=Paper=
{{Paper
|id=Vol-2597/xpreface
|storemode=property
|title=None
|pdfUrl=https://ceur-ws.org/Vol-2597/xpreface.pdf
|volume=Vol-2597
}}
==None==
https://ceur-ws.org/Vol-2597/xpreface.pdf
Proceedings of the
Fourth Italian Conference on Cybersecurity
— Scientific and Technical Track —
ITASEC20
Ancona, 4–7 February, 2020
Edited by
Michele Loreti1 and Luca Spalazzi2
1
Università di Camerino, Camerino, Italy
2
Università Politecnica delle Marche, Ancona, Italy
�Preface
ITASEC20 is the fourth edition of the Italian Conference on Cybersecurity,
an annual event started in 2017 under the support of the CINI Cybersecu-
rity National Laboratory with the aim of fostering networking of cybersecurity
researchers and professionals coming from universities, companies, and govern-
ment institutions. ITASEC20 was held on February 4-7, 2020 in Ancona and
was structured into a main cybersecurity science and technology track devoted
to contributed talks; a demo track devoted to prototypes developed by compa-
nies, research centers and universities; tutorials of interest for the cybersecurity
community at large; workshops providing a forum for interactively exchanging
opinions, presenting ideas, and discussing preliminary results; and special ses-
sions where domestic cybersecurity startups presented their ongoing activities.
The conference solicited two types of submissions: unpublished contributions
to be included in the conference proceedings and presentation-only contributions
of already published work, preliminary work and position papers. There were 82
submissions from 14 countries around the world. Among these there were 54 in
the unpublished category and 28 in the presentation-only one. Each submission
was reviewed by at least 3 programme committee members, with the exception
of eight with two reviews, only.
The committee decided to accept 22 papers out of the 54 submitted in the
unpublished category, which are included in this proceedings volume. The peer
reviewing process has been dealt with through EasyChair. We would like to
thank the programme committee members and all the external reviewers, as
well as the authors of all submitted papers.
The programme of the technical science and technology track included this
year three invited talks by Prof. Martin Abadi, Google Research, Luca Viganò,
King’s College London, and Prof. Michele Mosca, Università di Waterloo, three
leading scientists in the wide area of software security, whom we warmly thank.
We would like to thank all the people involved in the organization of ITASEC20
and its tracks, in particular Paolo Prinetto, Executive Director of the CINI Cy-
bersecurity National Laboratory, the General Chairs of the entire conference,
Marco Baldi and Francesco Tiezzi.
April 22, 2020 Michele Loreti
Luca Spalazzi
i
�Table of Contents
Secure e-Voting in Smart Communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Vincenzo Agate, Marco Curaba, Pierluca Ferraro, Giuseppe Lo Re and
Marco Morana
EVA: A Hybrid Cyber Range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Shabeer Ahmad, Nicolò Maunero and Paolo Prinetto
Modeling and Verification of the Worth-One-Minute Security Protocols . . 24
Alessandro Aldini, Alessandro Bogliolo, Saverio Delpriori, Lorenz Cuno
Klopfenstein and Giorgia Remedi
An Unsupervised Behavioral Analysis of Highway Traffic Flow for
Security Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Fabrizio Balducci, Gabriella Calvano, Donato Impedovo and Giuseppe
Pirlo
How many bots are you following? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Alessandro Balestrucci
A Report on the Security of Home Connections with IoT and Docker
Honeypots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Stefano Bistarelli, Emanuele Bosimini and Francesco Santini
Enhancing user awareness during internet browsing . . . . . . . . . . . . . . . . . . . . 70
Bernardo Breve, Loredana Caruccio, Stefano Cirillo, Domenico Desi-
ato, Vincenzo Deufemia and Giuseppe Polese
Control-flow Flattening Preserves the Constant-Time Policy . . . . . . . . . . . . 81
Matteo Busi, Pierpaolo Degano and Letterio Galletta
A Hard Lesson: Assessing the HTTPS Deployment of Italian University
Websites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Stefano Calzavara, Riccardo Focardi, Alvise Rabitti and Lorenzo Soligo
Are you (Google) Home? Detecting Users’ Presence through Traffic
Analysis of Smart Speakers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Davide Caputo, Luca Verderame, Alessio Merlo, Andrea Ranieri and
Luca Caviglione
MuAC: Access Control Language for Mutual Benefits . . . . . . . . . . . . . . . . . . 118
Lorenzo Ceragioli, Pierpaolo Degano and Letterio Galletta
A Life Cycle for Authorization Systems Development in the GDPR
Perspective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Said Daoudagh and Eda Marchetti
ii
�A Hardware Implementation for Code-based Post-quantum Asymmetric
Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Kristjane Koleci, Marco Baldi, Maurizio Martina and Guido Masera
MTA-KDD’19: A Dataset for Malware Traffic Detection . . . . . . . . . . . . . . . 151
Ivan Letteri, Giuseppe Della Penna, Luca Di Vita and Maria Teresa
Grifa
The mind is like a parachute, it only functions when open. National
Security: the importance of the human being that works behind the
machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Sabrina Magris, Claudio Masci and Luciano Piacentini
Hardware Security, Vulnerabilities, and Attacks: A Comprehensive
Taxonomy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Paolo Prinetto and Gianluca Roascio
Systematic IoT Penetration Testing: Alexa Case Study . . . . . . . . . . . . . . . . 188
Massimiliano Rak, Giovanni Salzillo and Claudia Romeo
A novel cyber-security framework leveraging programmable capabilities
in digital services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Matteo Repetto, Alessandro Carrega and Armend Duzha
A Deep Learning Approach for Detecting Security Attacks on Blockchain 210
Francesco Scicchitano, Angelica Liguori, Massimo Guarascio, Ettore
Ritacco and Giuseppe Manco
Evaluating ambiguity of privacy indicators in a secure email app . . . . . . . . 221
Borce Stojkovski and Gabriele Lenzini
A game-based learning experience for improving cybersecurity awareness . 233
Silvestro Veneruso, Lauren S. Ferro, Andrea Marrella, Massimo Me-
cella and Tiziana Catarci
Repadiography: towards a visual support for triaging repackaged apps . . . 241
Corrado Aaron Visaggio, Sonia Laudanna, Andrea Di Sorbo, Gerardo
Canfora, Sara Caruso and Marianna Fucci
iii
�Program Committee
Giovanni Agosta Politecnico di Milano
Maurizio Aiello CNR IEIIT
Alessandro Aldini University of Urbino ”Carlo Bo”
Marco Angelini Sapienza University of Rome
Alessandro Armando University of Genova & Fondazione Bruno Kessler
Marco Baldi Università Politecnica delle Marche
Massimo Bartoletti Dipartimento di Matematica e Informatica, Univer-
sità degli Studi di Cagliari
Giampaolo Bella Università di Catania
Davide Berardi University of Bologna
Francesco Bergadano Università degli studi di Torino
Stefano Bistarelli Università di Perugia
Nicola Blefari Melazzi University of Rome, Tor Vergata
Andrea Bondavalli University of Florence
Daniele Bringhenti Politecnico di Torino
Francesco Buccafurri Università Mediterranea di Reggio Calabria
Matteo Busi Dipartimento di Informatica - Università di Pisa
Giulio Busulini Independent Senior Advisor
Michele Carminati Politecnico di Milano
Dajana Cassioli University of L’Aquila - DISIM
Luca Caviglione National Research Council of Italy (CNR)
Mariano Ceccato University of Verona
Michele Colajanni University of Modena
Riccardo Colelli Università Roma Tre
Maria Francesca Costabile Dipartimento di Informatica - University of Bari
Domenico Cotroneo University of Naples Federico II
Mila Dalla Preda University of Verona
Said Daoudagh University of Pisa and ISTI-CNR
Franco Davoli DIST-University of Genoa
Rocco De Nicola IMT - School for Advanced Studies Lucca
Pierpaolo Degano Dipartimento di Informatica - Università di Pisa
Felicita Di Giandomenico ISTI-CNR
Gianluca Dini University of Pisa
Luca Durante CNR-IEIIT
Elena Ferrari University of Insubria
Riccardo Focardi Università Ca’ Foscari, Venezia
Emanuele Frontoni Università Politecnica delle Marche
Giorgio Giacinto University of Cagliari
Franco Guida Fondazione Ugo Bordoni (FUB)
Andrea Gussoni Politecnico di Milano
Donato Iacobucci Università Politecnica delle Marche
Antonio Lioy Politecnico di Torino
Giuseppe Lo Re University of Palermo
iv
�Michele Loreti University of Camerino
Giuseppe Manco ICAR-CNR
Niccolò Marastoni University of Verona
Fabio Martinelli IIT-CNR
Luigi Martino Scuola Superiore Sant’Anna
Fabio Massacci University of Trento
Isabella Mastroeni Università di Verona - Dipartimento di Informatica
Marino Miculan DMIF, University of Udine
Paolo Mori IIT-CNR
Antonino Nocera University of Pavia
Francesco Palmieri University of Salerno, Italy
Stefano Panzieri Engineering Department - Roma TRE University
Francesco Parisi-Presicce Sapienza University of Rome
Andrea Polini University of Camerino
Paolo Prinetto Politecnico di Torino
Rosario Pugliese Dipartimento di Statistica, Informatica, Appli-
cazioni - Università degli Studi di Firenze
Silvio Ranise FBK-Irst
Luigi Romano University of Naples ”Parthenope”
Domenico Saccà University of Calabria
Martina Saletta Dipartimento di Informatica, Sistemistica e Comu-
nicazione (DISCo) - Università degli Studi di Milano
- Bicocca
Roberto Setola Università Campus Biomedico
Chinmay Siwach IMT School for Advanced Studies Lucca
Luca Spalazzi Università Politecnica delle Marche
Francesco Spegni Università Politecnica delle Marche
Maurizio Talamo Fondazione Inuit, University of Rome Tor Vergata
Francesco Tiezzi University of Camerino
Ivan Vaccari CNR
Corrado Aaron Visaggio University of Sannio
Roberto Zunino University of Trento
v
�Additional Reviewers
A
Agate, Vincenzo
Ardito, Carmelo
Arena, Antonio
B
Bagini, Vittorio
Basile, Davide
Bella, Giampaolo
Bernardinetti, Giorgio
Bianchi, Giuseppe
Biondi, Pietro
Bisegna, Andrea
Bodei, Chiara
Bracciale, Lorenzo
Busi, Matteo
C
Cambiaso, Enrico
Ceragioli, Lorenzo
Cheminod, Manuel
Concone, Federico
Coppolino, Luigi
Costa, Gabriele
D
D’Antonio, Salvatore
Dashti, Salimeh
De Benedictis, Alessandra
De Paola, Alessandra
Desolda, Giuseppe
E
Esposito, Sergio
F
Faloci, Francesco
Ferraro, Pierluca
Formicola, Valerio
Furfaro, Angelo
G
Galletta, Letterio
Gigante, Nicola
Giorgi, Giacomo
Guarascio, Massimo
Gunetti, Daniele
vi
�I
Iadarola, Giacomo
Ianni, Michele
L
Lax, Gianluca
Lupia, Francesco
M
Majorani, Carlo
Manfredi, Salvatore
Martinel, Niki
Mazzeo, Giovanni
Menicocci, Renato
Mercaldo, Francesco
Mercanti, Ivan
Merlo, Alessio
Micale, Davide
Morana, Marco
Morelli, Umberto
Murgia, Maurizio
Musarella, Lorenzo
N
Nardone, Roberto
Nicolazzo, Serena
O
Orazi, Massimiliano
P
Palmieri, Maurizio
Petrocchi, Marinella
Piciarelli, Claudio
Pisani, Francesco S.
R
Repetto, Matteo
Rinaldo, Giancarlo
Ritacco, Ettore
Rullo, Antonino
Russo, Enrico
S
Sanchez, Odnan Ref
Santini, Francesco
Saracco, Fabio
Scagnetto, Ivan
Scicchitano, Francesco
Seno, Lucia
Sereno, Matteo
vii
�V
Vaccari, Ivan
Valenza, Fulvio
Varano, Dario
viii
�