
Erin Avllazagaj, Ziyun Zhu, Leyla Bilge, Davide Balzarotti, Tudor Dumitras
29th USENIX Security Symposium (USENIX Security 21) , Boston, MA
Winner of the Best Paper Award for 2021 -- CSAW
Bibtex
SoK: Enabling Security Analyses of Embedded Systems via Rehosting
Andrew Fasano, Tiemoko Ballo, Marius Muench, Tim Leek, Alexander Olienik, Brendan Dolan Gavitt, Manuel Egele, Aurélien Francillon, Long Lu, Nick Gregory, Davide Balzarotti, William Robertson
Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) , Hong Kong, China (acceptance rate: 19.3%)
PDF Bibtex
Trust, But Verify: A Longitudinal Analysis Of Android OEM Compliance and Customization
Possemato Andrea, Aonzo Simone, Balzarotti Davide, Fratantonio Yanick
IEEE Symposium on Security & Privacy , San Francisco, CA
PDF Bibtex
Journey to the Center of the Cookie Ecosystem: Unraveling Actors' Roles and Relationships
Iskander Sanchez-Rola, Matteo dell'Amico, Davide Balzarotti, Pierre-Antoine Vervier, Leyla Bilge
IEEE Symposium on Security & Privacy , San Francisco, CA
PDF Bibtex
Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes
Alexander Kuechler, Alessandro Mantovani, Yufei Han, Leyla Bilge, Davide Balzarotti
Network and Distributed System Security (NDSS) Symposium , San Diego (USA)
PDF Bibtex
Preventing and Detecting State Inference Attacks on Android
Possemato Andrea, Nisi Dario, Fratantonio Yanick
Network and Distributed System Security Symposium
PDF Bibtex
On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices
Zeyu Lei, Yuhong Nan, Yanick Fratantonio, Antonio Bianchi
Network and Distributed System Security Symposium
PDF Bibtex
SymQEMU: Compilation-based symbolic execution for binaries
Poeplau, Sebastian, Francillon, Aurélien
Network and Distributed System Security Symposium
PDF Slides Bibtex Details
Pre-processing Memory Dumps to Improve Similarity Score of Windows Modules
Miguel Martin-Pereand, Ricardo J. Rodriguez, Davide Balzarotti
Computers \& Security
PDF Bibtex
Understanding and detecting international revenue share fraud
Merve Sahin, Aurélien Francillon
Network and Distributed System Security (NDSS) Symposium , San Diego (USA)
PDF Bibtex
The evidence beyond the wall: Memory forensics in SGX environments
Flavio Toffalini, Andrea Oliveri, Mariano Graziano, Jianying Zhou, Davide Balzarotti
Forensic Science International: Digital Investigation
PDF Bibtex
The Use of Likely Invariants as Feedback for Fuzzers
Andrea Fioraldi, Daniele Cono D'Elia, Davide Balzarotti
30th USENIX Security Symposium (USENIX Security 21)
PDF Bibtex
LIGHTBLUE: Automatic Profile-Aware Debloating of Bluetooth Stacks
Wu, Jianliang, Wu, Ruoyu, Antonioli, Daniele, Payer, Mathias, Tippenhauer, Nils Ole, Xu, Dongyan, Tian, Dave Jing, Bianchi, Antonio
Proceedings of the USENIX Security Symposium (USENIX Security)
PDF Bibtex

2020

Towards HTTPS Everywhere on Android: We Are Not There Yet
Andrea Possemato, Yanick Fratantonio
29th USENIX Security Symposium (USENIX Security 20) (acceptance rate: 16.1%)
PDF Bibtex Details
Symbolic execution with SymCC: Don't interpret, compile!
Sebastian Poeplau, Aurélien Francillon
29th USENIX Security Symposium (USENIX Security 20) , Boston, MA (acceptance rate: 16.1%)
Distinguished Paper Award Winner
PDF Bibtex Details
Understanding Screaming Channels: From a Detailed Analysis to Improved Attacks
Giovanni Camurati, Aurélien Francillon, François-Xavier Standaert
IACR Transactions on Cryptographic Hardware and Embedded Systems (CHES 2020)
Google Bughunter Hall of Fame Honorable Mention
PDF Bibtex Instructions/Code/Data
HardSnap: Leveraging hardware snapshotting for embedded systems security testing
Nassim Corteggiani, Aur\'elien Francillon
50th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2020) , Valencia, SPAIN (acceptance rate: 16.5%)
PDF Bibtex
SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap
Savino Dambra, Leyla Bilge, Davide Balzarotti
IEEE Symposium on Security & Privacy , San Francisco, CA (acceptance rate: 12.4%)
PDF Bibtex
Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem
Alessandro Mantovani, Simone Aonzo, Xabier-Ugarte Pedrero, Alessio Merlo, Davide Balzarotti
Network and Distributed System Security (NDSS) Symposium , San Diego (USA)
PDF Slides Bibtex
When Malware is Packin' Heat; Limits of Machine Learning Classifiers Based on Static Analysis Features
Hojjat Aghakhani, Fabio Gritti, Francesco Mecca, Martina Lindorfer, Stefano Ortolani, Davide Balzarotti, Giovanni Vigna, Christopher Kruegel
Network and Distributed System Security (NDSS) Symposium , San Diego (USA)
PDF Bibtex
The Tangled Genealogy of IoT Malware
Emanuele Cozzi, Pierre-Antoine Vervier, Matteo Dell'Amico, Yun Shen, Leyla Bilge, Davide Balzarotti
Annual Computer Security Applications Conference (ACSAC) (acceptance rate: 23.2%)
PDF Bibtex
SoC Security Evaluation: Reflections on Methodology and Tooling
Nassim Corteggiani, Giovanni Camurati, Marius Muench, Sebastian Poeplau, Aurelien Francillon
IEEE Design and Test
Bibtex
Dirty Clicks: A Study of the Usability and Security Implications of Click-related Behaviors on the Web
Iskander Sanchez-Rola, Davide Balzarotti, Christopher Kruegel, Giovanni Vigna, Igor Santos
Proceedings of The Web Conference 2020 (acceptance rate: 19.2%)
PDF Bibtex
Cookies from the Past: Timing Server-Side Request Processing Code for History Sniffing
Iskander Sanchez-Rola, Davide Balzarotti, Igor Santos
ACM Dgital Threats: Research and Practice Journal (DTRAP) , New York, NY, USA
PDF Bibtex

2019

Systematic Comparison of Symbolic Execution Systems: Intermediate Representation and its Generation
Sebastian Poeplau, Aurélien Francillon
Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC) 2019 , San Juan, Puerto Rico (acceptance rate: 22.6%)
PDF Bibtex Details
Toward the Analysis of Embedded Firmware through Automated Re-hosting
Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Yanick Fratantonio, Davide Balzarotti, Aurelien Francillon, Yung Ryn Choe, Christopher Kruegel, Giovanni Vigna
Symposium on Research in Attacks, Intrusion, and Defenses (RAID) , Beijing (acceptance rate: 22.3%)
PDF Bibtex
Exploring Syscall-Based Semantics Reconstruction of Android Applications
Dario Nisi, Antonio Bianchi, Yanick Fratantonio
Symposium on Research in Attacks, Intrusion, and Defenses (RAID) , Beijing (acceptance rate: 22.3%)
PDF Bibtex
Back to the Whiteboard: a Principled Approach for the Assessment and Design of Memory Forensic Techniques
Fabio Pagani, Davide Balzarotti
28th USENIX Security Symposium (USENIX Security 19) , Santa Clara, CA (acceptance rate: 15.7%)
PDF Slides Bibtex Code
Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control
Iskander Sanchez-Rola, Matteo Dell’Amico, Platon Kotzias, Davide Balzarotti, Leyla Bilge, Pierre-Antoine Vervier, Igor Santos
Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) , Oakland, New Zealand (acceptance rate: 17.1%)
PDF Bibtex
A Close Look at a Daily Dataset of Malware Samples
Xabier Ugarte-Pedrero, Mariano Graziano, Davide Balzarotti
ACM Transactions on Privacy and Security (TOPS)
PDF Bibtex
Finding software bugs in embedded devices
Francillon, Aurélien, Thomas, Sam L., Costin, Andrei
Security of Ubiquitous Computing Systems (Book Chapter) (to appear)
Bibtex
Introducing the Temporal Dimension to Memory Forensics
Pagani, Fabio, Fedorov, Oleksii, Balzarotti, Davide
ACM Transactions on Privacy and Security (TOPS)
PDF Bibtex
BakingTimer: Privacy Analysis of Server-Side Request Processing Time
Sanchez-Rola, Iskander, Balzarotti, Davide, Santos, Igor
Annual Computer Security Applications Conference (ACSAC) (acceptance rate: 22.6%)
PDF Bibtex

2018

Using Loops For Malware Classification Resilient to Feature-unaware Perturbations
Aravind Machiry, Nilo Redini, Eric Gustafson, Yanick Fratantonio, Yung Ryn Choe, Christopher Kruegel, Giovanni Vigna
Proceedings of the Annual Computer Security Applications Conference (ACSAC) , San Juan, Puerto Rico (acceptance rate: 22.1%)
Bibtex
Clock Around the Clock: Time-Based Device Fingerprinting
Iskander Sanchez-Rola, Igor Santos, Davide Balzarotti
Proceedings of the 25th ACM conference on Computer and communications security (CCS) , Toronto, Canada (acceptance rate: 16.6%)
PDF Bibtex
ClickShield: Are You Hiding Something? Towards Eradicating Clickjacking on Android
Andrea Possemato, Andrea Lanzi, Simon Pak Ho Chung, Wenke Lee, Yanick Fratantonio
Proceedings of the 25th ACM conference on Computer and communications security (CCS) , Toronto, Canada (acceptance rate: 16.6%)
Bibtex
Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurélien Francillon
Proceedings of the 25th ACM conference on Computer and communications security (CCS) , Toronto, Canada (acceptance rate: 16.6%)
Third place at the CSAW Europe applied research competition 2018
PDF Bibtex BlackHat
Phishing Attacks on Modern Android
Simone Aonzo, Alessio Merlo, Giulio Tavella, Yanick Fratantonio
Proceedings of the 25th ACM conference on Computer and communications security (CCS) , Toronto, Canada (acceptance rate: 16.6%)
Bibtex
Backdoors: Definition, Deniability and Detection
Sam L. Thomas, Aurélien Francillon
Symposium on Research in Attacks, Intrusion, and Defenses (RAID) , Heraklion (acceptance rate: 22.8%)
PDF Bibtex
Smashing the Stack Protector for Fun and Profit
Bruno Bierbaumer, Julian Kirsch, Thomas Kittel, Aurélien Francillon, Apostolis Zarras
33nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2018) , Poznan, Poland
PDF Bibtex
Inception: System-wide Security Testing of Real-World Embedded Systems Software
Nassim Corteggiani, Giovanni Camurati, Aurélien Francillon
27th USENIX Security Symposium (USENIX Security 18) , Baltimore, MD (acceptance rate: 19.1%)
PDF Slides Bibtex Code
Deception Techniques In Computer Security: A Research Perspective
Xiao Han, Nizar Kheir, Davide Balzarotti
ACM computing surveys (CSUR)
PDF Bibtex
GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM
Victor van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, Kaveh Razavi
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Paris, France (acceptance rate: 30.5%)
Bibtex
On the Effectiveness of the National Do-Not-Call Registries
Merve Sahin, Aurélien Francillon
Workshop on Technology and Consumer Protection (Peer reviewed workshop co-located with S\&P, without formal proceedings)
PDF Bibtex
Understanding Linux Malware
Emanuele Cozzi, Mariano Graziano, Yanick Fratantonio, Davide Balzarotti
IEEE Symposium on Security & Privacy , San Francisco, CA (acceptance rate: 11.5%)
PDF Slides Bibtex
Beyond Precision and Recall: Understanding Uses (and Misuses) of Similarity Hashes in Binary Analysis
Pagani, Fabio, Dell'Amico, Matteo, Balzarotti, Davide
Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy , Tempe, AZ, USA (acceptance rate: 20.9%)
PDF Slides Bibtex
Avatar²: A Multi-target Orchestration Platform
Marius Muench, Dario Nisi, Aurelien Francillon, Davide Balzarotti
Workshop on Binary Analysis Research (colocated with NDSS Symposium) , San Diego (USA)
PDF Slides Bibtex Tool
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
Marius Muench, Jan Stijohann, Frank Kargl, Aurelien Francillon, Davide Balzarotti
Network and Distributed System Security (NDSS) Symposium , San Diego (USA)
PDF Slides Bibtex Tool
Broken Fingers: On the Usage of the Fingerprint API in Android
Antonio Bianchi, Yanick Fratantonio, Aravind Machiry, Christopher Kruegel, Giovanni Vigna, Pak Chung, Wenke Lee
Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS) , San Diego, CA
PDF Bibtex

2017

Exploitation and Mitigation of Authentication Schemes Based on Device-Public Information
Antonio Bianchi, Eric Gustafson, Yanick Fratantonio, Christopher Kruegel, Giovanni Vigna
Proceedings of the Annual Computer Security Applications Conference (ACSAC) , Orlando, Florida (acceptance rate: 19.7%)
PDF Bibtex
Evaluation of Deception-Based Web Attacks Detection
Xiao Han, Nizar Kheir, Davide Balzarotti
ACM Workshop on Moving Targets Defense (co-located with CCS) , Dallas, USA (acceptance rate: 34.6%)
PDF Bibtex
Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies
Iskander Sanchez-Rola, Igor Santos, Davide Balzarotti
Proceedings of the 26rd USENIX Security Symposium (USENIX Security) (acceptance rate: 16.3%)
PDF Bibtex
Using chatbots against voice spam: Analyzing Lenny’s effectiveness
Merve Sahin, Marc Relieu, Aurélien Francillon
Proceedings of the Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017) , Santa Clara, USA (acceptance rate: 26.5%)
PDF Bibtex
Towards Automated Classification of Firmware Images and Identification of Embedded Devices
Costin, Andrei, Zarras, Apostolis, Francillon, Aurélien
32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017) , Rome, Italy (acceptance rate: 19.4%)
PDF Bibtex
A Lustrum of Malware Network Communication: Evolution and Insights
Chaz Lever, Platon Kotzias, Davide Balzarotti, Juan Caballero, Manos Antonakakis
Proceedings of the IEEE Symposium on Security and Privacy , San Jose, CA (acceptance rate: 13.3%)
PDF Bibtex
SoK: Fraud in Telephony Networks
Merve Sahin, Aurélien Francillon, Payas Gupta, Mustaque Ahamad
Proceedings of the 2nd IEEE European Symposium on Security and Privacy (EuroS\&P'17) , Paris, France (acceptance rate: 19.6%)
PDF Bibtex
Attacks Landscape in the Dark Side of the Web
Onur Catakoglu, Marco Balduzzi, Davide Balzarotti
Proceedings of the 32nd Annual ACM Symposium on Applied Computing (SAC) , Marrakech, Morocco (acceptance rate: 15.7%)
Best Paper Award
PDF Bibtex
The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services
Iskander Sanchez-Rola, Davide Balzarotti, Igor Santos
26th International World Wide Web Conference (WWW) , Perth, Australia (acceptance rate: 17.0%)
PDF Bibtex

2016

Over-The-Top Bypass: Study of a Recent Telephony Fraud
Merve Sahin, Aurélien Francillon
Proceedings of the 23rd ACM conference on Computer and communications security (CCS) , Vienna, Austria (acceptance rate: 16.4%)
PDF Bibtex
PhishEye: Live Monitoring of Sandboxed Phishing Kits
Xiao Han, Nizar Kheir, Davide Balzarotti
Proceedings of the 23rd ACM conference on Computer and communications security (CCS) , Vienna, Austria (acceptance rate: 16.4%)
Best European Student Paper Award
PDF Slides Bibtex
Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory
Marius Muench, Fabio Pagani, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, Davide Balzarotti
Symposium on Research in Attacks, Intrusion, and Defenses (RAID) , Paris (acceptance rate: 25.9%)
PDF Slides Bibtex
Uses and Abuses of Server-Side Requests
Giancarlo Pellegrino, Onur Catakoglu, Davide Balzarotti, Christian Rossow
Symposium on Research in Attacks, Intrusion, and Defenses (RAID) , Paris (acceptance rate: 25.9%)
PDF Bibtex
Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks
Stefano Cristalli, Mattia Pagnozzi, Mariano Graziano, Andrea Lanzi, Davide Balzarotti
Proceedings of the 25rd USENIX Security Symposium (USENIX Security) (acceptance rate: 15.6%)
PDF Bibtex
Google Dorks: Analysis, Creation, and new Defenses
Flavio Toffalini, Maurizio Abba, Damiano Carra, Davide Balzarotti
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , San Sebastian, Spain (acceptance rate: 31.8%)
PDF Bibtex
RAMBO: Run-time packer Analysis with Multiple Branch Observation
Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, Pablo G. Bringas
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , San Sebastian, Spain (acceptance rate: 31.8%)
PDF Slides Bibtex
Subverting Operating System Properties through Evolutionary DKOM Attacks
Mariano Graziano, Lorenzo Flore, Andrea Lanzi, Davide Balzarotti
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , San Sebastian, Spain (acceptance rate: 31.8%)
PDF Slides Bibtex
Measuring the Role of Greylisting and Nolisting in Fighting Spam
F. Pagani, M. De Astis, M. Graziano, A. Lanzi, D. Balzarotti
International Conference on Dependable Systems and Networks (DSN) , Toulouse, France (acceptance rate: 20.5%)
PDF Slides Bibtex
ROPMEMU: A Framework for the Analysis of Complex Code-Reuse Attacks
Mariano Graziano, Davide Balzarotti, Alain Zidouemba
Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) , Xi'an, China (acceptance rate: 20.9%)
PDF Bibtex
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Costin, Andrei, Zarras, Apostolis, Francillon, Aurélien
11th ACM Asia Conference on Computer and Communications Security (AsiaCCS) , Xidian, China (acceptance rate: 20.9%)
PDF Bibtex
Automatic Extraction of Indicators of Compromise for Web Applications
Onur Catakoglu, Marco Balduzzi, Davide Balzarotti
25th International World Wide Web Conference (WWW) , Montreal, Canada (acceptance rate: 22.0%)
PDF Bibtex
Trust, But Verify: Why and how to establish trust in embedded devices (invited paper)
Aurélien Francillon
Proceedings of Design, Automation and Test in Europe (DATE), Dresden, Germany
PDF Slides Bibtex
SMASHUP: a toolchain for unified verification of hardware/software co-designs
Lugou, Florian, Apvrille, Ludovic, Francillon, Aurelien
Journal of Cryptographic Engineering
PDF Bibtex

2015

PIE: Parser Identification in Embedded Systems
Lucian Cojocar, Jonas Zaddach, Roel Verdult, Herbert Bos, Aurelien Francillon, Davide Balzarotti
Annual Computer Security Applications Conference (ACSAC) (acceptance rate: 24.4%)
PDF Bibtex
Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters
Clémentine Maurice, Le Scouarnec, Nicolas, Christoph Neumann, Olivier Heen, Aurélien Francillon
Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID'15)
PDF Bibtex
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Andrei Costin, Apostolis Zarras, Aurelien Francillon
ArXiv e-prints
PDF Bibtex
Toward a methodology for unified verication of hardware/software co-designs
Florian Lugou, Ludovic Apvrille, Aurélien Francillon
PROOFS 2015, Security Proofs for Embedded Systems, 17 September 2015, Saint-Malo, France, Springer , Saint-Malo, FRANCE
PDF Bibtex
Large Scale Security Analysis of Embedded Devices' Firmware
Costin, Andrei
PDF Bibtex
All your cluster-grids are belong to us: Monitoring the (in)security of infrastructure monitoring systems
Andrei Costin
1st Workshop on Security and Privacy in the Cloud (SPC) of the 2015 IEEE Conference on Communications and Network Security (CNS) (acceptance rate: 27.3%)
PDF Slides Bibtex
Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence
Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, Davide Balzarotti
Proceedings of the 24rd USENIX Security Symposium (USENIX Security) (acceptance rate: 15.7%)
PDF Slides Bibtex
In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services
Giancarlo Pellegrino, Davide Balzarotti, Stefan Winter, Neeraj Suri
Proceedings of the 24rd USENIX Security Symposium (USENIX Security) (acceptance rate: 15.7%)
PDF Slides Bibtex Usenix Lightning Video
The Impact of GPU-Assisted Malware on Memory Forensics: A Case Study
Antonio Villani, Davide Balzarotti, Roberto di Pietro
Annual Digital Forensics Research Conference (DFRWS) , Philadelphia, USA (acceptance rate: 34.8%)
PDF Bibtex
C5: Cross-Cores Cache Covert Channel
Clémentine Maurice, Christoph Neumann, Olivier Heen, Aurélien Francillon
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Milan, Italy (acceptance rate: 22.7%)
Best Paper Award
PDF Bibtex
Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks
Amin Kharraz, William Robertson, Davide Balzarotti, Leyla Bilge, Engin Kirda
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Milan, Italy (acceptance rate: 22.7%)
PDF Bibtex
The Role of Cloud Services in Malicious Software: Trends and Insights
Xiao Han, Nizar Kheir, Davide Balzarotti
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Milan, Italy (acceptance rate: 22.7%)
PDF Bibtex
[SoK] Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers
Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, Pablo G. Bringas
Proceedings of the IEEE Symposium on Security and Privacy , San Jose, CA (acceptance rate: 13.8%)
PDF Bibtex
Hypervisor-based Malware Protection with AccessMiner
Aristide Fattori, Andrea Lanzi, Davide Balzarotti, Engin Kirda
Computers \& Security
Bibtex PDF

2014

Resource monitoring for the detection of parasite P2P botnets
Rafael Rodríguez-Gómez, Gabriel Maciá-Fernández, Pedro García-Teodoro, Moritz Steiner, Davide Balzarotti
Journal of Computer Networks
Bibtex PDF
A Large Scale Analysis of the Security of Embedded Firmwares
Andrei Costin, Jonas Zaddach, Aurélien Francillon, Davide Balzarotti
Proceedings of the 23rd USENIX Security Symposium (USENIX Security) (acceptance rate: 19.0%)
PDF Slides Bibtex Firmware.re
Through the Looking-Glass, and What Eve Found There
Luca Bruno, Mariano Graziano, Davide Balzarotti, Aurélien Francillon
8th USENIX Workshop on Offensive Technologies (WOOT 14) (acceptance rate: 48.6%)
PDF Bibtex About
Short Paper: A Dangerous 'Pyrotechnic Composition': Fireworks, Embedded Wireless and Insecurity-by-Design
Andrei Costin, Aurélien Francillon
Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec) (acceptance rate: 26.0%)
PDF Slides Bibtex
Short Paper: WifiLeaks: Underestimated Privacy Implications of the ACCESS\_WIFI\_STATE Android Permission
Jagdish Prasad Achara, Mathieu Cunche, Vincent Roca, Aurélien Francillon
Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec) (acceptance rate: 26.0%)
PDF Bibtex
On the Feasibility of Software Attacks on Commodity Virtual Machine Monitors via Direct Device Assignment
Gabor Pek, Andrea Lanzi, Abhinav Srivastava, Davide Balzarotti, Aurélien Francillon, Christoph Neumann
Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) , Kyoto, Japan (acceptance rate: 20.0%)
PDF Bibtex
On The Effectiveness of Risk Prediction Based on Users Browsing Behavior
Davide Canali, Leyla Bilge, Davide Balzarotti
Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) , Kyoto, Japan (acceptance rate: 20.0%)
PDF Slides Bibtex
Shades of Grey: A Closer Look at Emails in the Gray Area
Jelena Isacenkova, Davide Balzarotti
Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) , Kyoto, Japan (acceptance rate: 20.0%)
PDF Bibtex
Optical Delusions: A Study of Malicious QR Codes in the Wild
Amin Kharraz, Engin Kirda, William Robertson, Davide Balzarotti, Aurelien Francillon
Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) , Atlanta, GA USA (acceptance rate: 21.8%)
PDF Bibtex
Microcomputations As Micropayments in Web-based Services
Ghassan O. Karame, Aurélien Francillon, Victor Budilivschi, Srdjan Capkun, Vedran Capkun
ACM Trans. Internet Technol. (ACM TOIT) , New York, NY, USA
PDF Bibtex
EXPOSURE: a Passive DNS Analysis Service to Detect and Report Malicious Domains
Leyla Bilge, Sevil Sen, Davide Balzarotti, Engin Kirda, Christopher Kruegel
ACM Transactions on Information and System Security (TISSEC)
PDF Bibtex
Confidentiality Issues on a GPU in a Virtualized Environment
Clémentine Maurice, Christoph Neumann, Olivier Heen, Aurélien Francillon
Proceedings of the Eighteenth International Conference on Financial Cryptography and Data Security (FC'14) , Barbados (acceptance rate: 22.5%)
PDF Bibtex
A Minimalist Approach to Remote Attestation
Aurelien Francillon, Quan Nguyen, Kasper B. Rasmussen, Gene Tsudik
Proceedings of Design, Automation and Test in Europe (DATE), Dresden, Germany
PDF Slides Bibtex
Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares
Jonas Zaddach, Luca Bruno, Aurelien Francillon, Davide Balzarotti
Network and Distributed System Security (NDSS) Symposium , San Diego (USA) (acceptance rate: 18.6%)
PDF Slides Bibtex Tool
Toward Black-Box Detection of Logic Flaws in Web Applications
Giancarlo Pellegrino, Davide Balzarotti
Network and Distributed System Security (NDSS) Symposium , San Diego (USA) (acceptance rate: 18.6%)
PDF Bibtex
Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations
Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Aurelien Francillon, Davide Balzarotti
EURASIP Journal on Information Security
PDF Bibtex

2013

Implementation and Implications of a Stealth Hard-Drive Backdoor
Jonas Zaddach, Anil Kurmus, Davide Balzarotti, Erik Olivier Blass, Aurelien Francillon, Travis Goodspeed, Moitrayee Gupta, Ioannis Koltsidas
Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC) , New Orleans (acceptance rate: 19.0%)
Best Student Paper Award
PDF Bibtex
Hypervisor Memory Forensics
Mariano Graziano, Andrea Lanzi, Davide Balzarotti
Symposium on Research in Attacks, Intrusion, and Defenses (RAID) , Saint Lucia (acceptance rate: 22.9%)
Winner of the 2013 Annual Volatility Framework Plugin Contest!
PDF Bibtex Tool
The Role of Phone Numbers in Understanding Cyber-Crime Schemes
Andrei Costin, Jelena Isachenkova, Marco Balduzzi, Aurelien Francillon, Davide Balzarotti
Annual Conference on Privacy, Security, and Trust (PST) , Terragona, Spain (acceptance rate: 29.0%)
PDF Slides Bibtex
PeerRush: Mining the Unwanted P2P Traffic
Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi, and Kang Li,
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Berlin, Germany (acceptance rate: 31.6%)
Best Paper Award
PDF Slides Bibtex
Improving 802.11 Fingerprinting of Similar Devices by Cooperative Fingerprinting
Clémentine Maurice, Stephane Onno, Christoph Neumann, Olivier Heen, Aurelien Francillon
Proceedings of the 2013 International Conference on Security and Cryptography (SECRYPT'13) , Reykjavik, Iceland
PDF Bibtex
The Role of Web Hosting Providers in Detecting Compromised Websites
Davide Canali, Davide Balzarotti, Aurelien Francillon
22th International World Wide Web Conference (WWW) , Rio de Janeiro, Brazil (acceptance rate: 15.0%)
Best Paper Nominee
PDF Slides Bibtex
Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations
Jelena Isacenkova, Olivier Thonnard, Andrei Costin, Davide Balzarotti, Aurelien Francillon
Proceedings of the International Workshop on Cyber Crime (co-located with S\&P) , San Francisco, CA
PDF Slides Bibtex
Behind the Scenes of Online Attacks: an Analysis of Exploitation Behaviors on the Web
Davide Canali, Davide Balzarotti
Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS) , San Diego, CA (acceptance rate: 18.8%)
PDF Bibtex
An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations
Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuellar, Giancarlo Pellegrino, Alessandro Sorniotti
Computers \& Security
Bibtex
Embedded Devices Security and Firmware Reverse Engineering
Jonas Zaddach, Andrei Costin
BlackHat USA
PDF Slides Bibtex

2012

Towards network containment in malware analysis systems
Mariano Graziano, Corrado Leita, Davide Balzarotti
Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC) , Orlando, FL (acceptance rate: 19.0%)
PDF Slides Bibtex
Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis
Leyla Bilge, Davide Balzarotti, William Robertson, Engin Kirda, Christopher Kruegel
Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC) , Orlando, FL (acceptance rate: 19.0%)
PDF Bibtex
Analysis of the communication between colluding applications on modern smartphones
Claudio Marforio, Hubert Ritzdorf, Aurélien Francillon, Srdjan Capkun
Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC) , Orlando (acceptance rate: 19.0%)
PDF Bibtex
Enabling trusted scheduling in embedded systems
Ramya Jayaram Masti, Claudio Marforio, Aanjhan Ranganathan, Aurélien Francillon, Srdjan Capkun
Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC) , Orlando (acceptance rate: 19.0%)
PDF Bibtex
How can we determine if a device is infected or not?
Francillon, Aurélien, Jakobsson, Markus, Perrig, Adrian
Bibtex
Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis
Theodoor Scholte, William Robertson, Davide Balzarotti, Engin Kirda
36th Computer Software and Applications Conference (COMPSAC) , Izmir, Turkey (acceptance rate: 18.0%)
PDF Bibtex
A quantitative study of accuracy in system call-based malware detection
Davide Canali, Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, Engin Kirda
Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA) , Minneapolis, MN (acceptance rate: 28.7%)
PDF Bibtex
From model-checking to automated testing of security protocols: Bridging the gap
Alessandro Armando, Giancarlo Pellegrino, Roberto Carbone, Alessio Merlo, Davide Balzarotti
6th International Conference on Tests and Proofs (TAP) , Prague, Czech Republic
PDF Bibtex
Have things changed now? An empirical study on input validation vulnerabilities in web applications
Theodoor Scholte, Davide Balzarotti, Engin Kirda
Journal on Computers & Security
Bibtex
A security analysis of amazon's elastic compute cloud service
Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda, Sergio Loureiro
Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC) , Trento, Italy (acceptance rate: 24.0%)
PDF Bibtex
An empirical analysis of input validation mechanisms in web applications and languages
Theodoor Scholte, William Robertson, Davide Balzarotti, Engin Kirda
Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC) , Trento, Italy (acceptance rate: 24.0%)
PDF Bibtex
Insights into user behavior in dealing with internet attacks
Kaan Onarlioglu, U Ozan Yilmaz, Davide Balzarotti, Engin Kirda
19th Annual Network and Distributed System Security Symposium (NDSS) , San Diego, CA (acceptance rate: 17.8%)
PDF Bibtex
Physical-Layer Attacks on Chirp-based Ranging Systems
Ranganathan, Aanjhan, Danev, Boris, Francillon, Aurélien, Capkun, Srdjan
Proceedings of the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec)
PDF Bibtex
Ghost in the Air (Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices
Andrei Costin, Aurélien Francillon
Black Hat USA
PDF Slides Bibtex
SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust
Karim El Defrawy, Aurelien Francillon, Daniele Perito, Gene Tsudik
Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego
NDSS 2024 Test of Time Award
PDF Bibtex

2011

Measurement and evaluation of a real world deployment of a challenge-response spam filter
Jelena Isacenkova, Davide Balzarotti
Proceedings of the 2011 ACM SIGCOMM conference on Internet Measurement Conference (IMC) , Berlin (acceptance rate: 19.1%)
PDF Bibtex
Reverse Social Engineering Attacks in Online Social Networks
Danesh Irani, Marco Balduzzi, Davide Balzarotti, Engin Kirda, C. Pu
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Amsterdam, The Netherlands (acceptance rate: 31.7%)
PDF Bibtex
Operating System Interface Obfuscation and the Revealing of Hidden Operations
Abhinav Srivastava, Andrea Lanzi, Jonathon Giffin, Davide Balzarotti
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) , Amsterdam, The Netherlands (acceptance rate: 31.7%)
PDF Bibtex
Thwarting Real-Time Dynamic Unpacking
Leyla Bilge, Andrea Lanzi, Davide Balzarotti
Proceedings of the Fourth European Workshop on System Security (EUROSEC)
PDF Bibtex
Prophiler: a Fast Filter for the Large-Scale Detection of Malicious Web Pages
Davide Canali, Marco Cova, Giovanni Vigna, Christopher Kruegel
20th International World Wide Web Conference (WWW) , Hyderabad, India (acceptance rate: 12.3%)
PDF Bibtex
Exposing the lack of privacy in file hosting services
Nick Nikiforakis, Marco Balduzzi, S. Van Acker, W. Joosen, Davide Balzarotti
Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats (LEET)
PDF Bibtex
Quo Vadis? A Study of the Evolution of Input Validation Vulnerabilities in Web Applications
Theodor Scholte, Davide Balzarotti, Engin Kirda
Proceedings of the Fifteenth International Conference on Financial Crypto (FC) , St. Lucia (acceptance rate: 20.3%)
PDF Bibtex
Automated discovery of parameter pollution vulnerabilities in web applications
Marco Balduzzi, Carment T. Gimenez, Davide Balzarotti, Engin Kirda
Proceedings of the 18th Network and Distributed System Security Symposium (NDSS) , San Diego, CA (acceptance rate: 20.1%)
Distinguished Paper Award
PDF Bibtex
A Summary of Two Practical Attacks Against Social Networks
Leyla Bilge, Marco Balduzzi, Davide Balzarotti, Engin Kirda
Trustworthy Internet (Book Chapter)
Bibtex
EphPub: Toward Robust Ephemeral Publishing
Castelluccia, Claude, De Cristofaro, Emiliano, Francillon, Aurélien, Kaafar, Mohamed Ali
Proceedings of the IEEE International Conference on Network Protocols (ICNP)
PDF Bibtex
Automatic Security Analysis of SAML-based Single Sign-On Protocols
Alessandro Armando, Roberto Carbone, Luca Compagna, Giancarlo Pellegrino
Digital Identity and Access Management: Technologies and Framework
PDF Bibtex

2010

G-Free: defeating return-oriented programming through gadget-less binaries
Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, Engin Kirda
Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC) , Austin, Texas (acceptance rate: 16.3%)
PDF Bibtex
AccessMiner: using system-centric models for malware protection
Andrea Lanzi, Davide Balzarotti, Christopher Kruegel, Mihai Christodorescu, Engin Kirda
Proceedings of the 17th ACM conference on Computer and communications security (CCS) , Chicago, Illinois, USA (acceptance rate: 17.2%)
PDF Bibtex
Abusing Social Networks for Automated User Profiling
Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti, Christopher Kruegel
Proceedings of the Internation Symposium on Recent Advances in Intrusion Detection (RAID) , Ottawa, Canada (acceptance rate: 23.1%)
PDF Bibtex
A Solution for the Automated Detection of Clickjacking Attacks
Marco Balduzzi, Manuel Egele, Engin Kirda, Davide Balzarotti, Christopher Kruegel
Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS) , Beijing, China (acceptance rate: 15.0%)
PDF Bibtex
Honeybot, Your Man in the Middle for Automated Social Engineering
Tobias Lauinger, Veikko Pankakoski, Davide Balzarotti, Engin Kirda
Proceedings of the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) , San Jose, CA (acceptance rate: 31.4%)
PDF Bibtex
Efficient Detection of Split Personalities in Malware
Davide Balzarotti, Marco Cova, Christoph Karlberger, Christopher Kruegel, Engin Kirda, Giovanni Vigna
Proceedings of the Network and Distributed System Security Symposium (NDSS) , San Diego, CA (acceptance rate: 15.4%)
PDF Bibtex

2009

A view on current malware behaviors
Ulrich Bayer, Imam Habibi, Davide Balzarotti, Engin Kirda, Christopher Kruegel
USENIX workshop on large-scale exploits and emergent threats (LEET) , Boston, MA (acceptance rate: 40.9%)
PDF Bibtex
All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks
Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin Kirda
20th International World Wide Web Conference (WWW) , Madrid, Spain (acceptance rate: 11.7%)
PDF Bibtex