Scientific/Technical Space, both spanning through the whole conference. The Stakeholder Space included selected distinguished keynotes speeches, invited talks, vision speeches, panels and the tutorial “Framework nazionale per la cybersecurity”, in Italian. The Scientific/Technical Space included three main tracks: a Scientific Track on Cybersecurity science and technology, a Fil Rouge Track with a sequence of multidisciplinary sessions on a specific hot topic in Cybersecurity, and a Demo Track devoted to prototypes developed by industries, research centers, and universities. The Fil Rouge track focused on “Fostering Security Through Web-Based Intelligence: Tools, Opportunities, and Inherent Limitations”.
The conference solicited two kind of submissions: unpublished contributions and presentation only ones, e.g., already published work, preliminary work and position papers. There were 87 submissions: 48 in the unpublished category and 39 in the presentation only one. Each submission was reviewed by an average of 3 program committee members. The committee decided to accept 25 papers out of the 48 submitted for publication, which are included in this proceedings volume. The program also featured 34 presentations not included in this volume. The peer reviewing process has been dealt with through EasyChair.
committee members and all the external reviewers, the authors of all submitted papers, the staff from CINI for their immense effort and devotion to the conference administration and organization, Fondazione Università Ca' Foscari for the extremely professional local organization and all the volunteer students from Ca' Foscari University.
immense gratitude goes to the Platinum Sponsors: CISCO, IBM, Leonardo, Microsoft, PaloAlto Networks, Trend Micro; the Gold Sponsors: Blu5 Labs, Business-e, Check Point, IntheCyber, RSA,
Technical Program
the 25 proceeding papers in bold font. All the remaining 34 papers belong to the presentation only category: they have been presented at the conference but are not included in this proceedings volume. 2.1
(chair: Marco Baldi) • Angelo Massimo Perillo, Giuseppe Persiano, Alberto Trombetta. Secure Queries on an
Encrypted Multi-Writer Table • Saikrishna Badrinarayanan, Dakshita Khurana, Rafail Ostrovsky and Ivan
Visconti. Unconditional UC-Secure Computation with (Stronger-Malicious) PUFs • Flaminia L. Luccio and Heider A. M. Wahsheh. Towards Cryptographically Secure QR
Codes • Alessandro Barenghi and Gerardo Pelosi. An Enhanced Dataflow Analysis to
Automatically Tailor Side Channel Attack Countermeasures to Software Block Ciphers • Francesco Buccafurri, Gianluca Lax, Serena Nicolazzo and Antonino Nocera. Range Query
Integrity in Cloud Data Streams with Efficient Insertion
(chair: Antonio Lioy) • Mauro Conti, Fabio De Gaspari and Luigi V. Mancini.Anonymity in an electronic society • Giampaolo Bella, Denis Butin and Hugo Jonker.Analysing Privacy Analyses • Mojtaba Eskandari, Maqsood Ahmad, Anderson Santana De Oliveira and Bruno
Crispo. Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps • Daniele Ucci, Leonardo Aniello and Roberto Baldoni.Share a pie? Privacy-Preserving
Knowledge Base Export through Count-min Sketches • Domenico Amelino, Mario Barbareschi and Alessandro Cilardo. A proposal for the secure activation and licensing of FPGA IP cores
(chair: Pierpaolo Degano) • Luigi Romano, Luigi Coppolino, Salvatore D'Antonio and Luigi Sgaglione. My Smart Home is Under Attack • Pericle Perazzo, Carlo Vallati, Giuseppe Anastasi and Gianluca Dini. A Security Analysis of
RPL Routing Protocol for the Internet of Things • Chiara Bodei and Letterio Galletta. Tracking sensitive and untrustworthy data in IoT • Vittorio Bagini, Franco Guida, Carlo Majorani, Renato Menicocci, Massimiliano Orazi and Alessandro Riccardi. Derivation of security requirements for a smart grid Demand Response case study
(chair: Francesco Buccafurri) • Enrico Schiavone, Andrea Ceccarelli and Andrea Bondavalli. Risk Assessment of a
Biometric Continuous Authentication Protocol for Internet Services • Luca Ghiani, Valerio Mura, Pierluigi Tuveri and Gian Luca Marcialis. On the interoperability of capture devices in fingerprint presentation attacks detection • Giada Sciarretta, Alessandro Armando, Roberto Carbone and Silvio Ranise. An OAuthbased Single Sign-On Solution for Mobile Applications • Stefano Calzavara, Alvise Rabitti and Michele Bugliesi.Content Security Policy: A Broken
Promise?
(chair: Giorgio Giacinto) • Gianluigi Folino and Francesco Sergio Pisani. A Software Architecture for Classifying
Users in E-payment Systems • Fabio Del Vigna, Andrea Cimino, Felice Dell'Orletta, Marinella Petrocchi and
Maurizio Tesconi. Hate me, hate me not: Hate speech detection on Facebook • Stanislav Dashevskyi, Achim D. Brucker and Fabio Massacci. On the Security Cost of Using a Free and Open Source Component in a Proprietary Product • Vincenzo Agate, Alessandra De Paola, Giuseppe Lo Re and Marco Morana. Vulnerability
Evaluation of Distributed Reputation Management Systems
(chair: Stefano Calzavara) • Davide Maiorca, Paolo Russu, Igino Corona, Battista Biggio and Giorgio Giacinto. Detection of Malicious Scripting Code through Discriminant and AdversaryAware API Analysis • Santanu Kumar Dash, Guillermo Suarez-Tangil, Salahuddin Khan, Kimberly Tam, Mansour
Malware Based on Runtime Behavior • Roberto Baldoni, Emilio Coppa, Daniele Cono D'Elia, Camil Demetrescu and Irene
Finocchi. Securing Software Applications through Symbolic Execution: an Overview
(chair: Corrado Aaron Visaggio) • Christian Callegari, Michele Pagano, Stefano Giordano and Fabrizio Berizzi. Entropy-based
Network Anomaly Detection • Luca Boero, Mario Marchese and Sandro Zappatore.ADENOIDS: softwAre DEfined
NetwOrking-based Intrusion Detection System • Marco Angelini, Silvia Bonomi, Emanuele Borzi, Antonella Del Pozzo, Simone Lenti and
Giuseppe Santucci. An On-line Multi-step Attack Detector for Complex Distributed Systems • Ambra Demontis, Battista Biggio, Giorgio Fumera, Giorgio Giacinto and Fabio Roli. Infinity-norm Support Vector Machines against Adversarial Label Contamination
(chair: Luigi Romano) • Elisa Costante, Sandro Etalle, Jerry Den Hartog, Davide Fauri and Emmanuele
Zambon. Towards Practical Integrity Monitoring of Industrial Control Systems • Giorgio Sinibaldi. PREventivE Methodology and Tools to protect utilitIEs • Giuseppe Bernieri, Federica Pascucci and Javier Lopez. Network Anomaly Detection in
Critical Infrastructure Based on Mininet Network Simulator • Giuseppe Giulio Rutigliano, Silvello Betti and Pierluigi Perrone. Critical Infrastructures
Protection through Physical Layer Optical Communication Security • Andrea Bondavalli, Andrea Ceccarelli, Felicita Di Giandomenico, Fabio Martinelli, Ilaria
Security Countermeasures via Threat Analysis
(chair: Antonio Barili) • Giovanni Bottazzi, Giuseppe Francesco Italiano and Giuseppe Giulio Rutigliano. An operational framework for incident handling • Salvatore D'Antonio, Luigi Coppolino, Luigi Romano and Mariacarla Staffa. KONFIDO Project: a secure infrastructure increasing interoperability on a systemic level among eHealth services across Europe • Marc Richter and Konrad Wrona. Devil in the details: Assessing automated confidentiality classifiers of NATO documents • Dario Lanterna. Forensic Analysis of Deduplicated File Systems
(chair: Marino Miculan) • Edoardo Gaetani, Leonardo Aniello, Roberto Baldoni, Federico Lombardi, Andrea Margheri and Vladimiro Sassone. Blockchain-based Database to Ensure Data Integrity in Cloud Computing Environments • Nicola Atzei, Massimo Bartoletti and Tiziana Cimoli. A survey of attacks on Ethereum smart contracts • Marco Baldi, Franco Chiaraluce, Emanuele Frontoni, Giuseppe Gottardi, Daniele Sciarroni and Luca Spalazzi. Certificate Validation through Public Ledgers and Blockchains • Aniket Kate, Matteo Maffei, Giulio Malavolta and Pedro Moreno-Sanchez SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks 2.2
(chairs: Marco Mayer and Gian Domenico Mosco )
• Andrea Monti. Rules of (digital) evidence and prosecution's actual needs. When the law falls behind technology • Maria Cristina Arcuri, Marina Brogi and Gino Gandolfi. How does cyber crime affect firms? The effect of information security breaches on stock return • Mario Dal Co. La ristrutturazione delle banche italiane e la sicurezza
(chairs: Umberto Gori and Mario Caligiuri)
• Matteo E. Bonfanti. Social Media Intelligence a Salvaguardia dell’Interesse Nazionale:
Limiti e Opportunità di una Pratica da Sviluppare • Giampiero Bonfiglio, Ludovica Coletta, Alessandra Teresa Coscarella, Martina Limonta and Panfilo Ventresca. La Web-based Intelligence nei modelli adattativi di sicurezza e gli aspetti multidisciplinari di attivazione ed analisi • Luigi Martino. La minaccia terroristica nel cyberspazio: Virtual Human Intelligence e
Sicurezza Nazionale • Filippo Pierozzi. IL CASO HACKING TEAM: QUIS CUSTODIET IPSOS CUSTODES? Problematiche e sfide per una più efficiente partnership tra settore privato e agenzie d’intelligence nella cybersecurity
2.3
Demo Session 1.1 - Cyber Intelligence (chair: Fabio Cocurullo) • Maurizio Mencarini and Gianluca Sensidoni. Detecting and analysing terrorist-related online contents and financing activities – live demo of DANTE, an EU funded research project • Mike Spradbery. Security Intelligence, Cognitive Insight and Incident Response – where is it heading? • Mauro Brignoli and Luisa Franchina. Progetto di Piattaforma di Intelligence con strumenti OSINT e tecnologie Open Source