clusit unige

The University of Genoa, in collaboration with CLUSIT The Italian Association for Computer Security), is proud to organize the “2017 Workshop on Hot Topics in Computer Security”. The event is organized within the framework of the European Cyber Security Month (ECSM).

  • Date: October 17, 2017.
  • Time: From 2:00 p.m. to 5:00 p.m.
  • Location: DIBRIS - room 326bis, Via Dodecaneso 35, 16146, Genova.

Schedule


Welcome and Opening

2:00 p.m. - 2:10 p.m.

Alessio's pic is missing. Alessio Merlo (Assistant Professor, DIBRIS, Genoa)


Strong Authentication for e-Banking: a Survey on European Regulations and Implementations

2:10 p.m. - 2:40 p.m.

Federico's pic is missing. Federico Sinigaglia (Ph.D. Student, FBK, Trento)

Abstract: The modern, smart society needs a reliable and trustworthy access to the internet of services. Strong authentication mechanisms promise to rise the bar of security and they are polarizing the attention of both institutional and industrial stakeholders. In this survey, we take stock of the strong authentication mechanisms used by e-Banking services in terms of regulations and implementations. To this aim, we reviewed the EU regulations and their evolution in the last decade and we analyzed the strong authentication mechanisms implemented by 26 major EU and non-EU banks.


RmPerm: A Tool for Android Permissions Removal

2:40 p.m. - 3:10 p.m.

Simone's pic is missing. Simone Aonzo (Ph.D. Student, DIBRIS, Genoa)

Abstract: Android apps are generally over-privileged, i.e., they request more permissions than they actually need to execute properly. Prior to version 6 users can install an app only by accepting all its requested permissions, while newer Android versions allow users to dynamically grant/deny groups of permissions. Since some them impact on users’ privacy, we argue that users should be granted control at the granularity of the single permission. We propose a novel approach, which does not require any change to the underlying OS, allowing users to selectively remove permissions from apps before installing them, and with a finer granularity. We developed RmPerm, an open-source tool, that implements our methodology, and we present the viability of our approach via an empirical assessment on 81K apps, underlining that, in the worst case, up to 86% of the apps can execute without crashing when none of the requested privacy-related permissions are granted.


Covert Channels & Information Hiding

3:10 p.m. - 3:40 p.m.

Luca's pic is missing. Luca Caviglione (Researcher, ISSIA-CNR, Genoa)

Abstract: Information hiding techniques are increasingly used by malware to hide itsexistence and communication attempts. Investigating how covert channels can empower malicious software is essential to fully understand the cybersecurity panorama. This talk introduces the use of information hiding in modern threats by investigating two different perspectives, specifically: i) how to detect a local covert channel used by colluding applications to bypass the security framework of mobile devices and ii) possible ideas for creating network covert channels for communicating with a remote command & control facility.


Break

3:40 p.m. - 3:55 p.m.


Practical Phishing

3:55 p.m. - 4:55 p.m.

Michele's pic is missing. Michele Orrù (freelancer Security Expert)

Abstract: Phishing is a quick, reliable and cost-efficient way of hacking humans. Since human evolution goes way slower than common beliefs, exploiting software through people, rather than just exploiting software, is convenient. This talk will discuss phishing techniques from an offensive security perspective. There will not be pie charts.


Concluding Remarks & Closing

4:55 p.m. - 5:00 p.m.

Alessio's pic is missing. Alessio Merlo (Assistant Professor, DIBRIS, Genoa)