Gabriele Costa

Gabriele Costa

We tend to consider emotions a manifestation of our innermost nature of human beings. Emotions characterize our lives in many ways and they chaperon every rational activity we carry out. Despite their pervasiveness, there are still many things we ignore about emotions. Among them, our understanding of how living beings transfer emotions is limited. In particular, there are highly sophisticated interactions between human beings that we would like to comprehend. For instance, think of a movie director who knows in advance the strong emotional impact that a certain scene will have on the spectators. Although many artists rely on some emotional devices, their talent and vision are still the key factors. In this work we analyze high-level protocols for transferring emotions between two intelligent agents. To the best of our knowledge, this is the first attempt to use communication protocols for modeling the exchange of human emotions. By means of a number of examples, we show that our protocols adequately model the engagement of the two parties. Beyond the theoretical interest, our proposal can provide a stepping stone for several applications that we also discuss in this paper.

Gabriele Costa, Fabio Pinelli, Simone Soderi et al.

Federated learning (FL) goes beyond traditional, centralized machine learning by distributing model training among a large collection of edge clients. These clients cooperatively train a global, e.g., cloud-hosted, model without disclosing their local, private training data. The global model is then shared among all the participants which use it for local predictions. In this paper, we put forward a novel attacker model aiming at turning FL systems into covert channels to implement a stealth communication infrastructure. The main intuition is that, during federated training, a malicious sender can poison the global model by submitting purposely crafted examples. Although the effect of the model poisoning is negligible to other participants, and does not alter the overall model performance, it can be observed by a malicious receiver and used to transmit a single bit.

Gabriele Costa, Andrea Valenza

Discovering vulnerabilities in applications of real-world complexity is a daunting task: a vulnerability may affect a single line of code, and yet it compromises the security of the entire application. Even worse, vulnerabilities may manifest only in exceptional circumstances that do not occur in the normal operation of the application. It is widely recognized that state-of-the-art penetration testing tools play a crucial role, and are routinely used, to dig up vulnerabilities. Yet penetration testing is still primarily a human-driven activity, and its effectiveness still depends on the skills and ingenuity of the security analyst driving the tool. In this paper, we propose a technique for the automatic discovery of vulnerabilities in event-based systems, such as web and mobile applications. Our approach is based on a collaborative, co-evolutionary and contract-driven search strategy that iteratively (i) executes a pool of test cases, (ii) identifies the most promising ones, and (iii) generates new test cases from them. The approach makes a synergistic combination of evolutionary algorithms where several "species" contribute to solving the problem: one species, the test species, evolves to find the target test case, i.e., the set of instruction whose execution lead to the vulnerable statement, whereas the other species, called contract species, evolve to select the parameters for the procedure calls needed to trigger the vulnerability. To assess the effectiveness of our approach, we implemented a working prototype and ran it against both a case study and a benchmark web application. The experimental results confirm that our tool automatically discovers and executes a number of injection flaw attacks that are out of reach for state-of-the-art web scanners.

Andrea Canidio, Gabriele Costa, Letterio Galletta

We propose PrYVeCT, a private-yet-verifiable contact tracing system. PrYVeCT works also as an authorization framework allowing for the definition of fine-grained policies, which a certain facility can define and apply to better model its own access rules. Users are authorized to access the facility only when they exhibit a contact trace that complies with the policy. The policy evaluation process is carried out without disclosing the personal data of the user. At the same time, each user can prove to a third party (e.g., a public authority) that she received a certain authorization. PrYVeCT takes advantage of oblivious automata evaluation to implement a privacy-preserving policy enforcement mechanism.

Andrea Valenza, Gabriele Costa, Alessandro Armando

The first step of every attack is reconnaissance, i.e., to acquire information about the target. A common belief is that there is almost no risk in scanning a target from a remote location. In this paper we falsify this belief by showing that scanners are exposed to the same risks as their targets. Our methodology is based on a novel attacker model where the scan author becomes the victim of a counter-strike. We developed a working prototype, called RevOK, and we applied it to 78 scanning systems. Out of them, 36 were found vulnerable to XSS. Remarkably, RevOK also found a severe vulnerability in Metasploit Pro, a mainstream penetration testing tool.

Gabriele Costa, Enrico Russo, Alessandro Armando

A cyber range is an environment used for training security experts and testing attack and defence tools and procedures. Usually, a cyber range simulates one or more critical infrastructures that attacking (red) and defending (blue) teams must compromise and protect, respectively. The infrastructure can be physically assembled, but much more convenient is to rely on the Infrastructure as a Service (IaaS) paradigm. Although some modern technologies support the IaaS, the design and deployment of scenarios of interest is mostly a manual operation. As a consequence, it is a common practice to have a cyber range hosting few (sometimes only one), consolidated scenarios. However, reusing the same scenario may significantly reduce the effectiveness of the training and testing sessions. In this paper, we propose a framework for automating the definition and deployment of arbitrarily complex cyber range scenarios. The framework relies on the virtual scenario description language (VSDL), i.e., a domain-specific language for defining high-level features of the desired infrastructure while hiding low-level details. The semantics of VSDL is given in terms of constraints that must be satisfied by the virtual infrastructure. These constraints are then submitted to an SMT solver for checking the satisfiability of the specification. If satisfiable, the specification gives rise to a model that is automatically converted to a set of deployment scripts to be submitted to the IaaS provider.

Luca Demetrio, Andrea Valenza, Gabriele Costa et al.

Web Application Firewalls are widely used in production environments to mitigate security threats like SQL injections. Many industrial products rely on signature-based techniques, but machine learning approaches are becoming more and more popular. The main goal of an adversary is to craft semantically malicious payloads to bypass the syntactic analysis performed by a WAF. In this paper, we present WAF-A-MoLE, a tool that models the presence of an adversary. This tool leverages on a set of mutation operators that alter the syntax of a payload without affecting the original semantics. We evaluate the performance of the tool against existing WAFs, that we trained using our publicly available SQL query dataset. We show that WAF-A-MoLE bypasses all the considered machine learning based WAFs.