Search For:

Displaying 1-12 out of 12 total
Splitting the HTTPS Stream to Attack Secure Web Connections
Found in: IEEE Security and Privacy
By Marco Prandini, Marco Ramilli, Walter Cerroni, Franco Callegati
Issue Date:November 2010
pp. 80-84
The HTTPS protocol is commonly adopted to secure connections to websites, both to guarantee the server's authenticity and to protect the privacy of transmitted data. However, the computational load associated with the protocol's key exchange and encryption...
A Messaging-Based System for Remote Server Administration
Found in: Network and System Security, International Conference on
By Marco Ramilli, Marco Prandini
Issue Date:October 2009
pp. 262-269
The most common method of system administration is accessing the remote system through the network by means of some client-server protocol, giving access to a privileged service always listening on the target system. There are important security and flexib...
Return-Oriented Programming
Found in: IEEE Security & Privacy
By Marco Prandini,Marco Ramilli
Issue Date:November 2012
pp. 84-87
Attackers able to compromise the memory of a target machine can change its behavior and usually gain complete control over it. Despite the ingenious prevention and protection mechanisms that have been implemented in modern operating systems, memory corrupt...
Towards a practical and effective security testing methodology
Found in: Computers and Communications, IEEE Symposium on
By Marco Prandini, Marco Ramilli
Issue Date:June 2010
pp. 320-325
Security testing is an important step in the lifetime of both newly-designed and existing systems. Different methodologies exist to guide testers to the selection, design, and implementation of the most appropriate testing procedures for various contexts. ...
Always the Same, Never the Same
Found in: IEEE Security and Privacy
By Marco Ramilli, Marco Prandini
Issue Date:March 2010
pp. 73-75
The basic technique used by antimalware software for identifying malicious code is signature detection. Even after years of refining, attackers can still easily circumvent it, relying on several ways to manipulate signatures without changing the malware lo...
Taking the Best of Both Worlds: A Comparison and Integration of the U.S. and EU Approaches to E-Voting Systems Evaluation
Found in: Hawaii International Conference on System Sciences
By Marco Prandini, Marco Ramilli
Issue Date:January 2011
pp. 1-10
With regard to e-voting system certification, political bodies around the world show very different approaches, ranging from high-level recommendations on the electoral system, not providing the associated details, to procedures that describe specific cont...
Man-in-the-Middle Attack to the HTTPS Protocol
Found in: IEEE Security and Privacy
By Franco Callegati, Walter Cerroni, Marco Ramilli
Issue Date:January 2009
pp. 78-81
As defenders, it is extremely dangerous to be ignorant of how attackers can disrupt our systems. Without a good understanding of the relative ease of certain attacks, it's easy to adopt poor policies and procedures. A good example of this is the tendency f...
Frightened by Links
Found in: IEEE Security and Privacy
By Franco Callegati, Marco Ramilli
Issue Date:November 2009
pp. 72-76
This article describes a recent attack trend called clickjacking, which exploits hyperlinks as the attack vehicle. This article introduces the reader to the attack concept and to the possible ways to implement it, by means of some practical example. Then i...
Multiprocess malware
Found in: Malicious and Unwanted Software, International Conference on
By Marco Ramilli,Matt Bishop,Shining Sun
Issue Date:October 2011
pp. 8-13
Malware behavior detectors observe the behavior of suspected malware by emulating its execution or executing it in a sandbox or other restrictive, instrumented environment. This assumes that the process, or process family, being monitored will exhibit the ...
Results-oriented security
Found in: Malicious and Unwanted Software, International Conference on
By Matt Bishop,Richard Ford,Marco Ramilli
Issue Date:October 2011
pp. 42-49
Current security practice is to examine incoming messages, commands, data, and executing processes for attacks that can then be countered. This position paper argues that this practice is counterproductive because the number and variety of attacks are far ...
Security considerations about the adoption of web 2.0 technologies in sensitive e-government processes
Found in: Proceedings of the 5th International Conference on Theory and Practice of Electronic Governance (ICEGOV '11)
By Marco Prandini, Marco Ramilli
Issue Date:September 2011
pp. 285-288
In the recent past, the so-called "Web 2.0" became a powerful tool to enable various eGovernment processes, especially as a link between political bodies and citizens. Politicians and managers, seeking to improve participation, embraced this technology as ...
Internet voting: fatally torn between conflicting goals?
Found in: Proceedings of the 6th International Conference on Theory and Practice of Electronic Governance (ICEGOV '12)
By Marco Ramilli
Issue Date:October 2012
pp. 58-61
More than a decade after the first enthusiastic attempts at deploying Internet voting, there is still only a single case of continued adoption for the election of a political body. In this paper we illustrate the motivations behind the apparent failure of ...