skip to: content | navigation

Bruno Crispo

Sample menu:

• Home page
• Publications
• Students
• Software
• Projects
• On the Press
• Patents
• Back to top

I am hiring!

I am looking for a PostDoc on the topic of Security of the Internet of Things. if you are interested, please drop me an e-mail with your CV.
I am also looking for a PhD candidate on one of the following topics: Security of the Internet of Things, Adversarial Machine Learning, Web attacks and their impact analysis in the wild. If you are interested, please drop me an e-mail with your CV.

Find more info about our new results on behavioural biometrics here.

Find more info about the CINI Cyber Security National Lab i am involved with, by clicking on its logo .

News

• Dec 2018
  Finally, our paper A Bimodal Behavioral Biometric-based User Authentication Scheme for Smartphones has been accepted for publication in the Journal of Information Security and Applications.
• Nov 2018
  Finally, our paper PrivICN: Privacy-Preserving Content Retrieval in Information-Centric Networking has been accepted for publication in the Computer Networks Journal.
• Sept 2018
  Our paper Polyglot CerberOS: Resource Security, Interoperability and Multi-Tenancy for IoT Services on a Multilingual Platform has been accepted at MobiQuitous 2018.
• Sept 2018
  Our paper SlimIoT: Scalable Lightweight Attestation Protocol For the Internet of Things has been accepted at IEEE Conference on Dependable and Secure Computing (IEEE DSC).
• Sept 2018
  Our paper WISE: Lightweight Intelligent Swarm Attestation Scheme for IoT (The Verifier's Perspective) has been accepted at 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).
• May 2018
  Our paper Large-Scale Analysis of Style Injection by Relative Path Overwrite has been accepted at The Web Conference 2018 (formerly known as WWW). The paper has been shortlisted for the best paper award competition!

Contact Info Department of Computer Science and Information Engineering (DISI) University of Trento via Sommarive 14, I-38123 Povo (TN), Italy Telephone: +39 0461 28 2099 Fax: +39 0461 28 2093 E-mail: bruno.crispounitn.it and Visiting Professor at DistriNet at KU Leuven in Belgium Last update (14/11/2018)

Some of my recent papers (check also the full list)

• Mahmoud Ammar, Giovanni Russello, Bruno Crispo, Internet of Things: A survey on the security of IoT frameworks. Journal of Information Security and Applications 38: 8-27 (2018).
• Sajjad Arshad, Seyed Ali Mirheidari, Tobias Lauinger, Bruno Crispo, Engin Kirda, William K. Robertson, Large-Scale Analysis of Style Injection by Relative Path Overwrite. Accepted at The Web Conference 2018 (formerly known as WWW). The paper has been shortlisted for the best paper award competition!
• Mahmoud Ammar, Wilfried Daniels, Bruno Crispo, Danny Hughes: SPEED: Secure Provable Erasure for Class-1 IoT Devices. accepted and presented at CODASPY 2018.

Research Interests

• Security of Internet of Things: This research thread investigates the problem of protecting Internet of Things and cyber-physical systems. In particular, I study the emergence of new attack vectors caused by the interconnection of subsystems that have never been connected to Internet before. I don't limit my research to attacks, but I also investigate defense mechanisms. My main interest is on the protection of the simplest classes of devices, that are also the most widely deployed, that could not be equipped with special hardware to protect cryptographic keys and in some cases not even with primary memory protection. In this domain, my interest is on software-based solutions.
• Behavioural Biometrics: Several field studies show that users are very reluctant on using traditional authentication methods like PIN and password to authenticate to the new generation of devices like smartphone, smart watches, fitness bands, etc. In this activity I am interested in designing and evaluating new user authentication methods for IoT. These methods are based on behavioral biometrics, thus biometrics based on how users perform particular activities. MEMS technology embedded in almost all these new devices allows the implementation of new biometrics without the need for additional or specialized hardware. Here the challenge is to design methods that users accept and find easy to use and that achieve the necessary accuracy to provide the desired level of security. This topic of research is typically multidisciplinary since involves competences in the area of security and privacy, machine learning and computer-human interactions.
• Large-scale analysis of web-based attacks: Recently, I started working on large-scale analysis of new web-based attacks. The first target here is the discovery of new vulnerabilities and attacks to exploit them. The second is the analysis of the potential impact of each of these vulnerabilities by analyzing large portions of website and how many of these are subject to the discovered vulnerabilities.
• Mobile Platforms Security and Privacy: Smartphones became a pervasive computing and communication platform used by people to perform many activities besides placing and receiving phone calls. However, the protection and security models supported by such platforms have been shown not to adequately address security and privacy concerns of their users. This research activity is structured in two different threads. The first, aims at extending and strengthening the security models and mechanisms of existing smart-phone platforms and OSes. Particularly challenging in this domain is to find solutions that can increase the security and privacy of users without affecting usability. The second thread, acts directly on the mobile applications. Here the focus is the development of innovative techniques that combine static and dynamic approaches to analyse the security of applications. Particularly challenging is the analysis of the code uploaded only at runtime and the analysis of programming constructs that hide their semantics (i.e. reflections).

Research projects I am currently involved in

• NeCS: European Network fro Cyber Security (EU)
  The European Network for Cybersecurity (NECS) was formed in response to the increased need of highly qualified experts able to cope with all the aspects of the European cyber security strategy that is currently under implementation.There is indeed an evident need and opportunity to grow a new generation of young researchers able to answer this demand for expertize. This 4-year project for a cybersecurity research and training network aims at contributing to answer this increased demand of human expertise in the field.
• TENSE+ : Security and Privacy for Cyber-Physical Systems and the Internet of Things with KULeuven
  The “Internet of Things” (IoT) is expected to continue to grow exponentially in the foreseeable future. An important recent trend is that the connection between the Internet and elements of the physical world (such as machines, robots, cars, production facilities, and so forth) is getting stronger and stronger. Moreover, these systems are integrating more and more with and within our human bodies; currently we observe this trend for wellness and medical applications and one can expect that this will result in growing processing of information in and around the human body. The hardware and software infrastructure that supports this global network of systems is one of the most impressive technological achievements of mankind. But unfortunately, as many incidents over the past years have shown, it is not without security flaws. The main objective of this research project is to develop technology that supports the construction of secure cyber-physical systems and a secure Internet of Things.

Scientific events I am currently involved in

• 3rd International NeCS Winter PhD School on Critical Infrastructure Protection, Trento, on February, 2019. (Chair)
• In the Program Committe of The Web Conference 2019 (WWW2019).
• In the Program Committe of IEEE CLOUD 2019.
• In the Program Committe of the 29th IEEE International Symposium on Software Reliability Engineering (ISSRE 2018).
• In the Program Committe of the 53rd IEEE International Conference on Communications - Communication and Information Systems Security Symposium (IEEE ICC'19 - CISS).

Copyright © 2011 Bruno Crispo
Template design by Andreas Viklund and Gian Pietro Picco