WSF
The Workshop on Security Frameworks
Workshop on Security Frameworks

Workshop on Security Frameworks

WSF25 - The 2025 Workshop on Security Frameworks
"Smart Hacking of Not-So-Smart Systems"


Under the auspices of CINI Cybersecurity National Laboratory
Project PNRR SERICS "SECURING sOftware Platforms" (SOP)
CINI

18th December 2025
 Dipartimento di Matematica e Informatica
Università di Catania


WSF25 - The 2025 edition - 23rd edition in the series!
Our technological landscape has become a delightful paradox: everything is smart, yet very little seems capable of surviving a clever attacker - look at the recent publication record of nas.inf. It would then seem that we live in an age where Smart Hacking of Not-So-Smart Systems is less a threat scenario and more a daily lifestyle. See the curious case of synthetic voices without synthetic security over Speech Generating Devices. The proposed solution? Embedding one-time passwords and HMACs directly into the sound itself. And if we shift from voice to voltage, we learn how compromising a single cheap inverter or smart meter in a living room can ripple into the national grid and induce frequency instabilities. We cannot do without a close look at the wanders of the OWASP Firmware Security Testing Methodology tailored to extract and analyse IoT device firmwares. And if the intruder ever is to be amost admired - almost only - let us look at the deceptively simple threat model formalised within inductive confidentiality proofs. Together, these four perspectives prepare us for an event where smart systems are not merely studied: Conthey are interrogated, reverse-engineered, cryptographically disciplined, and ultimately forced to abide by proper behaviour.



WSF'25 poster

Talk abstracts

Workshop Programme (CET Time)

  • 14:00-14:10    Salvatore Riccobene, L-31 Programme Director, Università di Catania, IT: Opening Remarks

  • 14:10-14:20    Orazio Muscato, DMI Director: Welcome

  • 14:20-14:30    Giampaolo Bella, Università di Catania: Opening Remarks

  • 14:30-15:00    Emanuel Ramaci, Università di Catania: "Authenticating Synthesised Voice Commands"

  • 15:00-15:30    Mirko Giuseppe Mangano, Università di Catania: "From Home Appliance to Grid Threat: Systemic Security Risks in Residential Smart Energy Infrastructures"

  • 15:30-15:50    Break

  • 15:50-16:20    Mattia Lembo, Università di Catania: "Stairway to Firmware Analysis"

  • 16:20-16:50    Davide Bonaventura, Università di Catania: "Forged Attacker Knowledge Explored (F.A.K.E.)"


  • 16:50    Closing and gadgets nas.inf

Workshop Location
18th  December 2025, Aula 3, Dipartimento di Matematica e Informatica, Università di Catania, ITALY.