Publications

[1] Alessandro Armando, Wihem Arsac, Tigran Avanesov, Michele Barletta, Alberto Calvi, Alessandro Cappai, Roberto Carbone, Yannick Chevalier, Luca Compagna, Jorge Cuellar, Gabriel Erzse, Simone Frau, Marius Minea, Sebastian Moedersheim, David von Oheimb, Giancarlo Pellegrino, Serena Elisa Ponta, Marco Rocchetto, Michael Rusinowitch, Mohammad Torabi Dashti, Mathieu Turuani, Luca Vigano`.
The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures.In TACAS 2012, Proceedings of 18th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, LNCS 7214, pages 267-282. Springer , 2012

[2] Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuellar, Giancarlo Pellegrino, Alessandro Sorniotti.
An authentication flaw in browser-based single sign-on protocols: Impact and remediations. Computers & Security

[3] Alessandro Armando, Rroberto Carbone, Luca Compagna, Jorge Cuellar, Giancarlo Pellegrino, Alessandro Sorniotti.
From Multiple Credentials to Browser-based Single Sign-On: Are We More Secure?
In J. Camenisch, S.F.H. Bner, S. Fischer-Hübner, Y. Murayama, A. Portmann, and C. Rieder, editors, Future Challenges in Security and Privacy for Academia and Industry: 26th IFIP TC 11 Interna- tional Information Security Conference, SEC 2011, Lucerne, Switzerland, June 7-9, 2011, Proceedings, IFIP Advances in Information and Commu- nication Technology Series, pages 68-79. Springer, 2011

[4] Alessandro Armando, Enrico Giunchiglia, Marco Maratea, Serena Elisa Ponta.
An action-based approach to the formal specification and automatic analysis of business processes under authorization constraints. J. Comput. Syst. Sci., 78(1):119-141, 2012.

[5] Alessandro Armando, Alessio Merlo, Mauro Migliardi, Luca Verderame.
Would You Mind Forking This Process? A Denial of Service Attack on Android (and Some Countermeasures). In Dimitris Gritzalis, Steven Furnell, and Marianthi Theoharidou, editors, Information Security and Privacy Research – 27th IFIP TC 11 Information Security and Privacy Conference, SEC 2012, volume 376 of IFIP Advances in Information and Communication Technology, pages 13-24. Springer, 2012

[6] Alessandro Armando, Giancarlo Pellegrino, Roberto Carbone, Alessio Merlo, Davide Balzarotti.
From model-checking to automated testing of security protocols: Bridging the gap. In Achim D. Brucker and Jacques Julliand, editors, TAP, LNCS 7305, pages 3-18. Springer, 2012

[7] Alessandro Armando, Silvio Ranise.
Scalable automated symbolic analysis of administrative role-based access control policies by smt solving. Journal of Computer Security, 20(4):309-352, 2012

[8] Wihem Arsac, Luca Compagna, Samuel Paul Kaluvuri, Serena Elisa Ponta.
Security validation tool for business processes.
In Proceedings of the 16th ACM symposium on Access control models and technologies, SACMAT ’11, pages 143-144, New York, NY, USA. 2011, ACM

[9] Wihem Arsac, Luca Compagna, Giancarlo Pellegrino, Serena Elisa Ponta.
Security Validation of Business Processes via Model-Checking.
In ESSoS, pages 29-42, 2011

[10] Michele Barletta, Silvio Ranise, Luca Viganò.
Automated Analysis of Scenario-based Specifications of Distributed Access Control Policies with Non-Mechanizable Activities. In STM’12, Proceedings of the 8th International Workshop on Security and Trust Management, LNCS. Springer, to appear

[11] Sofia Bekrar, Chaouki Bekrar, Roland Groz, Laurent Mounier.
A taint based approach for smart fuzzing. In International Workshop on Security Testing (SECTEST), Workshop of the International Conference on Software Testing, Verification and Validation (ICST), pages 818-825, 2012

[12] Matthias Büchler, Johan Oudinet, Alexander Pretschner.
Security Mutants for Property-Based Testing.
In Proceedings of the 5th International Conference on Tests and Proofs, volume 6706 of Lecture Notes in Computer Science, pages 69-77, 2011, Springer

[13] Matthias Büchler, Johan Oudinet, Alexander Pretschner.
Semiautomatic security testing of web applications from a secure model. In International Conference on Software Security and Reliability (SERE), pages 253-262. IEEE, 2012

[14] Matthias Büchler, Johan Oudinet, Alexander Pretschner.
Spacite – web application testing engine. In International Workshop on Security Testing (SECTEST), Workshop of the International Conference on Software Testing, Verification and Validation (ICST), pages 858-859. IEEE, 2012

[15] Giulio Caravagna, Gabriele Costa, Giovanni Pardini, Luca Wiegand.
Log-based Lazy Monitoring of OSGi Bundles. In 7th Workshop on Bytecode Semantics, Verification, Analysis and Transformation (BYTECODE), 2012

[16] Roberto Carbone, Marius Minea, Sebastian Mödersheim, Serena Elisa Ponta, Mathieu Turuani, Luca Viganò.
Towards Formal Validation of Trust and Security in the Internet of Services. In Future Internet Assembly, LNCS 6656, pages 193-207. Springer, 2011

[17] Fabien Duchene, Roland Groz, Sanjay Rawat, Jean-Luc Richier.
Xss vulnerability detection using model inference assisted evolutionary fuzzing. In International Workshop on Security Testing (SECTEST), Workshop of the International Conference on Software Testing, Verification and Validation (ICST), pages 815-817, 2012

[18] Khaled El-Fakih, Roland Groz, Muhammad Naeem Irfan, Muzammil Shahba.
Learning Finite State Models of Observable Nondeterministic Systems in a Testing Context.
In 22nd IFIP International Conference on Testing Software and Systems, pages 97-102, Natal, Brazil, 2010

[19] Maria-Camilla Fiazza, Michele Peroli, Luca Vigano`.
Security Protocols as Environments: a Lesson from Non-collaboration.
In Proceedings of the 6th International Workshop on Trusted Collaboration (TrustCol 2011). IEEE CS Press, 2011

[20] Maria-Camilla Fiazza, Michele Peroli, Luca Vigano`.
Attack Interference in Non-Collaborative Scenarios for Security Protocol Analysis.
In Proceedings of SECRYPT 2011 – International Conference on Security and Cryptography, pages 144-156. SciTePress, 2011. Extended version (May 2011) available at http://arxiv.org/abs/1106.3746

[21] Maria-Camilla Fiazza, Michele Peroli, Luca Viganò.
Attack Interference: a Path to Defending Security Protocols. To appear in the book “e-Business and Telecommunications – ICETE 2011″ published by Springer

[22] Maria-Camilla Fiazza, Michele Peroli, and Luca Viganò.
An Environmental Paradigm for Defending Security Protocols. In 2012 International Conference on Collaboration Technologies and Systems, CTS 2012, pages 427-438. IEEE Computer Society Press, 2012

[23] Simone Frau, Mohammad Torabi-Dashti.
Integrated Specification and Verification of Security Protocols and Policies.
In CSF, pages 18-32, IEEE, 2011

[24] Roland Groz, Muhammad-Naeem Irfan, Catherine Oriat.
Algorithmic improvements on regular inference of software models and perspectives for security testing. In Tiziana Margaria and Bernhard Steffen, editors, Leveraging Applications of Formal Methods, Verification and Validation. Technologies for Mastering Change – 5th International Symposium, ISoLA 2012, LNCS 7609, pages 444-457. Springer, 2012

[25] Casandra Holotescu.
Local model learning for asynchronous services. In Proceedings of the 4th International Workshop on Principles of Engineering Service Oriented Systems (PESOS 2012), pages 22-28. IEEE CS Press, 2012

[26] Karim Hossen, Roland Groz, Jean-Luc Richier.
Security Vulnerabilities Detection Using Model Inference for Applications and Security Protocols.
In Second International Workshop on Security Testing (SECTEST 2011), Workshop of the IEEE Fourth International Conference on Software Test- ing, Verification and Validation (ICST2011), pages 534-536, Berlin, Germany, March 2011. IEEE

[27] Yves Ledru, Akram Idani, Jérémy Milhau, Nafees Qamar, Régine Laleau, Jean-Luc Richier, Mohamed-Amine Labiadh.
Taking into account functional models in the validation of is security policies. In Camille Salinesi and Oscar Pastor, editors, Advanced Information Systems Engineering Workshops – CAiSE 2011 International Workshops, volume 83 of Lecture Notes in Business Information Processing, pages 592-606. Springer, 2011

[28] Yves Ledru, Muhammad Nafees Qamar, Akram Idani, Jean-Luc Richier, Mohamed-Amine Labiadh.
Validation of Security Policies by the Animation of Z Specifications.
In Ruth Breu, Jason Crampton, and Jorge Lobo, editors, SACMAT 2011, 16th ACM Symposium on Access Control Models and Technologies, pages 155-164, Innsbruck, Austria, 2011. ACM

[29] Massimiliano Rak, Massimo Ficco, Jesus Luna, Hamza Ghani, Neraj Suri, Silviu Panica, Dana Petcu.
Security issues in cloud federation. In Massimo Villari, Ivona Brandic, and Francesco Tusa, editors, Achieving Federated and Self-Manageable Cloud Infrastructures: Theory and Practice, pages 176-194. 2012

[30] Petar Tsankov, Mohammad Torabi-Dashti, David Basin.
Constructing mid-points for two-party asynchronous protocols.
In Proceedings of the 15th International Conference On Principles Of Distributed Systems (OPODIS), Lecture Notes in Computer Science. Springer, 2011

[31] Petar Tsankov, Mohammad Torabi Dashti, David Basin.
SECFUZZ: Fuzz-testing security protocols. In 7th International Workshop on Automation of Software Test (AST). IEEE, 2012

[32] Luca Viganò.
Automated Validation of Trust and Security of Service- Oriented Architectures with the AVANTSSAR Platform. In 2012 International Conference on High Performance Computing & Simulation, HPCS 2012, pages 444-447. IEEE Computer Society Press, 2012

[33] Luca Viganò.
Towards the Secure Provision and Consumption in the Internet of Services. In TrustBus 2012, Trust, Privacy and Security in Digital Business, LNCS 7449, pages 214-215. Springer, 2012