=Paper=
{{Paper
|id=Vol-1816/paper-01
|storemode=property
|title=None
|pdfUrl=https://ceur-ws.org/Vol-1816/paper-01.pdf
|volume=Vol-1816
}}
==None==
https://ceur-ws.org/Vol-1816/paper-01.pdf
Proceedings of the
First Italian Conference on Cybersecurity
ITASEC17
Venice, Italy, 17-20 January 2017
Edited by
Alessandro Armando1, Roberto Baldoni2 and Riccardo Focardi3
1
Università di Genova and FBK, Italy
2
Università di Roma, Sapienza, Italy
3
Università Ca' Foscari, Venezia, Italy
1
�1 Preface
ITASEC17 is the first edition of the Italian Conference on Cybersecurity, a new annual event
supported by the Cybersecurity National Laboratory that aims at putting together Italian researchers
and professionals from academia, industry, and government working in the field of cybersecurity.
ITASEC17 was held on January 17-20, 2017 in Venice and featured a Stakeholder Space and a
Scientific/Technical Space, both spanning through the whole conference. The Stakeholder Space
included selected distinguished keynotes speeches, invited talks, vision speeches, panels and the
tutorial “Framework nazionale per la cybersecurity”, in Italian. The Scientific/Technical Space
included three main tracks: a Scientific Track on Cybersecurity science and technology, a Fil Rouge
Track with a sequence of multidisciplinary sessions on a specific hot topic in Cybersecurity, and a
Demo Track devoted to prototypes developed by industries, research centers, and universities. The Fil
Rouge track focused on “Fostering Security Through Web-Based Intelligence: Tools, Opportunities,
and Inherent Limitations”.
The conference solicited two kind of submissions: unpublished contributions and presentation
only ones, e.g., already published work, preliminary work and position papers. There were 87
submissions: 48 in the unpublished category and 39 in the presentation only one. Each submission
was reviewed by an average of 3 program committee members. The committee decided to accept 25
papers out of the 48 submitted for publication, which are included in this proceedings volume. The
program also featured 34 presentations not included in this volume. The peer reviewing process has
been dealt with through EasyChair.
ITASEC17 has required a huge effort by many people. We would like to thank the program
committee members and all the external reviewers, the authors of all submitted papers, the staff from
CINI for their immense effort and devotion to the conference administration and organization,
Fondazione Università Ca' Foscari for the extremely professional local organization and all the
volunteer students from Ca' Foscari University.
Finally, ITASEC17 would not have been possible without the support of our sponsors. Our
immense gratitude goes to the Platinum Sponsors: CISCO, IBM, Leonardo, Microsoft, PaloAlto
Networks, Trend Micro; the Gold Sponsors: Blu5 Labs, Business-e, Check Point, IntheCyber, RSA,
SAIV Group; and the Silver Sponsor: Var Group.
The ITASEC17 Program co-chairs,
Alessandro Armando, Roberto Baldoni and Riccardo Focardi
2
�2 Technical Program
We report below the ITASEC17 Technical Sessions grouped by conference tracks. We point out
the 25 proceeding papers in bold font. All the remaining 34 papers belong to the presentation only
category: they have been presented at the conference but are not included in this proceedings volume.
2.1 Science and Technology track
Technical Session 1.1 - Cryptography
(chair: Marco Baldi)
• Angelo Massimo Perillo, Giuseppe Persiano, Alberto Trombetta. Secure Queries on an
Encrypted Multi-Writer Table
• Saikrishna Badrinarayanan, Dakshita Khurana, Rafail Ostrovsky and Ivan
Visconti. Unconditional UC-Secure Computation with (Stronger-Malicious) PUFs
• Flaminia L. Luccio and Heider A. M. Wahsheh. Towards Cryptographically Secure QR
Codes
• Alessandro Barenghi and Gerardo Pelosi. An Enhanced Dataflow Analysis to
Automatically Tailor Side Channel Attack Countermeasures to Software Block Ciphers
• Francesco Buccafurri, Gianluca Lax, Serena Nicolazzo and Antonino Nocera. Range Query
Integrity in Cloud Data Streams with Efficient Insertion
Technical Session 1.2 - Privacy
(chair: Antonio Lioy)
• Mauro Conti, Fabio De Gaspari and Luigi V. Mancini.Anonymity in an electronic society
• Giampaolo Bella, Denis Butin and Hugo Jonker.Analysing Privacy Analyses
• Mojtaba Eskandari, Maqsood Ahmad, Anderson Santana De Oliveira and Bruno
Crispo. Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps
• Daniele Ucci, Leonardo Aniello and Roberto Baldoni.Share a pie? Privacy-Preserving
Knowledge Base Export through Count-min Sketches
• Domenico Amelino, Mario Barbareschi and Alessandro Cilardo. A proposal for the
secure activation and licensing of FPGA IP cores
Technical Session 1.3 - Internet of things
(chair: Pierpaolo Degano)
• Luigi Romano, Luigi Coppolino, Salvatore D'Antonio and Luigi Sgaglione. My Smart Home
is Under Attack
• Pericle Perazzo, Carlo Vallati, Giuseppe Anastasi and Gianluca Dini. A Security Analysis of
RPL Routing Protocol for the Internet of Things
• Chiara Bodei and Letterio Galletta. Tracking sensitive and untrustworthy data in IoT
• Vittorio Bagini, Franco Guida, Carlo Majorani, Renato Menicocci, Massimiliano Orazi and
Alessandro Riccardi. Derivation of security requirements for a smart grid Demand Response
case study
3
�Technical Session 1.4 - Authentication and security policies
(chair: Francesco Buccafurri)
• Enrico Schiavone, Andrea Ceccarelli and Andrea Bondavalli. Risk Assessment of a
Biometric Continuous Authentication Protocol for Internet Services
• Luca Ghiani, Valerio Mura, Pierluigi Tuveri and Gian Luca Marcialis. On the
interoperability of capture devices in fingerprint presentation attacks detection
• Giada Sciarretta, Alessandro Armando, Roberto Carbone and Silvio Ranise. An OAuth-
based Single Sign-On Solution for Mobile Applications
• Stefano Calzavara, Alvise Rabitti and Michele Bugliesi.Content Security Policy: A Broken
Promise?
Technical Session 2.1 - Social and economics
(chair: Giorgio Giacinto)
• Gianluigi Folino and Francesco Sergio Pisani. A Software Architecture for Classifying
Users in E-payment Systems
• Fabio Del Vigna, Andrea Cimino, Felice Dell'Orletta, Marinella Petrocchi and
Maurizio Tesconi. Hate me, hate me not: Hate speech detection on Facebook
• Stanislav Dashevskyi, Achim D. Brucker and Fabio Massacci. On the Security Cost of Using
a Free and Open Source Component in a Proprietary Product
• Vincenzo Agate, Alessandra De Paola, Giuseppe Lo Re and Marco Morana. Vulnerability
Evaluation of Distributed Reputation Management Systems
Technical Session 2.2 - Malware and Software Analysis
(chair: Stefano Calzavara)
• Davide Maiorca, Paolo Russu, Igino Corona, Battista Biggio and Giorgio
Giacinto. Detection of Malicious Scripting Code through Discriminant and Adversary-
Aware API Analysis
• Santanu Kumar Dash, Guillermo Suarez-Tangil, Salahuddin Khan, Kimberly Tam, Mansour
Ahmadi, Johannes Kinder and Lorenzo Cavallaro. DroidScribe: Classifying Android
Malware Based on Runtime Behavior
• Roberto Baldoni, Emilio Coppa, Daniele Cono D'Elia, Camil Demetrescu and Irene
Finocchi. Securing Software Applications through Symbolic Execution: an Overview
Technical Session 2.3 - Attack detection
(chair: Corrado Aaron Visaggio)
• Christian Callegari, Michele Pagano, Stefano Giordano and Fabrizio Berizzi. Entropy-based
Network Anomaly Detection
• Luca Boero, Mario Marchese and Sandro Zappatore.ADENOIDS: softwAre DEfined
NetwOrking-based Intrusion Detection System
• Marco Angelini, Silvia Bonomi, Emanuele Borzi, Antonella Del Pozzo, Simone Lenti and
Giuseppe Santucci. An On-line Multi-step Attack Detector for Complex Distributed Systems
• Ambra Demontis, Battista Biggio, Giorgio Fumera, Giorgio Giacinto and Fabio
Roli. Infinity-norm Support Vector Machines against Adversarial Label Contamination
4
�Technical Session 3.1 - Industrial Control Systems and critical infrastructures
(chair: Luigi Romano)
• Elisa Costante, Sandro Etalle, Jerry Den Hartog, Davide Fauri and Emmanuele
Zambon. Towards Practical Integrity Monitoring of Industrial Control Systems
• Giorgio Sinibaldi. PREventivE Methodology and Tools to protect utilitIEs
• Giuseppe Bernieri, Federica Pascucci and Javier Lopez. Network Anomaly Detection in
Critical Infrastructure Based on Mininet Network Simulator
• Giuseppe Giulio Rutigliano, Silvello Betti and Pierluigi Perrone. Critical Infrastructures
Protection through Physical Layer Optical Communication Security
• Andrea Bondavalli, Andrea Ceccarelli, Felicita Di Giandomenico, Fabio Martinelli, Ilaria
Matteucci, Nicola Nostro and Francesco Santini. Synthesis and Multi-Criteria Ranking of
Security Countermeasures via Threat Analysis
Technical Session 3.2 - Secure Systems and Forensics
(chair: Antonio Barili)
• Giovanni Bottazzi, Giuseppe Francesco Italiano and Giuseppe Giulio Rutigliano. An
operational framework for incident handling
• Salvatore D'Antonio, Luigi Coppolino, Luigi Romano and Mariacarla Staffa. KONFIDO
Project: a secure infrastructure increasing interoperability on a systemic level among
eHealth services across Europe
• Marc Richter and Konrad Wrona. Devil in the details: Assessing automated
confidentiality classifiers of NATO documents
• Dario Lanterna. Forensic Analysis of Deduplicated File Systems
Technical Session 3.3 - Blockchain and cryptocurrencies
(chair: Marino Miculan)
• Edoardo Gaetani, Leonardo Aniello, Roberto Baldoni, Federico Lombardi, Andrea
Margheri and Vladimiro Sassone. Blockchain-based Database to Ensure Data Integrity
in Cloud Computing Environments
• Nicola Atzei, Massimo Bartoletti and Tiziana Cimoli. A survey of attacks on Ethereum
smart contracts
• Marco Baldi, Franco Chiaraluce, Emanuele Frontoni, Giuseppe Gottardi, Daniele
Sciarroni and Luca Spalazzi. Certificate Validation through Public Ledgers and
Blockchains
• Aniket Kate, Matteo Maffei, Giulio Malavolta and Pedro Moreno-Sanchez SilentWhispers:
Enforcing Security and Privacy in Decentralized Credit Networks
5
�2.2 Fil Rouge track
Fil Rouge 1 - Cybercrime and Banking
(chairs: Marco Mayer and Gian Domenico Mosco )
Marco Mayer (Introduction)
• Andrea Monti. Rules of (digital) evidence and prosecution's actual needs. When the law
falls behind technology
• Maria Cristina Arcuri, Marina Brogi and Gino Gandolfi. How does cyber crime affect
firms? The effect of information security breaches on stock return
• Mario Dal Co. La ristrutturazione delle banche italiane e la sicurezza
Gian Domenico Mosco (Conclusion)
FilRouge 2 - Social and web intelligence
(chairs: Umberto Gori and Mario Caligiuri)
Umberto Gori (Intoduction)
• Matteo E. Bonfanti. Social Media Intelligence a Salvaguardia dell’Interesse Nazionale:
Limiti e Opportunità di una Pratica da Sviluppare
• Giampiero Bonfiglio, Ludovica Coletta, Alessandra Teresa Coscarella, Martina
Limonta and Panfilo Ventresca. La Web-based Intelligence nei modelli adattativi di
sicurezza e gli aspetti multidisciplinari di attivazione ed analisi
• Luigi Martino. La minaccia terroristica nel cyberspazio: Virtual Human Intelligence e
Sicurezza Nazionale
• Filippo Pierozzi. IL CASO HACKING TEAM: QUIS CUSTODIET IPSOS CUSTODES?
Problematiche e sfide per una più efficiente partnership tra settore privato e agenzie
d’intelligence nella cybersecurity
Mario Caligiuri (Conclusion)
2.3 Demos track
Demo Session 1.1 - Cyber Intelligence
(chair: Fabio Cocurullo)
• Maurizio Mencarini and Gianluca Sensidoni. Detecting and analysing terrorist-related
online contents and financing activities – live demo of DANTE, an EU funded research
project
• Mike Spradbery. Security Intelligence, Cognitive Insight and Incident Response – where is it
heading?
• Mauro Brignoli and Luisa Franchina. Progetto di Piattaforma di Intelligence con
strumenti OSINT e tecnologie Open Source
6
�Demo Session 2.1 - Automated Security Assessment
(chair: Giuseppe Lo Re)
• Avinash Sudhodanan, Alessandro Armando, Roberto Carbone, Luca Compagna and Adrien
Hubner. Breaking Multi-Party Web Applications with Blast
• Graham Steel. Detecting Crypto Security Flaws in Applications
• Pietro Ferrara, Elisa Burato and Fausto Spoto. Security Analysis of the OWASP
Benchmark with Julia
• Gabriele Costa, Alessandro Armando, Daniele Biondo, Gianluca Bocci, Rocco Mammoliti
and Luca Verderame.Automatic security assessment of mobile apps with MAVeriC: Tool
demonstration
Demo Session 3.1 - Protection of Critical Infrastructures
(chair: Michele Minichino)
• Armend Duzha and Monica Canepa. MITIGATE: An Innovative Cyber-Security Supply
Chain Risk Management System
• Antonella Chirichiello, Claudio Porretti and Antonio Berardi. Cyber Threat Intelligence
for Supporting the ATM Security Management
• Stefano Bistarelli and Francesco Santini. Visual Analytics for Bitcoin Transactions
7
�