Search Results - "Ceccato, Mariano"
-
1
Security analysis of permission re-delegation vulnerabilities in Android apps
Published in Empirical software engineering : an international journal (01-11-2020)“…The Android platform facilitates reuse of app functionalities by allowing an app to request an action from another app through inter-process communication…”
Get full text
Journal Article -
2
A large study on the effect of code obfuscation on the quality of java code
Published in Empirical software engineering : an international journal (01-12-2015)“…Context : Obfuscation is a common technique used to protect software against malicious reverse engineering. Obfuscators manipulate the source code to make it…”
Get full text
Journal Article -
3
Empirical assessment of the effort needed to attack programs protected with client/server code splitting
Published in Empirical software engineering : an international journal (01-01-2020)“…Context Code hardening is meant to fight malicious tampering with sensitive code executed on client hosts. Code splitting is a hardening technique that moves…”
Get full text
Journal Article -
4
A large-scale study on the adoption of anti-debugging and anti-tampering protections in android apps
Published in Journal of information security and applications (01-06-2020)“…Android apps are subject to malicious reverse engineering and code tampering for many reasons, like premium features unlocking and malware piggybacking…”
Get full text
Journal Article -
5
A federated society of bots for smart contract testing
Published in The Journal of systems and software (01-10-2020)“…Smart contracts are a new type of software that allows its users to perform irreversible transactions on a distributed persistent data storage called the…”
Get full text
Journal Article -
6
Assessing the security of inter-app communications in android through reinforcement learning
Published in Computers & security (01-08-2023)“…A central aspect of the Android platform is Inter-Component Communication (ICC), which allows the reuse of functionality across apps and components through…”
Get full text
Journal Article -
7
Comparison and integration of genetic algorithms and dynamic symbolic execution for security testing of cross-site scripting vulnerabilities
Published in Information and software technology (01-12-2013)“…Cross-site scripting (XSS for short) is considered one of the major threat to the security of web applications. Static analysis supports manual security review…”
Get full text
Journal Article -
8
Experimental assessment of XOR-Masking data obfuscation based on K-Clique opaque constants
Published in The Journal of systems and software (01-04-2020)“…•A novel data obfuscation scheme is proposed•Opaque predicates are exploited to make the obfuscation scheme resilient to static analysis•This novel data…”
Get full text
Journal Article -
9
Hypertesting of Programs: Theoretical Foundation and Automated Test Generation
Published in 2024 IEEE/ACM 46th International Conference on Software Engineering (ICSE) (14-04-2024)“…Hyperproperties are used to define correctness requirements that involve relations between multiple program executions. This allows, for instance, to model…”
Get full text
Conference Proceeding -
10
Enhancing Ethereum smart-contracts static analysis by computing a precise Control-Flow Graph of Ethereum bytecode
Published in The Journal of systems and software (01-06-2023)“…The immutable nature of Ethereum transactions, and consequently Ethereum smart-contracts, has stimulated the proliferation of many approaches aiming at…”
Get full text
Journal Article -
11
Automated Black-Box Testing of Mass Assignment Vulnerabilities in RESTful APIs
Published in 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE) (01-05-2023)“…Mass assignment is one of the most prominent vulnerabilities in RESTful APIs that originates from a misconfiguration in common web frameworks. This allows…”
Get full text
Conference Proceeding -
12
Automated black‐box testing of nominal and error scenarios in RESTful APIs
Published in Software testing, verification & reliability (01-08-2022)“…RESTful APIs (or REST APIs for short) represent a mainstream approach to design and develop web APIs using the REpresentational State Transfer architectural…”
Get full text
Journal Article -
13
Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge
Published in Empirical software engineering : an international journal (01-02-2019)“…When critical assets or functionalities are included in a piece of software accessible to the end users, code protections are used to hinder or delay the…”
Get full text
Journal Article -
14
A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques
Published in Empirical software engineering : an international journal (01-08-2014)“…Context: code obfuscation is intended to obstruct code understanding and, eventually, to delay malicious code changes and ultimately render it uneconomical…”
Get full text
Journal Article -
15
Experimental comparison of features, analyses, and classifiers for Android malware detection
Published in Empirical software engineering : an international journal (01-11-2023)“…Android malware detection has been an active area of research. In the past decade, several machine learning-based approaches based on different types of…”
Get full text
Journal Article -
16
CodeBender: Remote Software Protection Using Orthogonal Replacement : Software Protection
Published in IEEE software (2011)Get full text
Journal Article -
17
Ahab’s legs in scenario-based requirements validation: An experiment to study communication mistakes
Published in The Journal of systems and software (01-11-2015)“…•The Ahab’s leg (AL) is a known problem of conversion between media.•The validation of requirements may be subject to the problem of AL.•This work is an…”
Get full text
Journal Article -
18
RESTTESTGEN: Automated Black-Box Testing of RESTful APIs
Published in 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) (01-10-2020)“…RESTful APIs (or REST APIs for short) represent a mainstream approach to design and develop Web APIs using the REpresentational State Transfer architectural…”
Get full text
Conference Proceeding -
19
AnFlo: detecting anomalous sensitive information flows in Android apps
Published in 2018 IEEE/ACM 5th International Conference on Mobile Software Engineering and Systems (MOBILESoft) (27-05-2018)“…Smartphone apps usually have access to sensitive user data such as contacts, geo-location, and account credentials and they might share such data to external…”
Get full text
Conference Proceeding
-
20
Circe: A grammar-based oracle for testing Cross-site scripting in web applications
Published in 2013 20th Working Conference on Reverse Engineering (WCRE) (01-10-2013)“…Security is a crucial concern, especially for those applications, like web-based programs, that are constantly exposed to potentially malicious environments…”
Get full text
Conference Proceeding