Search For:

Displaying 1-21 out of 21 total
Optical Delusions: A Study of Malicious QR Codes in the Wild
Found in: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
By Amin Kharraz,Engin Kirda,William Robertson,Davide Balzarotti,Aurelien Francillon
Issue Date:June 2014
pp. 192-203
QR codes, a form of 2D barcode, allow easy interaction between mobile devices and websites or printed material by removing the burden of manually typing a URL or contact information. QR codes are increasingly popular and are likely to be adopted by malware...
Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis
Found in: 2012 IEEE 36th Annual Computer Software and Applications Conference - COMPSAC 2012
By Theodoor Scholte,William Robertson,Davide Balzarotti,Engin Kirda
Issue Date:July 2012
pp. 233-243
Web applications have become an integral part of the daily lives of millions of users. Unfortunately, web applications are also frequently targeted by attackers, and criticial vulnerabilities such as cross-site scripting and SQL injection are still common....
An Experience in Testing the Security of Real-World Electronic Voting Systems
Found in: IEEE Transactions on Software Engineering
By Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, Richard A. Kemmerer, William Robertson, Fredrik Valeur, Giovanni Vigna
Issue Date:July 2010
pp. 453-473
Voting is the process through which a democratic society determines its government. Therefore, voting systems are as important as other well-known critical systems, such as air traffic control systems or nuclear plant monitors. Unfortunately, voting system...
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
Found in: Security and Privacy, IEEE Symposium on
By Davide Balzarotti, Marco Cova, Vika Felmetsger, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, Giovanni Vigna
Issue Date:May 2008
pp. 387-401
Web applications are ubiquitous, perform mission-critical tasks, and handle sensitive user data. Unfortunately, web applications are often implemented by developers with limited security skills, and, as a result, they contain vulnerabilities. Most of these...
ClearShot: Eavesdropping on Keyboard Input from Video
Found in: Security and Privacy, IEEE Symposium on
By Davide Balzarotti, Marco Cova, Giovanni Vigna
Issue Date:May 2008
pp. 170-183
Eavesdropping on electronic communication is usually prevented by using cryptography-based mechanisms. However, these mechanisms do not prevent one from obtaining private information through side channels, such as the electromagnetic emissions of monitors ...
Improving Signature Testing through Dynamic Data Flow Analysis
Found in: Computer Security Applications Conference, Annual
By Christopher Kruegel, Davide Balzarotti, William Robertson, Giovanni Vigna
Issue Date:December 2007
pp. 53-63
The effectiveness and precision of network-based intru- sion detection signatures can be evaluated either by di- rect analysis of the signatures (if they are available) or by using black-box testing (if the system is closed-source). Recently, several techn...
Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations
Found in: 2013 IEEE CS Security and Privacy Workshops (SPW2013)
By Jelena Isacenkova,Olivier Thonnard,Andrei Costin,Davide Balzarotti,Aurelien Francillon
Issue Date:May 2013
pp. 143-150
Nigerian scam is a popular form of fraud in which the fraudster tricks the victim into paying a certain amount of money under the promise of a future, larger payoff. Using a public dataset, in this paper we study how these forms of scam campaigns are organ...
A quantitative study of accuracy in system call-based malware detection
Found in: Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA 2012)
By Andrea Lanzi, Christopher Kruegel, Davide Balzarotti, Davide Canali, Engin Kirda, Mihai Christodorescu
Issue Date:July 2012
pp. 122-132
Over the last decade, there has been a significant increase in the number and sophistication of malware-related attacks and infections. Many detection techniques have been proposed to mitigate the malware threat. A running theme among existing detection te...
Implementation and implications of a stealth hard-drive backdoor
Found in: Proceedings of the 29th Annual Computer Security Applications Conference (ACSAC '13)
By Anil Kurmus, Aurélien Francillon, Davide Balzarotti, Erik-Oliver Blass, Ioannis Koltsidas, Jonas Zaddach, Moitrayee Gupta, Travis Goodspeed
Issue Date:December 2013
pp. 279-288
Modern workstations and servers implicitly trust hard disks to act as well-behaved block devices. This paper analyzes the catastrophic loss of security that occurs when hard disks are not trustworthy. First, we show that it is possible to compromise the fi...
Towards network containment in malware analysis systems
Found in: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12)
By Corrado Leita, Davide Balzarotti, Mariano Graziano
Issue Date:December 2012
pp. 339-348
This paper focuses on the containment and control of the network interaction generated by malware samples in dynamic analysis environments. A currently unsolved problem consists in the existing dependency between the execution of a malware sample and a num...
Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis
Found in: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12)
By Christopher Kruegel, Davide Balzarotti, Engin Kirda, Leyla Bilge, William Robertson
Issue Date:December 2012
pp. 129-138
Botnets continue to be a significant problem on the Internet. Accordingly, a great deal of research has focused on methods for detecting and mitigating the effects of botnets. Two of the primary factors preventing the development of effective large-scale, ...
Thwarting real-time dynamic unpacking
Found in: Proceedings of the Fourth European Workshop on System Security (EUROSEC '11)
By Andrea Lanzi, Davide Balzarotti, Leyla Bilge
Issue Date:April 2011
pp. 1-6
Packing is a very popular technique for obfuscating programs, and malware in particular. In order to successfully detect packed malware, dynamic unpacking techniques have been proposed in literature. Dynamic unpackers execute and monitor a packed program, ...
G-Free: defeating return-oriented programming through gadget-less binaries
Found in: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC '10)
By Andrea Lanzi, Davide Balzarotti, Engin Kirda, Kaan Onarlioglu, Leyla Bilge
Issue Date:December 2010
pp. 49-58
Despite the numerous prevention and protection mechanisms that have been introduced into modern operating systems, the exploitation of memory corruption vulnerabilities still represents a serious threat to the security of software systems and networks. A r...
AccessMiner: using system-centric models for malware protection
Found in: Proceedings of the 17th ACM conference on Computer and communications security (CCS '10)
By Andrea Lanzi, Christopher Kruegel, Davide Balzarotti, Engin Kirda, Mihai Christodorescu
Issue Date:October 2010
pp. 399-412
Models based on system calls are a popular and common approach to characterize the run-time behavior of programs. For example, system calls are used by intrusion detection systems to detect software exploits. As another example, policies based on system ca...
A solution for the automated detection of clickjacking attacks
Found in: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS '10)
By Christopher Kruegel, Davide Balzarotti, Engin Kirda, Manuel Egele, Marco Balduzzi
Issue Date:April 2010
pp. 135-144
Clickjacking is a web-based attack that has recently received a wide media coverage. In a clickjacking attack, a malicious page is constructed such that it tricks victims into clicking on an element of a different page that is only barely (or not at all) v...
All your contacts are belong to us: automated identity theft attacks on social networks
Found in: Proceedings of the 18th international conference on World wide web (WWW '09)
By Davide Balzarotti, Engin Kirda, Leyla Bilge, Thorsten Strufe
Issue Date:April 2009
pp. 66-66
Social networking sites have been increasingly gaining popularity. Well-known sites such as Facebook have been reporting growth rates as high as 3% per week. Many social networking sites have millions of registered users who use these sites to share photog...
Are your votes really counted?: testing the security of real-world electronic voting systems
Found in: Proceedings of the 2008 international symposium on Software testing and analysis (ISSTA '08)
By Davide Balzarotti, Fredrik Valeur, Giovanni Vigna, Greg Banks, Marco Cova, Richard Kemmerer, Viktoria Felmetsger, William Robertson
Issue Date:July 2008
pp. 119-120
Electronic voting systems play a critical role in today's democratic societies, as they are responsible for recording and counting the citizens' votes. Unfortunately, there is an alarming number of reports describing the malfunctioning of these systems, su...
Multi-module vulnerability analysis of web-based applications
Found in: Proceedings of the 14th ACM conference on Computer and communications security (CCS '07)
By Davide Balzarotti
Issue Date:October 2007
pp. 25-35
In recent years, web applications have become tremendously popular, and nowadays they are routinely used in security-critical environments, such as medical, financial, and military systems. As the use of web applications for critical services has increased...
LighTS: a lightweight, customizable tuple space supporting context-aware applications
Found in: Proceedings of the 2005 ACM symposium on Applied computing (SAC '05)
By Davide Balzarotti, Gian Pietro Picco, Paolo Costa
Issue Date:March 2005
pp. 413-419
The tuple space model inspired by Linda has recently been rediscovered by distributed middleware. Moreover, some researchers also applied it in the challenging scenarios involving mobility and more specifically context-aware computing. Context information ...
Testing network-based intrusion detection signatures using mutant exploits
Found in: Proceedings of the 11th ACM conference on Computer and communications security (CCS '04)
By Davide Balzarotti, Giovanni Vigna, William Robertson
Issue Date:October 2004
pp. 21-30
Misuse-based intrusion detection systems rely on models of attacks to identify the manifestation of intrusive behavior. Therefore, the ability of these systems to reliably detect attacks is strongly affected by the quality of their models, which are often ...
Supporting configuration management for virtual workgroups in a peer-to-peer setting
Found in: Proceedings of the 14th international conference on Software engineering and knowledge engineering (SEKE '02)
By Carlo Ghezzi, Davide Balzarotti, Mattia Monga
Issue Date:July 2002
pp. 507-511
In this paper we describe a configuration management tool suitable for the untethered scenarios typical in a mobile environment. The scenario envisions a number of homogeneous peers that are able to provide the same services, disconnect frequently from the...