Recent Academic Service

• ACM CCS 2024, ACM Conference on Computer and Communications Security (CCS). PC member
• IEEE S&P 2024, IEEE Symposium on Security and Privacy. PC member
• IEEE EuroS&P 2024, IEEE European Symposium on Security and Privacy. PC member
• SecWeb 20021-2024, Workshop on Web Security, co-located with IEEE S&P. PC member and Co-chair (2024)
• MADWeb 2023-2024, Workshop on Measurements, Attacks, and Defenses for the Web, co-located with NDSS. PC member
• ACSAC 2023, Annual Computer Security Applications Conference (ACSAC). PC member
• WOOT 2022-2023, IEEE Workshop on Offensive Technologies, co-located with IEEE S&P. PC member and Reproducibility chair (2023)
• EuroSec 2022-2024, European Workshop on System Security, co-located with EuroSys. PC member, Publicity Chair (2022)
• TheWebConf 2022, The Web Conference (formerly WWW conference). PC member
• USENIX Security 2022, AEC member
• STM 2021, Workshop on Security and Trust Management co-located with ESORICS 2021. PC member
• CSR DS4CS 2021, IEEE CSR Workshop on Data Science for Cyber Security. PC member
• Frontiers in Computer Science, Springer. Review Editor for Computer Security
• The Computer Journal, Oxford University Press. Reviewer
• Journal of Cybersecurity, Oxford University Press. Reviewer

Teaching

• 2020—now (WS): lecturer, Attacks and Defenses in Computer Security (UE) [192.111], TU Wien
• 2019—now (SS): lecturer, Introduction to Security (UE) [192.082], TU Wien
• 2019—now (SS): lecturer, Introduction to Security (VU) [184.783], TU Wien
• 2020/21 (WS): lecturer, Systems and Applications Security (VU) [192.112], TU Wien
• 2019 (WS): guest lecturer, Advanced Internet Security (VU) [192.091], TU Wien
• 2019 (WS): lecturer, Capture the Flag (SE) [192.092], TU Wien
• 2015/16, 2017/18: teaching assistant, Security 1 [CM0475], Security 2 [CM0494], Ca' Foscari University of Venice
• 2013/14, 2014/15: teaching assistant, Security of Computer Systems [CM0288], Ca' Foscari University of Venice

Selected Publications

• Web Platform Threats: Automated Detection of Web Security Issues With WPT. USENIX Security. 2024.
  P. Bernardo, L. Veronese, V. Valle, S. Calzavara, M. Squarcina, P. Adão, M. Maffei.
  
  paper bibtex

  Client-side security mechanisms implemented by Web browsers, such as cookie security attributes and the Mixed Content policy, are of paramount importance to protect Web applications. Unfortunately, the design and implementation of such mechanisms are complicated and error-prone, potentially exposing Web applications to security vulnerabilities. In this paper, we present a practical framework to formally and automatically detect security flaws in client-side security mechanisms. In particular, we leverage Web Platform Tests (WPT), a popular cross-browser test suite, to automatically collect browser execution traces and match them against Web invariants, i.e., intended security properties of Web mechanisms expressed in first-order logic. We demonstrate the effectiveness of our approach by validating 9 invariants against the WPT test suite, discovering violations with clear security implications in 104 tests for Firefox, Chromium and Safari. We disclosed the root causes of these violations to browser vendors and standard bodies, which resulted in 8 individual reports and one CVE on Safari.

• Tabbed Out: Subverting the Android Custom Tab Security Model. IEEE Symposium on Security and Privacy (S&P). 2024.
  P. Beer, M. Squarcina, L. Veronese, M. Lindorfer.
  
  paper bibtex

  Mobile operating systems provide developers with various mobile-to-Web bridges to display Web pages inside native applications. A recently introduced component called Custom Tab (CT) provides an outstanding feature to overcome the usability limitations of traditional WebViews: it shares the state with the underlying browser. Similar to traditional WebViews, it can also keep the host application informed about ongoing Web navigations. In this paper, we perform the first systematic security evaluation of the CT component and show how the design of its security model did not consider cross-context state inference attacks when the feature was introduced. Additionally, we show how CTs can be exploited for fine-grained exfiltration of sensitive user browsing data, violation of Web session integrity by circumventing SameSite cookies, and how UI customization of the CT component can lead to phishing and information leakage. To assess the prevalence of CT in the wild and the practicality of the mitigation strategies we propose, we carry out the first large-scale analysis of CT usage on over 50K Android applications. Our analysis reveals that their usage is ubiquitous, with 83% applications embedding CTs either directly or as part of a library. We have responsibly disclosed all our findings to Google, which has already taken steps to apply targeted mitigations, assigned three CVEs for the discovered vulnerabilities, and awarded us with $10,000 in bounties. We are further engaging with the Chrome team to discuss possible fixes to address core issues of the CT security model.

• Cookie Crumbles: Breaking and Fixing Web Session Integrity. USENIX Security. 2023.
  M. Squarcina, P. Adao, L. Veronese, M. Maffei.
  
  paper artifact bibtex slides BlackHat USA slides USENIX

  Cookies have a long history of vulnerabilities targeting their confidentiality and integrity. To address these issues, new mechanisms have been proposed and implemented in browsers and server-side applications. Notably, improvements to the Secure attribute and cookie prefixes aim to strengthen cookie integrity against network and same-site attackers, whereas SameSite cookies have been touted as the solution to CSRF. On the server, token-based protections are considered an effective defense for CSRF in the synchronizer token pattern variant. In this paper, we question the effectiveness of these protections and study the real-world security implications of cookie integrity issues, showing how security mechanisms previously considered robust can be bypassed, exposing Web applications to session integrity attacks such as session fixation and cross-origin request forgery (CORF). These flaws are not only implementation-specific bugs but are also caused by compositionality issues of security mechanisms or vulnerabilities in the standard. Our research contributed to 12 CVEs, 27 vulnerability disclosures, and updates to the cookie standard. It comprises (i) a thorough cross-browser evaluation of cookie integrity issues, that results in new attacks originating from implementation or specification inconsistencies, and (ii) a security analysis of the top 13 Web frameworks, exposing session integrity vulnerabilities in 9 of them. We discuss our responsible disclosure and propose practical mitigations.

• WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms. IEEE Symposium on Security and Privacy (S&P). 2023.
  L. Veronese, B. Farinier, P. Bernardo, M. Tempesta, M. Squarcina, M. Maffei.
  
  paper bibtex

  The complexity of browsers has steadily increased over the years, driven by the continuous introduction and update of Web platform components, such as novel Web APIs and security mechanisms. Their specifications are manually reviewed by experts to identify potential security issues. However, this process has proved to be error-prone due to the extensiveness of modern browser specifications and the interplay between new and existing Web platform components. To tackle this problem, we developed WebSpec, the first formal security framework for the analysis of browser security mechanisms, which enables both the automatic discovery of logical flaws and the development of machine-checked security proofs. WebSpec, in particular, includes a comprehensive semantic model of the browser in the Coq proof assistant, a formalization in this model of ten Web security invariants, and a toolchain turning the Coq model and the Web invariants into SMT-lib formulas to enable model checking with the Z3 theorem prover. If a violation is found, the toolchain automatically generates executable tests corresponding to the discovered attack trace, which is validated across major browsers. We showcase the effectiveness of WebSpec by discovering two new logical flaws caused by the interaction of different browser mechanisms and by identifying three previously discovered logical flaws in the current Web platform, as well as five in old versions. Finally, we show how WebSpec can aid the verification of our proposed changes to amend the reported inconsistencies affecting the current Web platform.

• The Bridge between Web Applications and Mobile Platforms is Still Broken. Workshops of the IEEE Symposium on Security and Privacy (SecWeb). 2022.
  P. Beer, L. Veronese, M. Squarcina, M. Lindorfer.
  
  paper bibtex

  The traditional way for users to access web content on mobile devices is by loading websites in a standalone browser like Google Chrome or Firefox. Websites and recently also Progressive Web Applications (PWAs) can, however, not only be rendered in such standalone browsers, but also in so-called mobile Web Views embedded in native mobile applications. PWAs are a new paradigm in web development that brings native app-like features, such as push notifications and offline usage, to the Web. We investigate the security of those Web Views at the intersection of application security and web security and present two new attacks: (1) an attack in which Android’s Custom Tab browser feature serves as a cross-site oracle to infer information about a user on target websites and (2) a vulnerability in Web View plugins of two third-party development frameworks that allows an attacker to use a vulnerable application to access the victim's microphone and camera stealthily. We perform a preliminary real-world evaluation on the top 250 free Android applications and found that 5% of those that request microphone or camera permissions are potentially vulnerable to the Web View attack.

• Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web. USENIX Security. 2021.
  M. Squarcina, M. Tempesta, L. Veronese, S. Calzavara, M. Maffei.
  
  paper bibtex talk website

  Related-domain attackers control a sibling domain of their target web application, e.g., as the result of a subdomain takeover. Despite their additional power over traditional web attackers, related-domain attackers received only limited attention from the research community. In this paper we define and quantify for the first time the threats that related-domain attackers pose to web application security. In particular, we first clarify the capabilities that related-domain attackers can acquire through different attack vectors, showing that different instances of the related-domain attacker concept are worth attention. We then study how these capabilities can be abused to compromise web application security by focusing on different angles, including cookies, CSP, CORS, postMessage, and domain relaxation. By building on this framework, we report on a large-scale security measurement on the top 50k domains from the Tranco list that led to the discovery of vulnerabilities in 887 sites, where we quantified the threats posed by related-domain attackers to popular web applications.

• The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches. 15th IEEE Workshop on Offensive Technologies (WOOT 21). 2021.
  M. Squarcina, S. Calzavara, M. Maffei.
  
  paper bibtex talk website

  Service workers boost the user experience of modern web applications by taking advantage of the Cache API to improve responsiveness and support offline usage. In this paper, we present the first security analysis of the threats posed by this programming practice, identifying an attack with major security implications. In particular, we show how a traditional XSS attack can abuse the Cache API to escalate into a personin-the-middle attack against cached content, thus compromising its confidentiality and integrity. Remarkably, this attack enables new threats which are beyond the scope of traditional XSS. After defining the attack, we study its prevalence in the wild, finding that the large majority of the sites which register service workers using the Cache API are vulnerable as long as a single webpage in the same origin of the service worker is affected by an XSS. Finally, we propose a browser-side countermeasure against this attack, and we analyze its effectiveness and practicality in terms of security benefits and backward compatibility with existing web applications.

• Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. IEEE Symposium on Security and Privacy (S&P). 2019.
  S. Calzavara, R. Focardi, M. Nemec, A. Rabitti, M. Squarcina.
  
  paper website

  HTTPS aims at securing communication over the Web by providing a cryptographic protection layer that ensures the confidentiality and integrity of communication and enables client/server authentication. However, HTTPS is based on the SSL/TLS protocol suites that have been shown to be vulnerable to various attacks in the years. This has required fixes and mitigations both in the servers and in the browsers, producing a complicated mixture of protocol versions and implementations in the wild, which makes it unclear which attacks are still effective on the modern Web and what is their import on web application security. In this paper, we present the first systematic quantitative evaluation of web application insecurity due to cryptographic vulnerabilities. We specify attack conditions against TLS using attack trees and we crawl the Alexa Top 10k to assess the import of these issues on page integrity, authentication credentials and web tracking. Our results show that the security of a consistent number of websites is severely harmed by cryptographic weaknesses that, in many cases, are due to external or related-domain hosts. This empirically, yet systematically demonstrates how a relatively limited number of exploitable HTTPS vulnerabilities are amplified by the complexity of the web ecosystem.

• WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring. USENIX Security. 2018.
  S. Calzavara, R. Focardi, M. Maffei, C. Schneidewind, M. Squarcina, M. Tempesta.
  
  arXiv paper slides

  We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with the intended protocol flow, as well as confidentiality and integrity properties of messages. We formally prove that WPSE is expressive enough to protect web applications from a wide range of protocol implementation bugs and web attacks. We discuss concrete examples of attacks which can be prevented by WPSE on OAuth 2.0 and SAML 2.0, including a novel attack on the Google implementation of SAML 2.0 which we discovered by formalizing the protocol specification in WPSE. Moreover, we use WPSE to carry out an extensive experimental evaluation of OAuth 2.0 in the wild. Out of 90 tested websites, we identify security flaws in 55 websites (61.1%), including new critical vulnerabilities introduced by tracking libraries such as Facebook Pixel, all of which fixable by WPSE. Finally, we show that WPSE works flawlessly on 83 websites (92.2%), with the 7 compatibility issues being caused by custom implementations deviating from the OAuth 2.0 specification, one of which introducing a critical vulnerability.

• Mind Your Keys? A Security Evaluation of Java Keystores. Network and Distributed System Security Symposium (NDSS 2018). 2018.
  R. Focardi, F. Palmarini, G. Steel, M. Squarcina, M. Tempesta.
  
  paper slides talk

  Cryptography is complex and variegate and re-quires to combine different algorithms and mechanisms in non-trivial ways. This complexity is often source of vulnerabilities.Secure key management is one of the most critical aspects,since leaking a cryptographic key vanishes any advantage ofusing cryptography. In this paper we analyze Java keystores,the standard way to manage and securely store keys in Javaapplications. We consider seven keystore implementations fromOracle JDK and Bouncy Castle, a widespread cryptographiclibrary. We describe, in detail, how the various keystores enforceconfidentiality and integrity of the stored keys through password-based cryptography and we show that many of the implementa-tions do not adhere to state-of-the-art cryptographic standards.We investigate the resistance to offline attacks and we show that,for non-compliant keystores, brute-forcing can be up to threeorders of magnitude faster with respect to the most compliantkeystore. Additionally, when an attacker can tamper with thekeystore file, some implementations are vulnerable to denial ofservice attacks or, in the worst case, arbitrary code execution.Finally we discuss the fixes implemented by Oracle and BouncyCastle developers following our responsible disclosure.

• Surviving the Web: A Journey into Web Session Security. ACM Computing Surveys (CSUR). 2017.
  S. Calzavara, R. Focardi, M. Squarcina, M. Tempesta.
  
  paper

  We survey the most common attacks against web sessions, i.e., attacks which target honest web browser users establishing an authenticated session with a trusted web application. We then review existing security solutions which prevent or mitigate the different attacks, by evaluating them along four different axes: protection, usability, compatibility and ease of deployment. Based on this survey, we identify five guidelines that, to different extents, have been taken into account by the designers of the different proposals we reviewed. We believe that these guidelines can be helpful for the development of innovative solutions approaching web security in a more systematic and comprehensive way.

• Run-time Attack Detection in Cryptographic APIs. 30th Computer Security Foundations Symposium (CSF 2017). 2017.
  R. Focardi, M. Squarcina.
  
  paper slides

  Cryptographic APIs are often vulnerable to attacks that compromise sensitive cryptographic keys. In the literature we find many proposals for preventing or mitigating such attacks but they typically require to modify the API or to configure it in a way that might break existing applications. This makes it hard to adopt such proposals, especially because security APIs are often used in highly sensitive settings, such as financial and critical infrastructures, where systems are rarely modified and legacy applications are very common. In this paper we take a different approach. We propose an effective method to monitor existing cryptographic systems in order to detect, and possibly prevent, the leakage of sensitive cryptographic keys. The method collects logs for various devices and cryptographic services and is able to detect, offline, any leakage of sensitive keys, under the assumption that a key fingerprint is provided for each sensitive key. We define key security formally and we prove that the method is sound, complete and efficient. We also show that without key fingerprinting completeness is lost, i.e., some attacks cannot be detected. We discuss possible practical implementations and we develop a proof-of-concept log analysis tool for PKCS#11 that is able to detect, on a significant fragment of the API, all key-management attacks from the literature.

• Gran: model checking grsecurity RBAC policies. 25th Computer Security Foundations Symposium (CSF 2012). 2012.
  M. Bugliesi, S. Calzavara, R. Focardi, M. Squarcina.
  
  paper

  Role-based Access Control (RBAC) is one of the most widespread security mechanisms in use today. Given the growing complexity of policy languages and access control systems, verifying that such systems enforce the desired invariants is recognized as a security problem of crucial importance. In the present paper, we develop a framework for the formal verification of grsecurity, an access control system developed on top of Unix/Linux systems. The verification problem in grsecurity presents much of the complexity of modern RBAC systems, due to the presence of policy state changes that may arise both from explicit administrative primitives supported by grsecurity, and as the result of the interaction with the underlying operating system facilities. We develop a formal semantics for grsecurity's RBAC system, based on a labelled transition system, and a sound abstraction of that semantics providing a bounded approximation, amenable to model checking. We report on the result of the experimental analysis conducted with gran, the model checker we implemented based on our abstract semantics, on existing public servers running grsecurity to implement their RBAC systems.

More on my scholar profile.

Students & Theses

If you are interested in doing a thesis with me, please follow these instructions. I'll be happy to reply!

Recently supervised students:

• Alex Ploner, ongoing (with Mauro Tempesta)
• Clemens Holter, ongoing
• Alina Schärmer, ongoing
• Paul Florian Sattleger, ongoing (with Martina Lindorfer and Jakob Bleier)
• Adrian Chroust, A Cross-platform Analysis of the HbbTV Standard (supervised with Carlotta Tagliaro).
• Bernhard Kralofsky, Exploration of Logic Vulnerabilities in Frameworks Implementing CSRF Protections (supervised with Lorenzo Veronese).
• Matthias Prader, Understanding the shortcomings of the Public Suffix List.
• Philipp Beer, The Broken Bridge between Web Applications and Mobile Platforms (supervised with Martina Lindorfer).
• Patric Gruber, Protex: Towards Automated HTTP-based Protocol Extraction from Traffic Captures.

Active Projects

• WWTF ICT22-060, Fixing the Broken Bridge Between Mobile Apps and the Web.
  Duration 48 months (2023 - 2027), funding amount: € 798.760.
  Co-PI with Martina Lindorfer

We are hiring! Send me an email if you are interested in working with us!

Media

• Austria Cyber Security Challenge 2024 startet: Neuer Modus fordert Hacker. Futurezone, 2024
• From Classroom to Cyberfront: Capture the Flag TU Wien Informatics, 2024
• Internet Security: the Danger of Nameless Cookies. TU Wien news, 2023
• Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities. Redefining CyberSecurity Podcast, 2023
• Capture the Flag: Can You Handle the Heat? TU Wien Informatics, 2023
• ECSC: The 'Eurovision' of Cyber Security. TU Wien Informatics, 2022
• The hackers and me: Studying Hacking? TU Wien news, 2022
• The Hackers and Me: Hacking and Politics. TU Wien news, 2022
• The hackers and me: The password. TU Wien news, 2021
• Danger Caused by Subdomains. TU Wien news, 2021

Recorded Talks

• Cookie Crumbles: Unveiling Web Session Integrity Vulnerabilities. Black Hat USA, 2023
• Breaking the Boundaries: Related-Domain Attackers in the Modern Web. SINFO 28, 2021
• Hack the ______! Conquering Flags on the World's Stage. No Hat, 2019

Selected CVEs

• Safari CVE-2023-38592, CVE-2024-23284
• Firefox CVE-2023-29547, CVE-2023-4055
• Chrome CVE-2024-1672
• Werkzeug CVE-2023-23934
• Fastify CVE-2023-29020, CVE-2023-27495, CVE-2023-29019
• PHP CVE-2022-31629, CVE-2024-2756
• ReactPHP CVE-2022-36032
• Passport CVE-2022-25896
• Symfony CVE-2022-24895
• CodeIgniter CVE-2022-35943
• Oracle JDK CVE-2018-2794, CVE-2017-10356, CVE-2017-10345

Music

I'm a jungle/drum'n'bass DJ, still using turntables and carrying around a 30kg record bag. You can find a selection of my old dj sets on mixcloud. More recently I've started streaming on Twitch, follow me if you want to be notified when I go live.