|
|
Networking and Security |
Back
|
|
Davide BALZAROTTI
Assistant-Professor
|
|
|
|
|
|
|
|
Resume |
Education
- PhD in Computer Engineering from Politecnico di Milano in 2006
-Postdoctoral researcher in computer security at University of California - Santa Barbara (2006 - 2008)
Teaching
He is currently Assistant Professor within the Department of Networking and Security where he teaches software development.
Industrial experience
Before joining EURECOM, Davide spent almost two years in Santa Barbara as a postdoctoral researcher in the Department of Computer Science at UCSB, working in the Computer Security Lab with Professor Giovanni Vigna and Professor Richard Kemmerer.
In 2007 he participated in the red team involved in testing the capability and security of the voting machines certified for use in the State of Ohio (Project Everest) and he was also a member of the red team in the topto-bottom review of the electronic voting machines certified for use in California.
Major research interests
His research interests include most aspects of system security and in particular the areas of intrusion detection and prevention, binary and malware analysis, reverse engineering, and web security.
Visibility, membership, committee
He has been a program committee member for several international conferences and workshops. He is co-chair for RAID 201.
He was a member of the red team involved in testing the capability and security of the voting machines certified for use in the State of Ohio (Project Everest) and in the top-to-bottom review of the electronic voting machines certified for use in California.
| Additional information | Current research topics Advanced malware analysis, with a particular focus on techniques to identify and classify malicious code that implements countermeasures to avoid automatic analysis. New threats in web security.
Selected publications D. Balzarotti, M. Cova, V. Felmetsger, G. Vigna «Multi-Module Vulnerability Analysis of Web-based Applications» Proceedings of the ACM Conference on Computer and Communication Security (ACM CCS) 2007 D. Balzarotti, G. Banks, M. Cova, V. Felmetsger, R. Kemmerer, W. Robertson, F. Valeur, G. Vigna «Are Your Votes Really Counted? Testing the Security of Realworld Electronic Voting Systems» International Symposium on Software Testing and Analysis (ISSTA) - Seattle, WA, July 20-24 2008 G. Vigna, W. Robertson, and D. Balzarotti «Testing Network-based Intrusion Detection Signatures Using Mutant Exploits» Proceedings of the ACM Conference on Computer and Communication Security (ACM CCS 2004) D. Balzarotti, M. Cova, V. Felmetsger, N. Jovanovic, E. Kirda, C. Kruegel, G. Vigna «Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications» Proceedings of the 29th IEEE Symposium on Security and Privacy - Oakland, California, May 18-21, 2008.
|
|
|
|
|
Publications |
| Eurecom Reference | 2012 |
| 3550 |
Scholte, Theodoor; Balzarotti, Davide; Robertson, William; Kirda, Engin
An empirical analysis of input validation mechanisms in web applications and languages
SAC 2012, 27th ACM Symposium On Applied Computing (SAC), Security Track, March 26-30, 2012, Trento, Italy
Details
BibTeX
|
| 3548 |
Balduzzi, Marco; Zaddach, Jonas; Balzarotti, Davide; Kirda, Engin; Loureiro, Sergio
A security analysis of amazon's elastic compute cloud service
SAC@SAC 2012, 11th edition of the Computer Security track at the 27th ACM Symposium on Applied Computing, March 26-30, 2012, Trento, Italy
Details
BibTeX
|
| 3553 |
Onarlioglu, Kaan; Ozan Yilmaz, Utku; Balzarotti, Davide; Kirda, Engin
Insights into user behavior in dealing with internet attacks
NDSS'12, 19th Annual Network and Distributed System Security Symposium, February 5-8, 2012, San Diego, CA, USA
Details
BibTeX
|
| Eurecom Reference | 2011 |
| 3611 |
Scholte, Theodoor; Balzarotti, Davide; Kirda, Engin
Have things changed now? An empirical study on input validation vulnerabilities in web applications
"Computers and Security", 2012, ISSN: 0167-4048
Details
BibTeX
DOI
|
| 3500 |
Isacenkova, Jelena; Balzarotti, Davide
Measurement and evaluation of a real world deployment of a challenge-response spam filter
IMC 2011, 11th ACM SIGCOMM Internet Measurement Conference, November 2-4, 2011, Berlin, Germany
, pp 413-426
Details
BibTeX
DOI
|
| 3459 |
Srivastava, Abhinav; Lanzi, Andrea; Giffin, Jonathon; Balzarotti, Davide
Operating system interface obfuscation and the revealing of hidden operations
DIMVA 2011, 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, July 7-8th, 2011, Amsterdam, The Netherlands / Also published in "Lecture Notes in Computer Science", Vol 6739/2011
, pp 214-233
Details
BibTeX
DOI
|
| 3402 |
Irani, Danesh; Balduzzi, Marco; Balzarotti, Davide; Kirda, Engin; Pu, Calton
Reverse social engineering attacks in online social networks
DIMVA 2011, 8th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 7-8th, 2011
Amsterdam, The Netherlands / Also published in "Lecture Notes in Computer Science", Vol 6739/2011
, pp 55-74
Details
BibTeX
DOI
|
| 3379 |
Bilge, Leyla; Lanzi, Andrea; Balzarotti, Davide
Thwarting real-time dynamic unpacking
EUROSEC 2011, 4th ACM European Workshop on System Security, April 10th, 2011, Salzburg, Austria
Details
BibTeX
DOI
|
| 3349 |
Nikiforakis, Nick; Balduzzi, Marco; Van Acker, Steven; Joosen, Wouter; Balzarotti, Davide
Exposing the lack of privacy in file hosting services
LEET 2011, 4th Usenix Workshop on Large-Scale Exploits and Emergent Threats, March 29th, 2011, Boston, USA
Details
BibTeX
|
| 3277 |
Scholte, Theodoor; Balzarotti, Davide; Kirda, Engin
Quo vadis ? A study of the evolution of input validation vulnerabilities in Web applications
FC 2011, 15th International Conference on Financial Cryptography and Data Security, February 28-March 4, 2011
Bay Gardens Beach Resort, St. Lucia
Details
BibTeX
|
| 3234 |
Balduzzi, Marco; Torrano Gimenez, Carmen; Balzarotti, Davide; Kirda, Engin
Automated discovery of parameter pollution vulnerabilities in web applications
NDSS'11, 8th Annual Network and Distributed System Security Symposium, 6-9 February 2011, San Diego, CA, USA
 Distinguished Paper Award
Details
BibTeX
|
| Eurecom Reference | 2010 |
| 3235 |
Onarlioglu, Kaan; Bilge, Leyla; Lanzi, Andrea; Balzarotti, Davide; Kirda, Engin
G-Free : defeating return-oriented programming through gadget-less binaries
ACSAC'10, Annual Computer Security Applications Conference, December 6-10, 2010, Austin, Texas, USA
, pp 49-58
Details
BibTeX
DOI
|
| 3236 |
Lanzi, Andrea; Balzarotti, Davide; Kruegel, Christopher; Christodorescu, Mihai; Kirda, Engin
AccessMiner: using system-centric models for malware protection
CSS'10, 17th ACM Conference on Computer and Communications Security, October 4-8, 2010, Chicago, IL, USA
, pp 399-412
Details
BibTeX
DOI
|
| 3138 |
Balduzzi, Marco; Platzer, Christian; Holz, Thorsten; Kirda, Engin; Balzarotti, Davide; Kruegel, Christopher
Abusing social networks for automated user profiling
RAID'2010, 13th International Symposium on Recent Advances in Intrusion Detection, September 15-17, 2010, Ottawa, Canada / Also published in "LNCS", Volume 6307/2010
, pp 422-441
Details
BibTeX
DOI
|
| 3348 |
Bilge, Leyla; Balduzzi, Marco; Balzarotti, Davide; Kirda, Engin
A summary of two practical attacks against social networks
ITWDC'11, 21st International Tyrrhenian Workshop on Digital Communications: Trustworthy Internet, September 6-8, 2010, Island of Ponza, Italy / Also published as chapter book 13 of "Trustworthy internet", Springer, ISBN: 978-8847018174
, pp 171-185
Details
BibTeX
DOI
|
| 3196 |
Balzarotti, Davide; Banks, G. ; Cova, M. ; Felmetsger, V. ; Kemmerer, R. ; Robertson, W. ; Valeur, F. ; Vigna, G
An experience in testing the security of real-world electronic voting systems
IEEE Transactions on Software Engineering, July-August 2010, Vol 36, N°4
, pp 453-473
Details
BibTeX
DOI
|
| 3210 |
Lauinger, Tobias; Pankakoski, Veikko; Balzarotti, Davide; Kirda, Engin
Honeybot, your man in the middle for automated social engineering
LEET'10, 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats, 27 April, 2010, San Jose, USA
Details
BibTeX
|
| 2994 |
Balduzzi, Marco; Egele, Manuel; Kirda, Engin; Balzarotti, Davide; Kruegel, Christopher
A solution for the automated detection of clickjacking attacks
AsiaCCS 2010, 5th Symposium on Information Computer and Communications Security, April 13-16, 2010, Beijing, China
Details
BibTeX
DOI
|
| 3042 |
Balduzzi, Marco; Platzer, Christian; Holz, Thorsten; Kirda, Engin; Balzarotti, Davide ; Kruegel, Christopher
Abusing social networks for automated user profiling
Research Report RR-10-233
Details
BibTeX
|
| 3022 |
Balzarotti, Davide; Cova, Marco; Karlberger, Christoph; Kruegel, Christopher; Kirda, Engin; Vigna, Giovanni
Efficient detection of split personalities in malware
NDSS 2010, 17th Annual Network and Distributed System Security Symposium, February 28th-March 3rd, 2010, San Diego, CA, USA
Details
BibTeX
|
| Eurecom Reference | 2009 |
| 2778 |
Bayer, Ulrich;Habibi, Imam;Balzarotti, Davide;Kirda, Engin;Kruegel, Christopher
A view on current malware behavior
LEET'09: 2nd USENIX Workshop on Large-Scale Exploits and Emergent Threats, April 21, 2009, Boston, MA, USA
Details
BibTeX
|
| 2782 |
Bilge, Leyla;Strufe, Thorsten;Balzarotti, Davide;Kirda, Engin
All your contacts are belong to us : automated identity theft attacks on social networks
WWW'09, 18th International World Wide Web Conference, April 20-24, Madrid, Spain
, pp 551-560
Details
BibTeX
DOI
|
| Eurecom Reference | 2008 |
| 2521 |
Balzarotti, Davide; Cova, Marco;Felmetsger, Vika;Jovanovic, Nenad;Kirda, Engin;Krügel, Christopher;Vigna, Giovanni
Saner: composing static and dynamic analysis to validate sanitization in web applications
SP 2008, IEEE Symposium on Security and Privacy, May 18-21, 2008, Oakland, USA
, pp 387 - 401
Details
BibTeX
DOI
|
|
|
