Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleSeptember 2024
Hidden Web Caches Discovery
RAID '24: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and DefensesPages 65–76https://doi.org/10.1145/3678890.3678931Web caches play a crucial role in web performance and scalability. However, detecting cached responses is challenging when web servers do not reliably communicate the cache status through standardized headers. This paper presents a novel methodology for ...
- research-articleAugust 2024
- short-paperJune 2024
Obligation Management Framework for Usage Control
SACMAT 2024: Proceedings of the 29th ACM Symposium on Access Control Models and TechnologiesPages 149–157https://doi.org/10.1145/3649158.3657048Obligations were introduced in access and usage control as a mechanism to specify mandatory actions to be fulfilled as part of authorization. In this paper, we address challenges related to obligation management in access and usage control, focusing on ...
OAuth 2.0 Redirect URI Validation Falls Short, Literally
ACSAC '23: Proceedings of the 39th Annual Computer Security Applications ConferencePages 256–267https://doi.org/10.1145/3627106.3627140OAuth 2.0 requires a complex redirection trail between websites and Identity Providers (IdPs). In particular, the "redirect URI" parameter included in the popular Authorization Grant Code flow governs the callback endpoint that users are routed to, ...
- ArticleMarch 2024
The Nonce-nce of Web Security: An Investigation of CSP Nonces Reuse
Computer Security. ESORICS 2023 International WorkshopsPages 459–475https://doi.org/10.1007/978-3-031-54129-2_27AbstractContent Security Policy (CSP) is an effective security mechanism that prevents the exploitation of Cross-Site Scripting (XSS) vulnerabilities on websites by specifying the sources from which their web pages can load resources, such as scripts and ...
-
- research-articleJuly 2023
A survey of human-computer interaction (HCI) & natural habits-based behavioural biometric modalities for user recognition schemes
Highlights- The article presents a survey of the human-computer interaction and natural habits-based biometrics, namely, touchstroke, swipe, touch-signature, hand-movements, voice, gait, and single footstep that can be acquired from smart devices ...
The proliferation of Internet of Things (IoT) systems is having a profound impact across all aspects of life. Recognising and identifying particular users is central to delivering the personalised experience that citizens want to experience, and ...
- research-articleMarch 2023
Discovery and Identification of Memory Corruption Vulnerabilities on Bare-Metal Embedded Devices
IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 20, Issue 2Pages 1124–1138https://doi.org/10.1109/TDSC.2022.3149371Memory corruption vulnerabilities remain a prevalent threat on low-cost bare-metal devices. Fuzzing is a popular technique for automatically discovering such vulnerabilities. However, bare-metal devices lack even basic security mechanisms such as Memory ...
- research-articleDecember 2022
RiderAuth: A cancelable touch-signature based rider authentication scheme for driverless taxis
Journal of Information Security and Applications (JISA), Volume 71, Issue Chttps://doi.org/10.1016/j.jisa.2022.103357AbstractDriverless taxis are now closer to their worldwide launch, however, unsupervised physical access to the riders can pose unexpected safety and security risks to the connected and autonomous vehicle’s ecosystems. Thus, the need for human-...
- research-articleOctober 2022
Practical attacks on Login CSRF in OAuth
AbstractOAuth 2.0 is an important and well studied protocol. However, despite the presence of guidelines and best practices, the current implementations are still vulnerable and error-prone. This research mainly focused on the Cross-Site ...
- research-articleJuly 2022
Step & turn—A novel bimodal behavioral biometric-based user verification scheme for physical access control
AbstractStep & Turn is a novel bimodal behavioral biometric-based verification scheme for physical access control. In today’s rapidly evolving smart physical spaces, frictionless and smooth interactions are emerging as critical ...
- short-paperJune 2022
WiP: Metamodel for Continuous Authorisation and Usage Control
SACMAT '22: Proceedings of the 27th ACM on Symposium on Access Control Models and TechnologiesPages 43–48https://doi.org/10.1145/3532105.3535039Access control has been traditionally used to protect data and privacy. Traditional access control models (e.g., ABAC, RBAC) cannot meet modern security requirements as technologies spread over heterogeneous and dynamic environments that need continuous ...
- rapid-communicationMay 2022
IDeAuth: A novel behavioral biometric-based implicit deauthentication scheme for smartphones
Pattern Recognition Letters (PTRL), Volume 157, Issue CPages 8–15https://doi.org/10.1016/j.patrec.2022.03.011Highlights- IDeAuth is a novel implicit deauthentication scheme.
- Design Android-based ...
Many studies have shown that single entry-point authentication schemes for smartphones can easily be circumvented. IDeAuth is an implicit deauthentication scheme that aims to minimize unauthorized access to security-sensitive ...
- research-articleMay 2022
Generative adversarial networks for subdomain enumeration
SAC '22: Proceedings of the 37th ACM/SIGAPP Symposium on Applied ComputingPages 1636–1645https://doi.org/10.1145/3477314.3506967Subdomain enumeration is a fundamental step of many security processes (i.e., vulnerability discovery, OSINT, host enumeration, etc.). Up to now, this has been achieved with deterministic procedures that have shown some limitations. For instance, the ...
- research-articleMarch 2022
NemesisGuard: Mitigating interrupt latency side channel attacks with static binary rewriting
Computer Networks: The International Journal of Computer and Telecommunications Networking (CNTW), Volume 205, Issue Chttps://doi.org/10.1016/j.comnet.2021.108744AbstractInternet of Things (IoT) is becoming integrated into nearly every aspect of our modern life. Indeed, exploitation of such devices can directly lead to physical consequences in the real world. Previous work has shown that IoT devices ...
- ArticleMarch 2022
Touchstroke: Smartphone User Authentication Based on Touch-Typing Biometrics
New Trends in Image Analysis and Processing -- ICIAP 2015 WorkshopsPages 27–34https://doi.org/10.1007/978-3-319-23222-5_4AbstractSmartphones are becoming pervasive and widely used for a large variety of activities from social networking to online shopping, from message exchanging to mobile gaming, to mention just a few. Many of these activities generate private information ...
- research-articleJanuary 2022
MPI: Memory Protection for Intermittent Computing
IEEE Transactions on Information Forensics and Security (TIFS), Volume 17Pages 3597–3610https://doi.org/10.1109/TIFS.2022.3210866Batteryless devices harvest energy from sporadic ambient sources, enabling a wide range of long-lived, stand-alone, and environmentally-friendly sustainable applications. Software on these devices operates intermittently due to frequent power failures. ...
- research-articleSeptember 2021
Risk-Driven Behavioral Biometric-based One-Shot-cum-Continuous User Authentication Scheme
Journal of Signal Processing Systems (JSPS), Volume 93, Issue 9Pages 989–1006https://doi.org/10.1007/s11265-021-01654-2AbstractThe paper presents a risk-driven behavioral biometric-based user authentication scheme for smartphones. Our scheme delivers one-shot-cum-continuous authentication, thus not only authenticates users at the start of the application sign-in process ...
- ArticleJuly 2021
The Full Gamut of an Attack: An Empirical Analysis of OAuth CSRF in the Wild
Detection of Intrusions and Malware, and Vulnerability AssessmentPages 21–41https://doi.org/10.1007/978-3-030-80825-9_2AbstractOAuth 2.0 is a popular and industry-standard protocol. To date, different attack classes and relevant countermeasures have been proposed. However, despite the presence of guidelines and best practices, the current implementations are still ...
- ArticleJuly 2021
You’ve Got (a Reset) Mail: A Security Analysis of Email-Based Password Reset Procedures
Detection of Intrusions and Malware, and Vulnerability AssessmentPages 1–20https://doi.org/10.1007/978-3-030-80825-9_1AbstractThe password recovery process is a critical part of a website’s functionality. Many websites that provide online services to their users also need to solve the problem of allowing their users to reset their passwords (e.g., if they have forgotten ...