workshop

Leveraging Flawed Tutorials for Seeding Large-Scale Web Vulnerability Discovery

The Web is replete with tutorial-style content on how to accomplish programming tasks. Unfortunately, even top-ranked tutorials suffer from severe security vulnerabilities, such as cross-site scripting (XSS), and SQL injection (SQLi). Assuming that …

Static Exploration of Taint-Style Vulnerabilities Found by Fuzzing

Taint-style vulnerabilities comprise a majority of fuzzer discovered program faults. These vulnerabilities usually manifest as memory access violations caused by tainted program input. Although fuzzers have helped uncover a majority of taint-style …

Security and Privacy Measurements on Social Networks: Experiences and Lessons Learned

We describe our experience gained while exploring practical security and privacy problems in a real-world, large- scale social network (i.e., Facebook), and summarize our conclusions in a series of "lessons learned". We first conclude that it is …

AndroTotal: A Flexible, Scalable Toolbox and Service for Testing Mobile Malware Detectors

Although there are controversial opinions regarding how large the mobile malware phenomenon is in terms of absolute numbers, hype aside, the amount of new Android malware variants is increasing. This trend is mainly due to the fact that, as it …

System Security research at Politecnico di Milano

This paper summarizes the past, present and future lines of research in the systems security area pursued by the Performance Evaluation Lab of Politecnico di Milano. We describe our past research in the area of learning algorithms applied to …

A social-engineering-centric data collection initiative to study phishing

Phishers nowadays rely on a variety of channels, ranging from old-fashioned emails to instant messages, social networks, and the phone system (with both calls and text messages), with the goal of reaching more victims. As a consequence, modern …