Program

[08:30 - 10:10]
Session 1
Chair: Enrico Russo, University of Genova
[08:30 - 09:00]
Welcome, introductions and opening remarks
[09:00 - 09:20]
A Few to Unveil Them All: Leveraging Mixture of Experts on Minimal Data for Detecting Covert Channels in Containerized Cloud Infrastructures
Luca Caviglione, Massimo Guarascio, Francesco Sergio Pisani and Marco Zuppelli
[09:20 - 09:35]
Work-in-Progress: A Sidecar Proxy for Usable and Performance-Adaptable End-to-End Protection of Communications in Cloud Native Applications
Stefano Berlato, Matteo Rizzi, Matteo Franzil, Silvio Cretti, Pietro De Matteis and Roberto Carbone.
[09:35 - 09:55]
Analyzing the Impact of Obfuscation on the Runtime Execution of Android Apps at Kernel Level
Lorenzo Valeriani, Luca Verderame, Giuseppe Bianchi and Alessio Merlo.
[09:55 - 10:10]
Work-in-Progress: Northcape: Embedded Real-Time Capability-Based Addressing
Eric Ackermann, Noah Mauthe and Sven Bugiel.
[10:15 - 10:35]
Morning break
[10:40 - 12:30]
Session 2
Chair: Francesco Lupia, University of Calabria
[10:40 - 11:20]
Invited Talk
Vincenzo De Angelis, University of Calabria
Title: Securing IoT: Addressing Replay and MITM Attacks through Real-World Testing and Theoretical Integrity Solutions

Abstract:
Due to their proliferation, implementing security features in IoT devices is becoming a primary concern. This talk focuses on the practical and theoretical aspects of securing IoT devices against replay and Man-in-the-Middle (MITM) attacks. The adoption of an ad-hoc deployed tool, REPLIOT, allows the detection of vulnerabilities to replay attacks across various IoT devices automatically. The analysis highlights security flaws, including non-compliance with established guidelines, and the potential consequences of these vulnerabilities. The application of the MITM proxy tool for detecting and analyzing MITM attacks will be discussed, showing how attackers can intercept and manipulate IoT device communications. Finally, in the theoretical domain, a solution to ensure data flow integrity within the MQTT protocol will be presented. MITM attacks in MQTT are intrinsically present due to the mediation of brokers between publishers and subscribers.
The solution, based on Merkle Hash Trees, provides a robust framework for maintaining data integrity and mitigating the risks of data tampering. The presentation details the methodology, results, and proposed mitigations, offering insights into the practical implementation of security measures and the development of theoretical frameworks for enhancing IoT security.

[11:20 - 11:35]
Work-in-Progress: Protecting Knowledge Graph-based Descriptions of Digital Twins
Giuseppe Salerno, Andrea Pugliese and Cristian Molinaro.
[11:35 - 11:50]
Work-in-Progress: Structuring the complexity: an ontological approach to analyze the cybersecurity of a 5G service
Andrea Bernardini, Francesco D'Alterio, Leonardo Sagratella, Marina Settembre and Nicolò Maunero.
[11:50 - 12:05]
Work-In-Progress: Consistent and Tamper-Proof Acquisition of Automatically Verifiable Forensic Web Evidence
Alessandro Cantelli Forti, Giacomo Longo and Enrico Russo.
[12:05 - 12:25]
Automating Penetration Testing with MeTeOr
Michele Cerreta and Gabriele Costa.
[12:25 - 12:30]
Closing remarks
[12:30]
Lunch
Copyright © 2024
The workshop is developed within the SEcurity and RIghts in the CyberSpace (SERICS) foundation framework (https://serics.eu/). The Foundation's main purpose is scientific and technological research and, in this perspective, it is established to be the implementing entity of the extended Partnership "SERICS - Security and Rights in CyberSpace" financed following the participation in the Public Notice "for the presentation of Proposals for the creation of "Partnerships extended to universities research centers, companies for the funding of basic research projects" - as part of the National Recovery and Resilience Plan, Mission 4 "Education and Research" - Component 2 "From Research to Enterprise" - Investment 1. 3, funded by the European Union - NextGenerationEU - Notice No. 341 of 15.3.2022.