Workshop on Security Frameworks
WSF22 - The 2022 Workshop on Security Frameworks
"Security Testing"
Under the auspices of CINI Cybersecurity National Laboratory
Sponsored by Intrapresa
20th December 2022
Dipartimento di Matematica e Informatica
Università di Catania
WSF22 - The 2022 edition - 20th edition in the series!
Go around and sell the ultimate, comprehensive yet readily-applicable, Security Testing methodology and you'll see your bank account leaven to heaven (what a rhyme!) as well as some Turing Award descend on you, for good measure. The need to test that cybersecurity is practically working couldn't be more pervasive this minute. For sure, you will want to protect your modern car from any form of intrusion and will want to protect your Alexa from someone else's issuance of voice commands in your stead. Protection benefits from an ontological representation of the applicable measures and improves if it is made somewhat intelligent (yes, Machine Learning yet again!). Here applies OWASP's Web Security Testing Guide v4.2 page 40, which prescribes testing each and every phase of your software development effort. Testing calls for fuzzing (not a rhyme this time 'round!) more and more often today, mimicking that sort of juvenile attitude at thrusting a Hot Wheels car bullet-fast to the wall to see if the die cast holds together. Funny, eh?! But valid too, to spot software vulnerabilities especially, and itself challenging. We shall see that a challenge is to fuzz systems that make state, and another one is to fuzz systems that fork over child processes, open challenges in fact, so that the hunt for the golden approach continues. Still, we know from kindergarten that cybersecurity threats retain some likelihood, yet subjectivity hinders the understanding of that likelihood. Get your own flavour of all the above by attending this year's event — yes, again in person.
Talk abstracts
Workshop Programme (CET Time)
- 15:00-15:05 G. Bella: Opening Remarks
- 15:05-15:10 S. Riccobene, Vice Direttore DMI: Welcome
- 15:10-15:20 G. Puccia, CEO Intrapresa S.r.l.: Short address
- 15:20-15:50 I. Mercanti, Università di Perugia, Italy: "Can blockchain satisfy all e-voting system properties?"
- 15:50-16:20 G. Castiglione, Università di Catania, Italy: "Towards ontology-inspired offensive security"
- 16:20-16:50 M. Raciti, Scuola IMT Alti Studi Lucca, Italy: "Risk assessement with AILA: Automated and Intelligent Likelihood Assignment"
- 16:50-17:00 Break
- 17:00-17:30 Cristian Daniele, Radboud University, The Netherlands: "Fuzzers for stateful systems: Survey and Research Directions"
- 17:30-18:00 Sergio Esposito, Royal Holloway University of London, UK: "Protecting against Self-Issued Voice Commands"
- 18:00-18:10 Break
- 18:10-18.40 Marcello Maugeri, Università di Catania, Italy: "Fork-Awareness property of Coverage-Guided Fuzzers"
- 18:40-19:10 Davide Micale, Università di Catania, Italy: "CAHOOT: a Context-Aware veHicular intrusiOn detectiOn sysTem"
- 19:10 Closing
- 17:00-17:30 Cristian Daniele, Radboud University, The Netherlands: "Fuzzers for stateful systems: Survey and Research Directions"
20th December 2022, Aula Magna, Dipartimento di Matematica e Informatica, Università di Catania, ITALY.