MinimalBlue

Hi there. I’m Marco Squarcina, also known as lavish if we met online. I’m a Postdoctoral Researcher focused mainly on web security at TU Wien. I’m passionate about computer security and hacking in its broadest sense. I play and organise CTFs as a proud member of c00kies@venice and mhackeroni. For a couple of years I’ve been made the coach of the national cybersecurity team in Italy for the European Cyber Security Challenge project. Feel free to drop me a mail if you want to get in touch! My PGP key is here if needed.

Publications

Conferences

• S. Calzavara, R. Focardi, M. Nemec, A. Rabitti, M. Squarcina. Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. To appear in the proceedings of IEEE Symposium on Security and Privacy (S&P). 2019.
• S. Calzavara, R. Focardi, M. Maffei, C. Schneidewind, M. Squarcina, M. Tempesta. WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring. In the proceedings of USENIX Security. 2018. arXiv pdf slides
• S. Calzavara, R. Focardi, M. Squarcina, M. Tempesta. Surviving the Web: A Journey into Web Session Security (extended abstract). The Web Conference (Journal Track). 2018 . Full version pdf
• R. Focardi, F. Palmarini, G. Steel, M. Squarcina, M. Tempesta. Mind Your Keys? A Security Evaluation of Java Keystores. In the proceedings of The Network and Distributed System Security Symposium (NDSS 2018). 2018. pdf slides video
• R. Focardi, M. Squarcina. Run-time Attack Detection in Cryptographic APIs. In the proceedings of the 30th Computer Security Foundations Symposium (CSF 2017). 2017. pdf slides
• S. Das, R. Focardi, F. Luccio, E. Markou, D. Moro, M. Squarcina. Gathering of Robots in a Ring with Mobile Faults. In the proceedings of the 17th Italian Conference on Theoretical Computer Science (ICTCS 2016). 2016. pdf
• R. Focardi, F. Luccio, M. Squarcina. Fast SQL Blind Injections in High Latency Networks. In the proceedings of the 1st AESS European Conference on Satellite Telecommunications, Security and Privacy Special Track (ESTEL 2012). 2012. pdf
• M. Bugliesi, S. Calzavara, R. Focardi, M. Squarcina. Gran: model checking grsecurity RBAC policies. In the proceedings of the 25th Computer Security Foundations Symposium (CSF 2012). 2012. pdf

Journals

• S. Calzavara, R. Focardi, M. Squarcina, M. Tempesta. Surviving the Web: A Journey into Web Session Security. ACM Computing Surveys (CSUR). 2017. Pre-print version: pdf

Workshops

• G. Caiazza, R. Focardi, M. Squarcina. Run-time analysis of PKCS#11 attacks. In the proceedings of the 8th International Workshop on Analysis of Security APIs (ASA-8). 2015. pdf

Vulnerabilities

CVEs

• CVE-2018-2794, Oracle Java, CVSS 3.0 Base Score 7.7 (HIGH)
• CVE-2017-10356, Oracle Java, CVSS 3.0 Base Score 6.2 (MEDIUM)
• CVE-2017-10345, Oracle Java, CVSS 3.0 Base Score 3.1 (LOW)

Misc

• SAML2.0, Login CSRF on Google

Teaching

• Security 1 [CM0475], Security 2 [CM0494] (A.Y. 2015/16 - 2017/18)
• Security of Computer Systems [CM0288] (A.Y. 2013/14 - 2014/15)