CIS-SAPIENZA - CISPA Meeting - DIAG Aula Magna, 4/10/2017

Il 4 ottobre 2017 si terrà un incontro tra CIS-SAPIENZA (https://www.cis.uniroma1.it/) e CISPA (Istituto Tedesco di Sicurezza Informatica) presso l'aula magna del DIAG in via Ariosto 25. L'incontro è aperto agli studenti dei corsi di laurea e ai dottorandi. Di seguito il programma del meeting.

CIS-SAPIENZA - CISPA Meeting
Aula Magna DIAG - Via Ariosto 25
Università di Roma La Sapienza
 
10.05-10.15 Welcome from the Dean of the School of Information Engineering, Computer Science and Statistics
Giancarlo Bongiovanni (Sapienza)
 
10:15-10:45: CISPA – One of Europe’s leading research sites of IT security
Giancarlo Pellegrino (CISPA)
The public presentation offers an overview of the Center for IT security, Privacy, and Accountability - CISPA located on the Saarland Informatics Campus in Saarbrücken, Germany. Founded in 2011, CISPA has become an important address of IT security and privacy. You can learn more about the different research areas, excellent education programmes, and career opportunities. The examples of current research projects provide an insight into our daily work.
 
10.45-11.15: Research Center of Cyber Intelligence and Information Security, Università degli Studi di Roma La Sapienza
Roberto Baldoni (CIS-SAPIENZA)
 
11:15-12:00: Seminar:  Automated Vulnerability Analysis for Modern Application Software
Giancarlo Pellegrino (CISPA)
Abstract: The complexity and pervasiveness of application software are growing rapidly. Nowadays, application software encompasses multiple devices, e.g., mobile and IoT,  and web services to perform operations ranging from online shopping and managing household appliances to controlling manufacturing processes. Like any other programs, application software has vulnerabilities that, when exploited,  can be used for financial fraud, stealing confidential data, and industrial espionage. Unfortunately, existing automated vulnerability analysis techniques are inadequate to tackle the complexity reached by these programs, thus leaving them exposed to attackers. My main research topic intends to stop this emerging trend and lay the foundation for the next-generation automated vulnerability analysis techniques. This talk focuses on the detection power and attack surface coverage challenges and presents two recent advances in the field. The first part of the talk presents Deemon, a tool that combines dynamic analysis and property graphs to mine Cross-Site Request Forgery, a long-neglected severe vulnerability. The second part of the talk presents jAEk, a new generation web application crawler that uses JavaScript dynamic analysis to increase the covered attack surface of web applications by 80%.