Publications

Giacomo Benedetti, Luca Verderame, Alessio Merlo. "Automatic Security Assessment of GitHub Actions Workflows.". ACM SCORED@CCS 2022

Giacomo Benedetti, Luca Verderame, Alessio Merlo. "Alice in (Software Supply) Chains: Risk Identification and Evaluation.". QUATIC 2022

Enrico Russo, Gabriele Costa, Giacomo Longo, Alessandro Armando, Alessio Merlo. "LiDiTE: a Full-Fledged and Featherweight Digital Twin Framework.". In CoRR.

Davide Caputo. "On the Security and Privacy Challenges in Android-based Environments.". University of Genoa, Italy.

Andrea Romdhana, Mariano Ceccato, Alessio Merlo, Paolo Tonella. "IFRIT: Focused Testing through Deep Reinforcement Learning.". In ICST.

E. Russo, L. Verderame, A. Armando, A. Merlo. "DIOXIN: runtime security policy enforcement of fog applications.". In Int. J. Grid Util. Comput..

L. Demetrio, B. Biggio, G. Lagorio, F. Roli, A. Armando. "Functionality-Preserving Black-Box Optimization of Adversarial Windows Malware.". In IEEE Trans. Inf. Forensics Secur..

L. Demetrio, S. E. Coull, B. Biggio, G. Lagorio, A. Armando, F. Roli. "Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection.". In ACM Trans. Priv. Secur..

A. Ranieri, D. Caputo, L. Verderame, A. Merlo, L. Caviglione. "Deep Adversarial Learning on Google Home devices.". In J. Internet Serv. Inf. Secur..

Francesco Pagano, Luca Verderame, Alessio Merlo. "Understanding Fuchsia Security.". In CoRR.

D. Caputo, F. Pagano, G. Bottino, L. Verderame, A. Merlo "You can't always get what you want: towards user-controlled privacy on Android"

L. Verderame, A. Ruggia, A. Merlo "PATRIOT: Anti-Repackaging for IoT Firmware"

A. Merlo, A. Ruggia, L. Sciolla, L. Verderame. "ARMAND: Anti-Repackaging through Multi-pattern Anti-tampering based on Native Detection". Pervasive and Mobile Computing (2021) DOI:10.1016/j.pmcj.2021.101443

A. Merlo, A. Ruggia, L. Sciolla, L. Verderame. "You Shall not Repackage! Demystifying Anti-Repackaging on Android". Computer & Security (2021) DOI:10.1016/j.cose.2021.102181

A. Ruggia, E. Losiouk, L. Verderame, M. Conti, A. Merlo. "Repack Me If You Can: An Anti-Repackaging Solution based on Android Virtualization", ACSAC 2021

Andrea Romdhana, Mariano Ceccato, Gabriel Claudiu Georgiu, Alessio Merlo, Paolo Tonella. "COSMO: Code Coverage Made Easier for Android.". In ICST.

Andrea Romdhana, Alessio Merlo, Mariano Ceccato, Paolo Tonella. "Deep Reinforcement Learning for Black-Box Testing of Android Apps.". In CoRR.

Meriem Guerar, Luca Verderame, Mauro Migliardi, Francesco Palmieri, Alessio Merlo. "Gotta CAPTCHA 'Em All: A Survey of 20 Years of the Human-or-computer Dilemma.". In ACM Comput. Surv..

E. Russo, L. Verderame, A. Armando, and A. Merlo. "DIOXIN: Run-time Security Policy Enforcement of Fog Applications". International Journal of Grid andUtility Computing", 2020. In press.

E. Russo, G. Costa, and A. Armando. "Building Next Generation CyberRanges with CRACK". Computers & Security, 95:101837, 2020.

E. Russo, L. Verderame, A. Armando, and A. Merlo. "Enabling Next-Generation Cyber Ranges with Mobile Security Components", in Proc. of 32nd IFIP International Conference on Testing Software and Systems (ICTSS 2020), Naples, Italy.

D. Caputo, L. Verderame, A. Merlo. "MobHide: App-level runtime data anonymization on mobile". In Proc. of the ACNS 2020: Applied Cryptography and Network Security Workshops (ACNS 2020), Rome, IT. DOI: 10.1007/978-3-030-61638-0_27

G. Gazzarata, E. Troiano, L. Verderame, M. Aiello, I. Vaccari, E. Cambiaso, A. Merlo. "FINSTIX: a Cyber-Physical Data Model for Financial Critical Infrastructures". In Proc. of the 1st International Workshop on Cyber-Physical Security for Critical Infrastructures Protection Co-located(CPS4CIP), Guildford, UK. DOI: 10.1007/978-3-030-69781-5_4

N. Cibin, M. Guerar, A. Merlo, M. Migliardi, L. Verderame. "Towards a SIP-based DDoS Attack to the 4G Network" in Web, Artificial Intelligence and Network Applications (WAINA 2020), Caserta, Italy. DOI:10.1007/978-3-030-44038-1_79

M. Guerar, L. Verderame, A. Merlo, F. Palmieri, M. Migliardi, L. Vallerini. "CirclePIN: A Novel Authentication Mechanism for Smartwatches to Prevent Unauthorized Access to IoT Devices" ACM Transaction on Cyberphysical Systems (2020) DOI: 10.1145/3365995.

M. Guerar, A. Merlo, M. Migliardi, F. Palmieri, L. Verderame. "A Fraud-Resilient Blockchain-Based Solution for Invoice Financing" IEEE Transactions on Engineering Management (2020) DOI: 10.1109/TEM.2020.2971865.

S. Aonzo, G.C. Georgiu, L. Verderame, A. Merlo. "Obfuscapk: An open-source black-box obfuscation tool for Android apps" SoftwareX (2020) DOI: 10.1016/j.softx.2020.100403.

L. Verderame, D. Caputo, A. Romdhana, & A. Merlo. "APPregator: A Large-Scale Platform for Mobile Security Analysis". In IFIP International Conference on Testing Software and Systems (pp. 73-88). Springer, Cham.

L. Verderame, D. Caputo, A. Romdhana, A. Merlo. "On the (Un)Reliability of Privacy Policies in Android Apps" in Proc. of the 2020 World Congress on Computational Intelligence, Jul 19-24, 2020, Glasgow, Scotland.

D. Caputo, L. Verderame, A. Ranieri, A. Merlo and L. Caviglione. "Fine-hearing Google Home: why silence will not protect your privacy" in Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA).

L. Verderame, D. Caputo, M. Migliardi and A. Merlo. "AppIoTTE: An Architecture for the Security Assessment of Mobile-IoT Ecosystems" in Web, Artificial Intelligence and Network Applications

D. Caputo, L. Verderame, A. Merlo, A. Ranieri, L. Caviglione. "Are you (Google) Home? Detecting Users' Presence through Traffic Analysis" in Proc. of the 4th Italian Conference on Cybersecurity, Feb 4-7, 2020, Ancona, Italy.

E. Russo, L. Verderame and A. Merlo. "Towards Policy-driven Monitoring of Fog Applications", in Proc. of the 28th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2019), Capri, Italy.

L. Demetrio, G. Lagorio, M. Ribaudo, E. Russo and A. Valenza. "ZenHackAdemy: Ethical Hacking @ DIBRIS", in Proc. of the 11th International Conference on Computer Supported Education (CSEDU 2019), Heraklion, Crete - Greece.

N. Dejon, D. Caputo, L. Verderame, A. Armando and A. Merlo. "Automated Security Analysis of IoT Software Updates" in 13th WISTP International Conference on Information Security Theory and Practice (WISTP' 2019), Paris, France.[DOI:10.1007/978-3-030-41702-4_14]

M. Guerar, L. Verderame, M. Migliardi, A. Merlo. "2GesturePIN: Securing PIN-based Authenticationon Smartwatches", in Proc. of the 28th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2019), Capri, Italy. DOI:10.1109/WETICE.2019.00074

M. Guerar, L. Verderame, A. Merlo, M. Migliardi. "Blockchain-based risk mitigation for invoice financing". In Proc. of the 23rd International Database Engineering & Applications Symposium (IDEAS 2019), Athens, Greece. DOI:10.1145/3331076.3331093

E. Russo, L. Verderame, A. Merlo. "Towards Policy-driven Monitoring of Fog Applications", in Proc. of the 28th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2019), Capri, Italy. DOI:10.1109/WETICE.2019.00026

D. Caputo, L. Verderame, S. Aonzo, A. Merlo. "Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps" in Proc. of the 33rd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2019), Charleston, South Carolina, USA. DOI:10.1007/978-3-030-22479-0_7

M. Guerar, M. Migliardi, F. Palmieri, L. Verderame, A. Merlo. "Securing PIN-based authentication in smartwatches with just two gestures" Concurrency Computation (2019) DOI: 10.1002/cpe.5549

L. Verderame, I. Merelli, L. Morganti, E. Corni, D. Cesini, D. D'Agostino, A. Merlo. "A secure cloud-edges computing architecture for metagenomics analysis" Future Generation Computer Systems (2019) DOI: 10.1016/j.future.2019.09.013.

E. Russo, G. Costa, A. Armando. "Scenario Design and Validation for Next Generation Cyber Ranges", in Proc. of the 17th International Symposium on Networking Computing and Applications (NCA 2018), Cambridge, MA USA.

G. Costa, E. Russo and A. Armando. "Automating the Generation of Cyber Range Virtual Scenarios with VSDL", The Italian Conference on CyberSecurity (ITASEC 2018), Milan, Italy.

A. G. Bruzzone, R.Di Matteo, M. Massei, E.Russo, M. Cantilli, K.Sinelshchikov, G. L. Maglione. "Interoperable Simulation and Serious Games for creating an Open Cyber Range", in Proc. of 7th International Defense and Homeland Security Simulation Workshop (DHSS 2017), Barcelona, Spain.

A. Armando, G. Costa, A. Merlo, L. Verderame, K. Wrona. "Developing the NATO BYOD Security Policy", in Proc. of the 15th International Conference on Military Communications and Information Systems (ICMCIS 2016), pp. 1-6, Brussels, Belgium. DOI: 10.1109/ICMCIS.2016.7496587.

A. Merlo, L. Lorrai, L. Verderame. "Efficient Trusted Host-based Card Emulation on TEE-enabled Android Devices", in Proc. of the 11th International Conference on High Performance Computing Systems (HPCS 2016), pp. 454-459, Innsbruck, Austria. DOI: 10.1109/HPCSim.2016.7568370.

G. Costa, A. Merlo, L. Verderame, A. Armando. "Automatic Security Verification of Mobile App Configurations", Future Generation Computer Systems, Elsevier. DOI: 10.1016/j.future.2016.06.014.

A. Merlo, G. Costa, L. Verderame, A. Armando. "Android vs. SEAndroid: an Empirical Assessment", Pervasive & Mobile Computing, Vol. 30, pp. 113-131, Elsevier. DOI: 10.1016/j.pmcj.2016.01.006.

A. Armando, A. Merlo, L. Verderame. "Trusted Host-Based Card Emulation", in Proc. of the 10th International Conference on High Performance Computing Systems (HPCS 2015), IEEE. DOI: 10.1109/HPCSim.2015.7237043.

A. Armando, G. Costa, A. Merlo, L. Verderame. "Formal modeling and automatic enforcement of Bring Your Own Device policies", International Journal of Information Security, (2015) 14(2):123-140, Springer, DOI: 10.1007/s10207-014-0252-y.

A. Armando, A. Merlo, L. Verderame. "Security considerations related to the use of mobile devices in the operation of critical infrastructures", International Journal of Critical Infrastructure Protection, (2015) 7(4):247-256, Elsevier, DOI: 10.1016/j.ijcip.2014.10.002.

A. Armando, G. Costa, A. Merlo, L. Verderame. "Enabling BYOD through Secure Meta-Market", in Proc. of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2014), pp. 219-230, ACM NY, DOI: 10.1145/2627393.2627410.

A. Armando, G. Costa, A. Merlo, L. Verderame. "Securing the Bring Your Own Device Paradigm", IEEE Computer, (2014) 47(6):26-34. DOI: 10.1109/MC.2014.164.