skip to: content | navigation

Bruno Crispo

Sample menu:

• Home page
• Publications
• Students
• Software
• Projects
• On the Press
• Awards
• Back to top

I am hiring!

I have a 2 year post-doctoral position in Security and Privacy and a position as a scientific programmer. To apply, send me an e-mail with your CV and a research statement.

Find more info about the CINI Cyber Security National Lab i am involved with, by clicking on its logo

News

• Apr.. 2017
  Our paper TeICC: Targeted Execution of Inter-Component Communications in Android will be presented at ACM SAC 2017

• Aug. 2016
  Our paper Empirical Analysis on the Use of Dynamic Code Updates in Android and its Security Implications has been accepted for publicaton at NordSec 2016

• Aug. 2016
  Our paper Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps has been accepted for publicaton at PoPETs 2017 issue 1

• July 2016
  Our paper Age, Gender and Operating-hand Estimation on Smart Mobile Devices will be presented at IEEE BioSig 2016, 15th International Conference of the Biometrics Special Interest Group (BIOSIG)

Contact Info Department of Information Engineering and Computer Science (DISI) University of Trento via Sommarive 14, I-38123 Povo (TN), Italy Telephone: +39 0461 28 2099 Fax: +39 0461 28 2093 E-mail: crispodisi.unitn.it (last update 25/7/2016)

Some of my recent papers (check also the full list)

• Attaullah Buriro, Bruno Crispo, Filippo DelFrari, Jeffrey Klardie, Konrad Wrona, ITSME: Multi-modal and Unobtrusive Behavioural User Authentication for Smartphones presented at PASSWORDS 2015.
• Yury Zhauniarovich, Maqsood Ahmad, Olga Gadyatskaya, Bruno Crispo, Fabio Massacci, StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications. presented at Codaspy 2015 .
• Yury Zhauniarovich, Giovanni Russello, Mauro Conti, Bruno Crispo, Earlence Fernandes MOSES: Supporting and Enforcing Security Profiles on Smartphones. Published on IEEE Transactions on Dependable and Secure Computing, 11(3): 211-223 (2014).

Research Interests

• Behavioural Biometrics Several field studies show that users are very reluctant on using traditional authentication methods like PIN and password to authenticate to the new generation of devices like smartphone, smart watches, fitness bands, etc. In this activity we are interested in designing and evaluating new user authentication methods for IoT. These methods are based on behavioral biometrics, thus biometrics based on how users perform particular activities. MEMS technology embedded in almost all these new devices allows the implementation of new biometrics without the need for additional or specialized hardware. Here the challenges is to design methods that at the same time users accept and find easy to use and achieve the necessary accuracy to provide the desired level of security. This topic of research is typically multidisciplinary since involves competences in the area of security and privacy, machine learning and computer-human interactions.
  
• Mobile Platforms Security and Privacy: Smartphones became a pervasive computing and communication platform used by people to perform many activities besides placing and receiving phone calls. However, the protection and security models supported by such platforms have been shown not to adequately address security and privacy concerns of their users. This research activity is structure in two different threads. The first, aims at extending and strengthening the security models and mechanisms of existing smart-phone platforms. Particularly challenging in this domain is to find solutions that can increase the security and privacy of users without affecting usability. The second, acts directly on the mobile applications. Here the focus is the development of innovative techniques that combine static and dynamic approaches to analyse the security of the application. Particularly challenging is the analysis of the code uploaded only at runtime and the analysis of programming constructs that hide their semantics (i.e. reflections).
  
• Encrypted Queries for Cloud This research aims at developing new algorithms and protocols allowing to perform complex queries (i.e. SQL-like) over encrypted data thus obtaining end-to-end confidentiality for Cloud scenarios. The requirement is to prevent or limit the leakage of information about the data are queried, about the query itself (including the source) and about the results of the query. All operations are performed over encrypted data, so there is no need ever to have the data in plaintext. We also study the feasibility of such methods in realistic scenarios (i.e. e-healthcare application, publisher-subscriber systems).
  
• Automotive Security and Privacy In this research thread we investigate the problem of protecting cyber-physical systems. We focus our attention mainly to the automotive industry. Modern cars changed radically in the last 20 years and now some car embeds even hundreds of small and simple micro-controllers. These are all interconnected in order to manage and control the different subsystems of the car (breaking system, motor injection, airbags, etc.) Cars have also capability to communicate among themselves (V2V) and to communicate with surrounding infrastructures (V2I). All this complexity has brought vulnerabilities and attacks that were typical on Internet to this new domain plus some there are specific to this domain. In this research activity we investigate new attack vectors that are possible with car technology, the design of the security of the smallest units of the car (ECU) and the security and privacy of the many networking technology they are going to use.

Research projects I am currently involved in

• NeCS: European Network fro Cyber Security (EU)
  The European Network for Cybersecurity (NECS) was formed in response to the increased need of highly qualified experts able to cope with all the aspects of the European cyber security strategy that is currently under implementation.There is indeed an evident need and opportunity to grow a new generation of young researchers able to answer this demand for expertize. This 4-year project for a cybersecurity research and training network aims at contributing to answer this increased demand of human expertise in the field.
  
• SecurePhone EIT Digital
  The project delivers a high secure smartphone targeted mainly for the public safety market and top management. Up to date, the market does not offer a solution that combine high security and usability. Our top-grade, HW-secured smartphone platform features trusted boot, secure storage, tamper resistant measures and innovative biometric authentication methods based on the behaviour of the user and its interactions with the handset. Biometrics templates as well as other sensitive information need to be protected while stored on the phone, This will be guaranteed by secure storage on chip designed and produced by STM. The secure handset will be produced and commercialized by Bittium. On this respect, a detailed business plan and a comprehensive marketing and commercial strategy will be produced.
  
• OF2CEN: Online Fraud Cyber Centre and Experts Network (EU)
  On-line frauds had a tremendous increase in the last few years. Modern on-line frauds (possible through an illegal use of internet) are the result of complex and sophisticated criminal activities that leverage technical vulnerabilities, misconfigurations, weak websites, malicious codes and lack of user awareness. OF2CEN has the objective to fight e-crime through a strong cooperative network of actors involved in the detection and management of specific electronic crimes, including on-line frauds. By taking advantages of collaboration among banks, credit card issuers, European law enforcement agencies and recognized risk management firms, the project implement an Information Sharing platform in order to analyze and mitigate electronic crimes risks.
  

Scientific events I am currently involved in

• ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec 2016) , Darmstadt, Germany, 18-20 July 2016. (Program Committee member)
• ISC 2016: the 19th Information Security Conference , Honululu, HI, USA, 5-7 September 2016. (Program Committee member)

Copyright © 2011 Bruno Crispo
Template design by Andreas Viklund and Gian Pietro Picco