Davide BALZAROTTI
|
Davide BALZAROTTI
Eurecom - Networking and Security
Assistant-Professor
04 93 00 81 56
04 93 00 82 00
387
|
My EURECOM publications
Journal
-
December 2011
Journal
Have things changed now? An empirical study on input validation vulnerabilities in web applications
"Computers and Security", 2012, ISSN: 0167-4048
-
August 2010
Journal
An experience in testing the security of real-world electronic voting systems
IEEE Transactions on Software Engineering, July-August 2010, Vol 36, N°4
Conference/Book
-
September 2010
Conference/Book
Abusing social networks for automated user profiling
RAID 2010, 13th International Symposium on Recent Advances in Intrusion Detection, September 15-17, 2010, Ottawa, Canada / Also published in "LNCS", Volume 6307/2010
Conference
-
July 2013
Conference
The role of phone numbers in understanding cyber-crime
Accepted in PST 2013, 11th International Conference on Privacy, Security and Trust, July 10-12, 2013, Tarragona, Catalonia, Spain
-
May 2013
Conference
Inside the SCAM jungle: A closer look at 419 scam email operations
IWCC 2013, International Workshop on Cyber Crime (co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013), May 24, 2013, San Francisco, CA, USA
-
May 2013
Conference
The role of web hosting providers in detecting compromised websites
WWW 2013, 22nd International World Wide Web Conference, May 13-17, 2013, Rio de Janeiro, Brazil
-
February 2013
Conference
Behind the scenes of online attacks: an analysis of exploitation behaviors on the web
NDSS 2013, 20th Annual Network and Distributed System Security Symposium, February 24-27, 2013, San Diego, CA, United States
-
December 2012
Conference
DISCLOSURE: Detecting botnet command and control servers through large-scale netflow analysis
ACSAC 2012, 28th Annual Computer Security Applications Conference, December 3-7, 2012, Orlando, Florida, USA
-
December 2012
Conference
Towards network containment in malware analysis systems
ACSAC 2012, 28th Annual Computer Security Applications Conference, December 3-7, 2012, Orlando, Florida, USA
-
July 2012
Conference
Preventing input validation vulnerabilities in web applications through automated type analysis
COMPSAC 2012, 36th Annual IEEE Computer Software and Applications Conference, July 16-20, 2012, Izmir, Turkey
-
July 2012
Conference
A quantitative study of accuracy in system call-based malware detection
ISSTA 2012, International Symposium on Software Testing and Analysis, July 15-20, 2012, Minneapolis, MN, USA
-
May 2012
Conference
From model-checking to automated testing of security protocols: Bridging the gap
TAP 2012, 6th International Conference on Tests and Proofs, May 31-June 1, 2012, Prague, Czech Republic / Published also in LNCS, Volume 7305, 2012, Springer
-
March 2012
Conference
A security analysis of amazon's elastic compute cloud service
SAC 2012, 27th ACM Symposium On Applied Computing, Security Track, March 26-30, 2012, Trento, Italy
-
March 2012
Conference
An empirical analysis of input validation mechanisms in web applications and languages
SAC 2012, 27th ACM Symposium On Applied Computing, Security Track, March 26-30, 2012, Trento, Italy
-
February 2012
Conference
Insights into user behavior in dealing with internet attacks
NDSS 2012, 19th Annual Network and Distributed System Security Symposium, February 5-8, 2012, San Diego, USA
-
November 2011
Conference
Measurement and evaluation of a real world deployment of a challenge-response spam filter
IMC 2011, 11th ACM SIGCOMM Internet Measurement Conference, November 2-4, 2011, Berlin, Germany
-
July 2011
Conference
Reverse social engineering attacks in online social networks
DIMVA 2011, 8th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 7-8th, 2011 Amsterdam, The Netherlands / Also published in "Lecture Notes in Computer Science", Vol 6739/2011
-
July 2011
Conference
Operating system interface obfuscation and the revealing of hidden operations
DIMVA 2011, 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, July 7-8th, 2011, Amsterdam, The Netherlands / Also published in "Lecture Notes in Computer Science", Vol 6739/2011
-
April 2011
Conference
Thwarting real-time dynamic unpacking
EUROSEC 2011, 4th ACM European Workshop on System Security, April 10th, 2011, Salzburg, Austria
-
March 2011
Conference
Exposing the lack of privacy in file hosting services
LEET 2011, 4th Usenix Workshop on Large-Scale Exploits and Emergent Threats, March 29th, 2011, Boston, USA
-
February 2011
Conference
Quo vadis? A study of the evolution of input validation vulnerabilities in Web applications
FC 2011, 15th International Conference on Financial Cryptography and Data Security, February 28-March 4, 2011 Bay Gardens Beach Resort, St. Lucia / Also published as "LNCS", Volume 7035/2012
-
February 2011
Conference
Automated discovery of parameter pollution vulnerabilities in web applications
NDSS 2011, 18th Annual Network and Distributed System Security Symposium, 6-9 February 2011, San Diego, CA, USA
Distinguished Paper Award
-
December 2010
Conference
G-Free : defeating return-oriented programming through gadget-less binaries
ACSAC 2010, Annual Computer Security Applications Conference, December 6-10, 2010, Austin, Texas, USA
-
October 2010
Conference
AccessMiner: using system-centric models for malware protection
CCS 2010, 17th ACM Conference on Computer and Communications Security, October 4-8, 2010, Chicago, IL, USA
-
September 2010
Conference
A summary of two practical attacks against social networks
ITWDC 2011, 21st International Tyrrhenian Workshop on Digital Communications: Trustworthy Internet, September 6-8, 2010, Island of Ponza, Italy / Also published as chapter book 13 of "Trustworthy internet", Springer, ISBN: 978-8847018174
-
April 2010
Conference
Honeybot, your man in the middle for automated social engineering
LEET 2010, 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats, 27 April, 2010, San Jose, USA
-
April 2010
Conference
A solution for the automated detection of clickjacking attacks
ASIACCS 2010, 5th Symposium on Information Computer and Communications Security, April 13-16, 2010, Beijing, China
-
February 2010
Conference
Efficient detection of split personalities in malware
NDSS 2010, 17th Annual Network and Distributed System Security Symposium, February 28th-March 3rd, 2010, San Diego, USA
-
April 2009
Conference
A view on current malware behavior
LEET 2009, 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 21, 2009, Boston, USA
-
April 2009
Conference
A view on current malware behaviors
LEET 2009, 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 21st, 2009, Boston, USA
-
April 2009
Conference
All your contacts are belong to us : automated identity theft attacks on social networks
WWW 2009, 18th International World Wide Web Conference, April 20-24, Madrid, Spain
-
May 2008
Conference
Saner: composing static and dynamic analysis to validate sanitization in web applications
SP 2008, IEEE Symposium on Security and Privacy, May 18-21, 2008, Oakland, USA
Report
-
February 2013
Report
The role of phone numbers in understanding cyber-crime
Research Report RR-13-277
-
March 2010
Report
Abusing social networks for automated user profiling
Research Report RR-10-233
Search
About me
Distinctions
-
In 2011, he received with his co-authors the Best Paper Award for "Automated discovery of parameter pollution vulnerabilities in web applications" (NDSS'11).
