TEStabiliTy pAttern-driven weB appLication sEcurity and privacy testing

Información del proyecto

TESTABLE

Identificador del acuerdo de subvención: 101019206

Sitio web del proyecto

DOI

10.3030/101019206

Proyecto cerrado

Fecha de la firma de la CE 20 Abril 2021

Fecha de inicio 1 Septiembre 2021

Fecha de finalización 31 Agosto 2024

Financiado con arreglo a

Secure societies - Protecting freedom and security of Europe and its citizens

Coste total

€ 4 835 135,00

Aportación de la UE

€ 4 835 135,00

4 835 135,00

Coordinado por

CISPA - HELMHOLTZ-ZENTRUM FUR INFORMATIONSSICHERHEIT GGMBH
Germany

CORDIS proporciona enlaces a los documentos públicos y las publicaciones de los proyectos de los programas marco HORIZONTE.

Los enlaces a los documentos y las publicaciones de los proyectos del Séptimo Programa Marco, así como los enlaces a algunos tipos de resultados específicos, como conjuntos de datos y «software», se obtienen dinámicamente de OpenAIRE .

Resultado final

Dissemination and Exploitation Progress Report, Year 1

Intermediate report on the dissemination activities performed during the first year of the project ie T82 T83 and T84

Final Report on Privacy Testing Solutions

This deliverable will describe and present the performance evaluation of the final privacy testing solutions of T4.2.

Dissemination and Exploitation Progress Report, Year 2

Intermediate report on the dissemination activities performed during the second year of the project, i.e., T8.2, T8.3, and T8.4.

Pattern Discovery Evaluation Report

Final report on T6.1.

Large Scale Assessment of Publicly Available Case Studies

Final report on T7.2.

Analysis of Requirements

Final report on the progress on T21

Initial set of Case Studies

Final report on T71

Definition of the Scope of Privacy Testing

This deliverable will report on T41 and it will provide a comprehensive description of the required privacy patterns that need to be considered in privacy testing by taking into account both the existing solutions and the elements that are missing

Initial Set of Testability Patterns

Intermediate report on the progress of T22

Security and Privacy Mitigation Report

Final report on T6.3.

Final Report on Techniques to Increase Testability

Final report on T3.2.

Preliminary Report on Techniques to Increase Testability

Intermediate report on the progress of T3.2.

Intermediate Report on AI/ML Testing Solutions

This deliverable will describe and present the initial performance evaluation of the interim AI/ML testing solutions of T5.2.

Testability Improvement Report

Final report on T6.2.

Definition of the Scope of AI/ML Testing

This deliverable will report on T51 and it will provide a comprehensive description of the required patterns that need to be considered in AIML testing by taking into account both the existing solutions and the elements that are missing

Final Dissemination and Exploitation Report

Final dissemination deliverable, which includes the plan for exploitation and the report of the standardization activities, i.e., T8.2, T8.3, and T8.4.

Final Report on AI/ML Testing Solutions

This deliverable will describe and present the performance evaluation of the final AI/ML testing solutions of T5.2.

Report on Security and Privacy Indicators

Intermediate report on the progress of T2.3.

Report on Security Testing Building Block Techniques

Report on T31

Final Report on Testability Patterns

Final report on the progress of T2.2.

Intermediate Report on Privacy Testing Solutions

This deliverable will describe and present the intial performance evaluation of the interim privacy testing solutions of T4.2.

Initial Assessment of Publicly Available Case Studies

Intermediate report on the progress on T7.2.

Web Site and Digital Presence

Creation and setup of the projects website and social platform accounts for digital presence T81

Publicaciones

Raze to the Ground: Query-Efficient Adversarial HTML Attacks on Machine-Learning Phishing Webpage Detectors

Autores: Biagio Montaruli, Luca Demetrio, Maura Pintor, Luca Compagna, Davide Balzarotti, Battista Biggio
Publicado en: Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security, 2024
Editor: ACM
DOI: 10.1145/3605764.3623920

FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities

Autores: Samuel Groß, Simon Koch, Lukas Bernhard, Thorsten Holz, Martin Johns
Publicado en: Proceedings 2023 Network and Distributed System Security Symposium, 2023
Editor: Internet Society
DOI: 10.14722/ndss.2023.24290

Poster: The Risk of Insufficient Isolation of Database Transactions in Web Applications

Autores: Simon Koch, Malte Wessels, David Klein, Martin Johns
Publicado en: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Edición 202, 2024, Página(s) 3576-3578
Editor: ACM
DOI: 10.1145/3576915.3624394

Keeping Privacy Labels Honest

Autores: Simon Koch (Technische Universität Braunschweig, Institute for Application Security), Malte Wessels (Technische Universität Braunschweig, Institute for Application Security), Benjamin Altpeter (Datenanfragen.de e. V.), Madita Olvermann (Technische Universität Braunschweig, Industrial/Organizational and Social Psychology), Martin Johns (Technische Universität Braunschweig, Institute for Applica
Publicado en: Proceedings on Privacy Enhancing Technologies Symposium, Edición Volume: 2022 Edición: 4, 2022, Página(s) Pages: 486–506
Editor: Privacy Enhancing Technologies Board
DOI: 10.56553/popets-2022-0119

Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications

Autores: Feras Al Kassar, Giulia Clerici, Luca Compagna, Davide Balzarotti, Fabian Yamaguchi
Publicado en: Proceedings 2022 Network and Distributed System Security Symposium, 2023
Editor: Internet Society
DOI: 10.14722/ndss.2022.24150

Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions

Autores: Klein, David and Barber, Thomas and Bensalim, Souphiane and Stock, Ben and Johns, Martin
Publicado en: EuroS&P IEEE European Symposium on Security and Privacy, 2022
Editor: IEEE
DOI: 10.1109/eurosp53844.2022.00023

General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications

Autores: David Klein, Benny Rolle, Thomas Barber, Manuel Karl, Martin Johns
Publicado en: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2024, Página(s) 3343-3357
Editor: ACM
DOI: 10.1145/3576915.3616604

Domain and Website Attribution beyond WHOIS

Autores: Silvia Sebastián, Raluca-Georgia Diugan, Juan Caballero, Iskander Sanchez-Rola, Leyla Bilge
Publicado en: Annual Computer Security Applications Conference, 2023, Página(s) 124-137
Editor: ACM
DOI: 10.1145/3627106.3627190

Exploring Current and Future Research Directions on XS-Leaks through an Extended Formal Model.

Autores: Tom Van Goethem, Gertjan Franken, Iskander Sanchez-Rola, David Dworken, and Wouter Joosen
Publicado en: Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '22), 2022, Página(s) 784–798
Editor: Association for Computing Machinery
DOI: 10.1145/3488932.3517416

Scripted Henchmen: Leveraging XS-Leaks for Cross-Site Vulnerability Detection

Autores: Tom Van Goethem, Iskander Sanchez-Rola, Wouter Joosen
Publicado en: 2023 IEEE Security and Privacy Workshops (SPW), Edición 7, 2024, Página(s) 371-383
Editor: IEEE
DOI: 10.1109/spw59333.2023.00038

The OK Is Not Enough: A Large Scale Study of Consent Dialogs in Smartphone Applications

Autores: Koch, Simon; Altpeter, Benjamin; Johns, Martin
Publicado en: 32nd USENIX Security Symposium (USENIX Security 23), 2023, Página(s) 5467-5484
Editor: USENIX Association

When Sally Met Trackers: Web Tracking From the Users' Perspective

Autores: Savino Dambra, Iskander Sanchez-Rola, Leyla Bilge, Davide Balzarotti
Publicado en: 31th USENIX Security Symposium (USENIX Security 22)}, 2022, Página(s) 2189--2206, ISBN 978-1-939133-31-1
Editor: USENIX Association

Testability Tarpits: the Impact of Code Patterns on the Security Testing of Web Applications

Autores: Feras Al Kassar (SAP Security Research), Giulia Clerici (SAP Security Research), Luca Compagna (SAP Security Research), Davide Balzarotti (EURECOM), Fabian Yamaguchi (ShiftLeft Inc)
Publicado en: NDSS Symposium 2022, 2022
Editor: Internet Society

Poster: Analysis of User Uniqueness on LinkedIn Based on Publicly Available Non-PII

Autores: Ángel Merino, José González-Cabañas, Ángel Cuevas, Rubén Cuevas
Publicado en: Proceedings of the 2023 ACM on Internet Measurement Conference, 2024, Página(s) 726-727
Editor: ACM
DOI: 10.1145/3618257.3625000

{WHIP}: Improving Static Vulnerability Detection in Web Application by Forcing tools to Collaborate

Autores: Al-Kassar, Feras; Compagna, Luca; Balzarotti, Davide
Publicado en: 32nd USENIX Security Symposium (USENIX Security 23), 2023, Página(s) 6079-6096
Editor: USENIX Association

Unique on Facebook: formulation and evidence of (nano)targeting individual users with non-PII data

Autores: González-Cabañas, José ; Cuevas, Ángel ; Cuevas, Rubén ; López-Fernández, Juan ; García, David
Publicado en: ACM Internet Measurement Conference (IMC '21), 2021
Editor: Association for Computing Machinery
DOI: 10.1145/3487552.3487861

Analysis and Implementation of Nanotargeting on LinkedIn Based on Publicly Available Non-PII

Autores: Ángel Merino, José González-Cabañas, Ángel Cuevas, Rubén Cuevas
Publicado en: Proceedings of the CHI Conference on Human Factors in Computing Systems, Edición 671, 2024, Página(s) 1-22
Editor: ACM
DOI: 10.1145/3613904.3642107

Proceedings of 45th IEEE Symposium on Security and Privacy

Autores: Khodayari, Soheil; Barber, Thomas; Pellegrino, Giancarlo
Publicado en: Proceedings of 45th IEEE Symposium on Security and Privacy, 2024
Editor: IEEE

Scamdog Millionaire: Detecting E-commerce Scams in the Wild

Autores: Platon Kotzias, Kevin Roundy, Michalis Pachilakis, Iskander Sanchez-Rola, Leyla Bilge
Publicado en: Annual Computer Security Applications Conference, 2023, Página(s) 29-43
Editor: ACM
DOI: 10.1145/3627106.3627184

SSRF vs. Developers: A Study of SSRF-Defenses in PHP Applications

Autores: Wessels, Malte; Koch, Simon; Pellegrino, Giancarlo; Johns, Martin
Publicado en: 33rd USENIX Security Symposium (USENIX Security 24), 2024, Página(s) 6777-6794
Editor: USENEX

It’s (dom) clobbering time: Attack techniques, prevalence, and defenses

Autores: Khodayari, Soheil; Pellegrino, Giancarlo
Publicado en: 2023 IEEE Symposium on Security and Privacy, 2023, Página(s) 1041-1058
Editor: IEEE

Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials

Autores: Klein, David; Johns, Martin
Publicado en: 2024 IEEE Symposium on Security and Privacy (SP), 2024, Página(s) 173-173
Editor: IEEE

Robust Machine Learning for Malware Detection over Time

Autores: Daniele Angioni Primo;Luca DemetrioSecondo;Maura PintorPenultimo;Battista BiggioUltimo
Publicado en: 6th Italian Conference on Cybersecurity, ITASEC 2022, 2022
Editor: CEUR-WS

The Fault in Our Stars: An Analysis of GitHub Stars as an Importance Metric for Web Source Code

Autores: Koch, Simon; Klein, David; Johns, Martin
Publicado en: Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2024, 2024
Editor: iNTERNET SOCIETY

Generating Realistic Synthetic Curricula Vitae for Machine LearningApplications under Differential Privacy

Autores: Andrea Bruera1, Francesco Alda, Francesco Di Cerbo3
Publicado en: PROCEEDINGS - LREC 2022 Joint Workshop Language Resources and Evaluation Conference, 2022, Página(s) 53-63, ISBN 979-10-95546-96-2
Editor: European Language Resources Association (ELRA)

Towards Understanding and Improving Security-Relevant Web Application Logging

Autores: Merve Sahin, Noemi Daniele
Publicado en: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, Edición 22, 2024, Página(s) 814-829
Editor: ACM
DOI: 10.1145/3634737.3637647

Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples

Autores: Maura Pintor, Luca Demetrio, Angelo Sotgiu, Ambra Demontis, Nicholas Carlini, Battista Biggio, Fabio Roli
Publicado en: Advances in Neural Information Processing Systems, 2022, Página(s) 23063-23076
Editor: Curran Associates, Inc.

Secure and explainable machine learning in Python

Autores: Maura Pintor, Luca Demetrio, Angelo Sotgiu, Marco Melis, Ambra Demontis, Battista Biggio
Publicado en: SoftwareX, Edición 23527110, 2022, ISSN 2352-7110
Editor: Elsevier
DOI: 10.1016/j.softx.2022.101095

Online advertisement in a pink-colored market

Autores: Amir Mehrjoo, Rubén Cuevas, Ángel Cuevas
Publicado en: EPJ Data Science, Edición 13, 2024, ISSN 2193-1127
Editor: Springer Nature
DOI: 10.1140/epjds/s13688-024-00473-2

A Deep Dive into the Accuracy of IP Geolocation Databases and its Impact on Online Advertising

Autores: Patricia Callejo, Marco Gramaglia, Rubén Cuevas, Ángel Cuevas
Publicado en: IEEE Transactions on Mobile Computing, Edición 22, 2024, Página(s) 4359-4373, ISSN 1536-1233
Editor: Institute of Electrical and Electronics Engineers
DOI: 10.1109/tmc.2022.3166785

Overprofiling Analysis on Major Internet Players

Autores: Francisco Caravaca, José González-Cabañas, Ángel Cuevas, Rubén Cuevas
Publicado en: Proceedings on Privacy Enhancing Technologies, Edición 2024, 2024, Página(s) 929-946, ISSN 2299-0984
Editor: Privacy Enhancing Technologies Board
DOI: 10.56553/popets-2024-0149

Estimating ideology and polarization in European countries using Facebook data

Autores: Francisco Caravaca, José González-Cabañas, Ángel Cuevas, Rubén Cuevas
Publicado en: EPJ Data Science, Edición 11, 2023, ISSN 2193-1127
Editor: Springer Open
DOI: 10.1140/epjds/s13688-022-00367-1

Practical Attacks on Machine Learning: A Case Study on Adversarial Windows Malware

Autores: Luca Demetrio; Battista Biggio; Fabio Roli
Publicado en: IEEE Security & Privacy, 2022, Edición 15584046, 2022, Página(s) 77-85, ISSN 1558-4046
Editor: IEEE
DOI: 10.1109/msec.2022.3182356

A Black-Box Privacy Analysis of Messaging Service Providers' Chat Message Processing

Autores: Robin Kirchner, Simon Koch, Noah Kamangar, David Klein, Martin Johns
Publicado en: Proceedings on Privacy Enhancing Technologies, Edición 2024, 2024, Página(s) 674-691, ISSN 2299-0984
Editor: Petsymposium
DOI: 10.56553/popets-2024-0099

Expanding the Measurement of Culture with a Sample of Two Billion Humans

Autores: Nick Obradovich, Ömer Özak, Ignacio Martín, Ignacio Ortuño-Ortín, Edmond Awad, Manuel Cebrián, Rubén Cuevas, Klaus Desmet, Iyad Rahwan, Ángel Cuevas
Publicado en: Journal of the Royal Society Interface, 2022, ISSN 1742-5689
Editor: The Royal Society
DOI: 10.3386/w27827

A new methodology to measure faultlines at scale leveraging digital traces

Autores: Amir Mehrjoo, Rubén Cuevas, Ángel Cuevas
Publicado en: EPJ Data Science, Edición 11, 2023, ISSN 2193-1127
Editor: Springer Nature SharedIt
DOI: 10.1140/epjds/s13688-022-00350-w

Learning Type Inference for Enhanced Dataflow Analysis

Autores: Lukas Seidel, Sedick David Baker Effendi, Xavier Pinho, Konrad Rieck, Brink van der Merwe, Fabian Yamaguchi
Publicado en: Lecture Notes in Computer Science, Computer Security – ESORICS 2023, 2024, Página(s) 184-203
Editor: Springer Nature Switzerland
DOI: 10.1007/978-3-031-51482-1_10

ModSec-Learn: Boosting ModSecurity with Machine Learning

Autores: Christian Scano, Giuseppe Floris, Biagio Montaruli, Luca Demetrio, Andrea Valenza, Luca Compagna, Davide Ariu, Luca Piras, Davide Balzarotti, Battista Biggio
Publicado en: Computer Science > Machine Learning, 2024
Editor: arXiv e-prints
DOI: 10.48550/arxiv.2406.13547

Certified Adversarial Robustness of Machine Learning-based Malware Detectors via (De)Randomized Smoothing

Autores: Daniel Gibert, Luca Demetrio, Giulio Zizzo, Quan Le, Jordi Planes, Battista Biggio
Publicado en: Computer Science > Cryptography and Security, 2024
Editor: arXiv e-prints
DOI: 10.48550/arxiv.2405.00392

Adversarial ModSecurity: Countering Adversarial SQL Injections with Robust Machine Learning

Autores: Montaruli, Biagio; Demetrio, Luca; Valenza, Andrea; Compagna, Luca; Ariu, Davide; Piras, Luca; Balzarotti, Davide; Biggio, Battista
Publicado en: Computer Science - Machine Learning, Edición 3, 2023
Editor: arXiv e-prints
DOI: 10.48550/arxiv.2308.04964

Rag and roll: An end-to-end evaluation of indirect prompt manipulations in llm-based application frameworks

Autores: De Stefano, Gianluca; Pellegrino, Giancarlo; Schönherr, Lea
Publicado en: Computer Science > Cryptography and Security, 2024
Editor: arXiv e-prints
DOI: 10.48550/arxiv.2408.05025

AttackBench: Evaluating Gradient-based Attacks for Adversarial Examples

Autores: Cinà, Antonio Emanuele; Rony, Jérôme; Pintor, Maura; Demetrio, Luca; Demontis, Ambra; Biggio, Battista; Ayed, Ismail Ben; Roli, Fabio
Publicado en: Computer Science > Machine Learning, 2024
Editor: arXiv preprint
DOI: 10.48550/arxiv.2404.19460

Buscando datos de OpenAIRE...

Resultado final

Publicaciones

Compartir esta página Compartir esta página en las redes sociales

Descargar Descargar el contenido de la página