=Paper=
{{Paper
|id=Vol-2058/paper-01
|storemode=property
|title=None
|pdfUrl=https://ceur-ws.org/Vol-2058/paper-01.pdf
|volume=Vol-2058
}}
==None==
https://ceur-ws.org/Vol-2058/paper-01.pdf
Proceedings of the
Second Italian Conference on Cybersecurity
ITASEC18
Milan, 6-9 February 2018
Edited by
Elena Ferrari1 , Marco Baldi2 and Roberto Baldoni3
1
Università degli Studi dell’Insubria, Varese, Italy
2
Università Politecnica delle Marche, Ancona, Italy
3
già Sapienza Università di Roma, Roma, Italy
�ITASEC18 Preface E. Ferrari, M. Baldi and R.Baldoni
Preface
ITASEC18 is the second edition of the Italian Conference on Cybersecurity, an annual event
started in 2017 under the support of the CINI Cybersecurity National Laboratory with the aim
of fostering networking of cybersecurity researchers and professionals coming from universities,
companies, and government institutions.
ITASEC18 was held on February 6-9, 2018 in Milan and was structured into a main cyber
security science and technology track devoted to contributed talks, a “fil rouge” track including
a sequence of multidisciplinary sessions on specific hot topics in cyber security, and a demo track
devoted to prototypes developed by companies, research centers and universities. Besides the
scientific/technical space organized in these three tracks, a stakeholder space has been devoted
to selected distinguished keynotes speeches, invited talks, vision speeches and panels.
ITASEC18 has featured the presentation of the white book “The Future of the Cyberse-
curity in Italy”, 5 keynote speeches given by top level speakers from public institutions and
companies, 10 scientific sessions, a special session on post-quantum cryptography organized by
De Componendis Cifris, a special community session, 7 panels and 9 scientific tutorials.
The conference solicited two types of submissions: unpublished contributions to be included
in the conference proceedings and presentation-only contributions of already published works,
preliminary works and position papers. There were 57 submissions: 19 in the unpublished
category and 38 in the presentation-only one. Each submission was reviewed by an average
of 3 program committee members. The committee decided to accept 15 papers out of the 19
submitted in the unpublished category, which are included in this proceedings volume. Other
36 works from the presentation-only category have been accepted, and have been presented at
the conference without being included in this volume. The peer reviewing process has been
dealt with through EasyChair.
ITASEC18 has required a huge effort by many people. We would like to thank the program
committee members and all the external reviewers, the authors of all submitted papers, the
staff from CINI for their immense effort and devotion to the conference administration and
organization, Politecnico di Milano for its great support and the extremely professional local
organization, and all the volunteer students. We would also thank all the chairs: Stefano Zanero
(general co-chair), Sara Foresti (tutorial chair), Alvise Biffi and Gabriele Costa (start-up co-
chairs), Yvette Agostini and Riccardo Focardi (community session co-chairs), Pietro Colombo
(proceedings chair), and all the members of the organizing committee: Giuseppe Air Farulla,
Andrea Brancaleoni, Gabriella Caramagno, Luana Colia, Angela Miola, and Paolo Prinetto.
Finally, ITASEC18 would not have been possible without the support of our sponsors. Our
immense gratitude goes to Platinum Sponsors: CISCO, EY, HP, IBM, Leonardo, Samsung;
Gold Sponsors: Axians, B5, Check Point, Fortinet, Kaspersky Lab, Microsoft, PaloAlto Net-
works, PWC, Var Group; and the Silver Sponsor: BV Tech, Mediaservice.net, and Prisma.
ITASEC18 program co-chairs
Elena Ferrari, Marco Baldi and Roberto Baldoni
2
�ITASEC18 Preface E. Ferrari, M. Baldi and R.Baldoni
Technical Program
We report below the ITASEC18 Technical Sessions grouped by conference tracks. We point
out the 15 proceeding papers in bold font. All the remaining 36 papers belong to the presen-
tation only category: they have been presented at the conference but are not included in this
proceedings volume.
Science and Technology track
Web and Network Security
• Riccardo Focardi, Francesco Palmarini, Marco Squarcina, Mauro Tempesta and Graham Steel.
Mind Your Keys? A Security Evaluation of Java Keystore.
• Stefano Calzavara, Alvise Rabitti and Michele Bugliesi.
Dr Cookie and Mr Token - Web Session Implementations and How to Live with Them.
• Ivan Letteri, Massimo Del Rosso, Pasquale Caianiello and Dajana Cassioli.
Performance of Botnet Detection by Neural Networks in Software-Defined Networks.
• Andrea Bernardini.
Extending Domain Name Monitoring. Identifying Potential Malicious Domains Using
Hash Signatures of DOM Elements.
E-banking and E-voting
• Michele Carminati, Luca Valentini and Stefano Zanero.
A Supervised Auto-Tuning Approach for a Banking Fraud Detection System.
• Federico Sinigaglia, Roberto Carbone and Gabriele Costa.
Strong Authentication for e-Banking: A Survey on European Regulations and Implementations.
• Vincenzo Iovino and Ivan Visconti.
On the (In)Security of Italian University Elections.
Access Control and Information Flow
• Cinzia Bernardeschi, Paolo Masci and Antonella Santone.
Data Leakage in Java Applets with Exception Mechanism.
• Andrea Margheri, Rosario Pugliese and Francesco Tiezzi.
FACPL: A Rigorous Framework for Specification, Analysis and Enforcement of Access Control
Policies.
• Selvakumar Ramachandran, Andrea Dimitri, Maulahikmah Galinium, Muhammad Tahir, Indi-
rajith Viji Ananth, Christian H. Schunck and Maurizio Talamo.
Understanding and Granting Android Permissions: A User Survey.
Blockchain
• Nicola Atzei, Massimo Bartoletti, Stefano Lande and Roberto Zunino.
A Formal Model of Bitcoin Transactions.
• Stefano De Angelis, Leonardo Aniello, Roberto Baldoni, Federico Lombardi, Andrea
Margheri and Vladimiro Sassone.
PBFT Vs Proof-Of-Authority: Applying the CAP Theorem to Permissioned Blockchain
• Stefano Bistarelli, Francesco Santini, Marco Mantilacci and Paolo Santancini.
An End-To-End Voting-System Based on Bitcoin.
3
�ITASEC18 Preface E. Ferrari, M. Baldi and R.Baldoni
Security and Risk Analisys
• Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea Maria Zanchettin and
Stefano Zanero.
An Experimental Security Analysis of an Industrial Robot Controller.
• Andrea Tundis, Alfredo Garro, Teresa Gallo, Domenico Sacc, Simona Citrigno, Sabrina Graziano
and Max Mühlhäuser.
Risk Modeling and Evaluation through Simulation and Bayesian Networks.
• Pericle Perazzo, Carlo Vallati, Antonio Arena, Giuseppe Anastasi and Gianluca Dini.
An Implementation and Evaluation of the Security Features of RPL.
• Giancarlo Pellegrino.
Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs.
Malware
• Roberto Baldoni, Emilio Coppa, Daniele Cono D’Elia and Camil Demetrescu.
Assisting Malware Analysis with Symbolic Execution: A Case Study.
• Roberto Jordaney, Kumar Sharad and Lorenzo Cavallaro.
Transcend: Detecting Concept Drift in Malware Classification Models.
• Giuseppe Laurenza, Leonardo Aniello, Riccardo Lazzeretti and Roberto Baldoni.
Malware Triage based on Static Features and Public APT Reports.
• Alessandra De Paola, Salvatore Favaloro, Salvatore Gaglio, Giuseppe Lo Re and
Marco Morana.
Malware Detection through Low-Level Features and Stacked Denoising Autoencoders.
Privacy and Social Media
• Michelangelo Puliga, Guido Caldarelli, Alessandro Chessa and Rocco De Nicola.
Understanding the Twitter User Networks of Viruses and Ransomware Attacks.
• Francesco Buccafurri, Denis Migdal, Gianluca Lax, Serena Nicolazzo, Antonino Nocera and
Rosenberger Christophe.
Contrasting False Identities in Social Networks by Trust Chains and Biometric Reinforcement.
• Stefano Cresci, Roberto Di Pietro, Marinella Petrocchi, Angelo Spognardi and Maurizio Tesconi.
DNA Fingerprinting: A Nature-Inspired Technique for Spambot Detection.
• Pietro Ferrara and Fausto Spoto.
Static Analysis for GDPR Compliance.
Attack Prevention
• Ruggero Lanotte, Massimo Merro, Riccardo Muradore and Luca Vigan.
A Formal Approach to Cyber-Physical Attacks.
• Giovanni Bottazzi, Giuseppe F. Italiano and Domenico Spera.
Preventing Ransomware Attacks Through File System Filter Drivers.
• Domenico Cotroneo, Andrea Paudice and Antonio Pecchia.
Empirical Analysis and Validation of Security Alerts Filtering Techniques.
• Christian Callegari and Michele Pagano.
A Novel Bivariate Entropy-based Network Anomaly Detection System.
4
�ITASEC18 Preface E. Ferrari, M. Baldi and R.Baldoni
Mobile Security
• Ambra Demontis, Marco Melis, Battista Biggio, Davide Maiorca, Igino Corona, Fabio Roli and
Giorgio Giacinto.
Securing Machine Learning for Android Malware Detection.
• Luca Massarelli, Leonardo Aniello, Claudio Ciccotelli, Leonardo Querzoni, Daniele Ucci and
Roberto Baldoni.
Android Malware Family Classification Based on Resource Consumption over Time.
• Corrado Aaron Visaggio and Gerardo Canfora.
DoApp: A Generation-Based Intent Fuzzer for Testing Android Components.
• Valerio Costamagna, Bruno Crispo, Francesco Bergadano and Giovanni Russello.
Black-Box App Sandboxing for Stock Android.
Secure Systems
• Raffaele Bolla, Paolo Maria Comi and Matteo Repetto.
A Distributed Cyber-Security Framework for Heterogeneous Environments.
• Gabriele Costa, Enrico Russo and Alessandro Armando.
Automating the Generation of Cyber Range Virtual Scenarios With VSDL.
• Luigi Coppolino, Salvatore D’Antonio, Giovanni Mazzeo, Gaetano Papale, Luigi Romano and
Luigi Sgaglione.
Secure Big Data Processing in Untrusted Clouds: The SecureCloud Project.
• Simone Soderi, Lorenzo Mucchi, Matti Hmlinen, Alessandro Piva and Jari Iinatti.
Physical layer security based on spread-spectrum watermarking and jamming receiver.
Fil Rouge track
• Claudia Biancotti.
Cyber Attacks: Preliminary Evidence from the Bank of Italy’s Business Surveys.
• Francesco Di Nocera and Tiziana Catarci.
Human Factors in Cybersecurity.
• Matteo E. Bonfanti.
Another INT on the Horizon? Cyber-Intelligence is the New Black.
Demo track
• Marco Angelini, Simone Lenti and Giuseppe Santucci.
Visual Exploration and Analysis of the Italian Cybersecurity Framework.
• Luca Nicoletti, Andrea Margheri, Federico Lombardi, Vladimiro Sassone and
Francesco Paolo Schiavo.
Cross-Cloud Management of Sensitive Data via Blockchain: a Payslip Calculation
Use Case.
• Stefano Bistarelli, Matteo Parroccini and Francesco Santini.
Visualizing Bitcoin Flows of Ransomware: WannaCry One Week Later.
• Alfonso Solimeo, Luca Capacci, Stefano Taino and Rebecca Montanari.
MAD-IOS: dynamic app vulnerability analysis in non-jailbroken devices.
• Moreno Ambrosin, Mauro Conti, Riccardo Lazzeretti, Md Masoom Rabbani and Silvio Ranise.
Towards Secure and Efficient Attestation for highly Dynamic Swarms.
5
�ITASEC18 Preface E. Ferrari, M. Baldi and R.Baldoni
• Luca Deri and Arianna Del Soldato.
Enforcing Security in IoT and Home Networks.
• Chiara Bodei, Pierpaolo Degano, Riccardo Focardi, Letterio Galletta, Mauro Tem-
pesta and Lorenzo Veronese.
Firewall Management With FireWall Synthesizer.
Community track
• Gianpiero Costantino, Antonio La Marra, Fabio Martinelli and Ilaria Matteucci.
A Social Engineering Attack to Leak Private Information from Android In-Vehicle Infotainment
Systems
• Roberto Clapis and Stefano Zanero.
Night of the living vulnerabilities: forever-days of IoT
• Riccardo Focardi, Riccardo Francescato and Francesco Palmarini.
Find a Pin in the Haystack: Efficient Black-box JTAG Discovery
• Lorenzo Nicolodi and Francesco Perna.
Network hacks for smart attacks
6
�