Bruno Crispo | University of Trento (original) (raw)

Papers by Bruno Crispo

The development of electronic commerce and other applications on the Internet is held up by conce... more The development of electronic commerce and other applications on the Internet is held up by concerns about security. Cryptography—the science of codes and ciphers—will be a significant part of the solution, but one of the hardest problems is enabling users to find out which cryptographic key belongs to whom.< br>< br> The main things that can go wrong with cryptography are similar to those that can go wrong with a signature stamp. A stamp can be stolen or counterfeit; or it may not belong to the person one thought it did. The first two ...

2015 3rd International Conference on Future Internet of Things and Cloud, 2015

Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing - MW4NextGen '13, 2013

ABSTRACT Policy-based access control aims to decouple access control rules from the application t... more ABSTRACT Policy-based access control aims to decouple access control rules from the application they constrain by expressing these rules in declarative access control policies. Performance of policy-based access control is of growing importance, but concurrent and distributed policy evaluation has received little research attention and current policy evaluation engines are still single-machine and fully sequential to the best of our knowledge. We believe that concurrent policy evaluation is necessary to meet the performance and scalability requirements of next-generation internet applications and aid the maturation of policy-based access control. Therefore, this paper presents an initial exploration of concurrent policy evaluation. We illustrate the performance of current policy evaluation engines, model the performance of policy evaluation in terms of the characteristics of a policy, list opportunities for concurrency, describe the need for concurrency control and specifically show how concurrency can be used to improve throughput based on our prototype.

Lecture Notes in Computer Science, 2013

Lecture Notes in Computer Science, 2006

Lecture Notes in Computer Science, 2006

It is usually the case that before a transaction can take place, some mutual trust must be establ... more It is usually the case that before a transaction can take place, some mutual trust must be established between the participants. On-line, doing so requires the exchange of some certified information about the participants. The easy solution is to disclose one&amp;amp;amp;amp;#39;s identity and reveal all of one&amp;amp;amp;amp;#39;s certificates to establish such a trust relationship. However, it is clear that such

We discuss here some of the issues that must be consideredto build evidence in an appropriate way... more We discuss here some of the issues that must be consideredto build evidence in an appropriate way in a public-key infrastructure (PKI). Despite the fact that one of the most recurrent motivation bypapers advocating the necessity of a PKI, is to support electronic commerce, all the new proposals of PKIs do not define any procedure tospecify which evidence must be collected and in which form, when userscarry out a commercial transaction.

The Cambridge International Workshop on Security Protocols has now run for eight years. Each year... more The Cambridge International Workshop on Security Protocols has now run for eight years. Each year we set a theme, focusing upon a specific aspect of security protocols, and invite position papers. Anybody is welcome to send us a position paper (yes, you are invited) and we don't insist they relate to the current theme in an obvious way. In our experience, the emergence of the theme as a unifying thread takes place during the discussions at the workshop itself. The only ground rule is that position papers should formulate an approach to some unresolved issues, rather than being a description of a finished piece of work.

Data replication is a widely used technique for achieving fault tolerance and improved performanc... more Data replication is a widely used technique for achieving fault tolerance and improved performance. With the advent of content delivery networks, it is becoming more and more frequent that data content is placed on hosts that are not directly controlled by the content owner, and because of this, security mechanisms to protect data integrity are necessary. In this paper we present a system architecture that allows arbitrary queries to be supported on data content replicated on untrusted servers. To prevent these servers from returning erroneous answers to client queries, we make use of a small number of trusted hosts that randomly check these answers and take corrective action whenever necessary. Additionally, our system employs an audit mechanism that guarantees that any untrusted server acting maliciously will eventually be detected and excluded from the system. 1

Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security - ASIACCS '12, 2012

Web browsers are becoming an increasingly important part of our everyday life. Many users spend m... more Web browsers are becoming an increasingly important part of our everyday life. Many users spend most of their time surfing the web, and browser-only operating systems are gaining growing attention. To enhance the user experience, many new browser extensions (or add-ons) are continuously released to the public. Unfortunately, with their constant access to a large pool of private information, extensions are also an increasingly important attack vector. Existing approaches that detect privacy-breaching browser extensions fail to provide a generic cross-browser mechanism that can effectively keep up with the ever-growing number of browser implementations and versions available nowadays.

Proceedings of the 5th ACM Conference on Data and Application Security and Privacy - CODASPY '15, 2015

Static analysis of Android applications can be hindered by the presence of the popular dynamic co... more Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android malware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These techniques defuse even the most recent static analyzers (e.g., ) that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.

Proceedings of the 17th ACM conference on Computer and communications security - CCS '10, 2010

Abstract The publish/subscribe model offers a loosely-coupled communication paradigm where applic... more Abstract The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are forwarded to subscriber applications by a network of brokers. Subscribers register by specifying filters that brokers match against events as part of the routing process. Brokers might be deployed on untrusted servers where malicious entities can get access to events and filters. Supporting confidentiality of events and filters in this setting is still an ...

Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing - MW4NextGen '13, 2013

ABSTRACT Policy-based access control aims to decouple access control rules from the application t... more ABSTRACT Policy-based access control aims to decouple access control rules from the application they constrain by expressing these rules in declarative access control policies. Performance of policy-based access control is of growing importance, but concurrent and distributed policy evaluation has received little research attention and current policy evaluation engines are still single-machine and fully sequential to the best of our knowledge. We believe that concurrent policy evaluation is necessary to meet the performance and scalability requirements of next-generation internet applications and aid the maturation of policy-based access control. Therefore, this paper presents an initial exploration of concurrent policy evaluation. We illustrate the performance of current policy evaluation engines, model the performance of policy evaluation in terms of the characteristics of a policy, list opportunities for concurrency, describe the need for concurrency control and specifically show how concurrency can be used to improve throughput based on our prototype.

Lecture Notes in Computer Science, 2013

Lecture Notes in Computer Science, 2001

The development of electronic commerce and other applications on the Internet is held up by conce... more The development of electronic commerce and other applications on the Internet is held up by concerns about security. Cryptography—the science of codes and ciphers—will be a significant part of the solution, but one of the hardest problems is enabling users to find out which cryptographic key belongs to whom.< br>< br> The main things that can go wrong with cryptography are similar to those that can go wrong with a signature stamp. A stamp can be stolen or counterfeit; or it may not belong to the person one thought it did. The first two ...

2015 3rd International Conference on Future Internet of Things and Cloud, 2015

Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing - MW4NextGen '13, 2013

ABSTRACT Policy-based access control aims to decouple access control rules from the application t... more ABSTRACT Policy-based access control aims to decouple access control rules from the application they constrain by expressing these rules in declarative access control policies. Performance of policy-based access control is of growing importance, but concurrent and distributed policy evaluation has received little research attention and current policy evaluation engines are still single-machine and fully sequential to the best of our knowledge. We believe that concurrent policy evaluation is necessary to meet the performance and scalability requirements of next-generation internet applications and aid the maturation of policy-based access control. Therefore, this paper presents an initial exploration of concurrent policy evaluation. We illustrate the performance of current policy evaluation engines, model the performance of policy evaluation in terms of the characteristics of a policy, list opportunities for concurrency, describe the need for concurrency control and specifically show how concurrency can be used to improve throughput based on our prototype.

Lecture Notes in Computer Science, 2013

Lecture Notes in Computer Science, 2006

Lecture Notes in Computer Science, 2006

It is usually the case that before a transaction can take place, some mutual trust must be establ... more It is usually the case that before a transaction can take place, some mutual trust must be established between the participants. On-line, doing so requires the exchange of some certified information about the participants. The easy solution is to disclose one&amp;amp;amp;amp;#39;s identity and reveal all of one&amp;amp;amp;amp;#39;s certificates to establish such a trust relationship. However, it is clear that such

We discuss here some of the issues that must be consideredto build evidence in an appropriate way... more We discuss here some of the issues that must be consideredto build evidence in an appropriate way in a public-key infrastructure (PKI). Despite the fact that one of the most recurrent motivation bypapers advocating the necessity of a PKI, is to support electronic commerce, all the new proposals of PKIs do not define any procedure tospecify which evidence must be collected and in which form, when userscarry out a commercial transaction.

The Cambridge International Workshop on Security Protocols has now run for eight years. Each year... more The Cambridge International Workshop on Security Protocols has now run for eight years. Each year we set a theme, focusing upon a specific aspect of security protocols, and invite position papers. Anybody is welcome to send us a position paper (yes, you are invited) and we don't insist they relate to the current theme in an obvious way. In our experience, the emergence of the theme as a unifying thread takes place during the discussions at the workshop itself. The only ground rule is that position papers should formulate an approach to some unresolved issues, rather than being a description of a finished piece of work.

Data replication is a widely used technique for achieving fault tolerance and improved performanc... more Data replication is a widely used technique for achieving fault tolerance and improved performance. With the advent of content delivery networks, it is becoming more and more frequent that data content is placed on hosts that are not directly controlled by the content owner, and because of this, security mechanisms to protect data integrity are necessary. In this paper we present a system architecture that allows arbitrary queries to be supported on data content replicated on untrusted servers. To prevent these servers from returning erroneous answers to client queries, we make use of a small number of trusted hosts that randomly check these answers and take corrective action whenever necessary. Additionally, our system employs an audit mechanism that guarantees that any untrusted server acting maliciously will eventually be detected and excluded from the system. 1

Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security - ASIACCS '12, 2012

Web browsers are becoming an increasingly important part of our everyday life. Many users spend m... more Web browsers are becoming an increasingly important part of our everyday life. Many users spend most of their time surfing the web, and browser-only operating systems are gaining growing attention. To enhance the user experience, many new browser extensions (or add-ons) are continuously released to the public. Unfortunately, with their constant access to a large pool of private information, extensions are also an increasingly important attack vector. Existing approaches that detect privacy-breaching browser extensions fail to provide a generic cross-browser mechanism that can effectively keep up with the ever-growing number of browser implementations and versions available nowadays.

Proceedings of the 5th ACM Conference on Data and Application Security and Privacy - CODASPY '15, 2015

Static analysis of Android applications can be hindered by the presence of the popular dynamic co... more Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android malware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These techniques defuse even the most recent static analyzers (e.g., ) that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA.

Proceedings of the 17th ACM conference on Computer and communications security - CCS '10, 2010

Abstract The publish/subscribe model offers a loosely-coupled communication paradigm where applic... more Abstract The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are forwarded to subscriber applications by a network of brokers. Subscribers register by specifying filters that brokers match against events as part of the routing process. Brokers might be deployed on untrusted servers where malicious entities can get access to events and filters. Supporting confidentiality of events and filters in this setting is still an ...

Proceedings of the 8th Workshop on Middleware for Next Generation Internet Computing - MW4NextGen '13, 2013

ABSTRACT Policy-based access control aims to decouple access control rules from the application t... more ABSTRACT Policy-based access control aims to decouple access control rules from the application they constrain by expressing these rules in declarative access control policies. Performance of policy-based access control is of growing importance, but concurrent and distributed policy evaluation has received little research attention and current policy evaluation engines are still single-machine and fully sequential to the best of our knowledge. We believe that concurrent policy evaluation is necessary to meet the performance and scalability requirements of next-generation internet applications and aid the maturation of policy-based access control. Therefore, this paper presents an initial exploration of concurrent policy evaluation. We illustrate the performance of current policy evaluation engines, model the performance of policy evaluation in terms of the characteristics of a policy, list opportunities for concurrency, describe the need for concurrency control and specifically show how concurrency can be used to improve throughput based on our prototype.

Lecture Notes in Computer Science, 2013

Lecture Notes in Computer Science, 2001