04b Atto di convegno in volume

Electroencephalography (EEG)-Derived Markers to Measure Components of Attention Processing
Interfacing brain and computer in neurorehabilitation
Semantic characterization of data services through ontologies

We study the problem of associating formal semantic descriptions to data services. We base our proposal on the Ontology-Based Data Access paradigm, where a domain ontology is used to provide a semantic layer mapped to the data sources of an organization. The basic idea is to explain the semantics...
Deep execution monitor for robot assistive tasks
Static analysis of ROP code

Recent years have witnessed code reuse techniques being employed to craft entire programs such as Jekyll apps, malware droppers, and persistent data-only rootkits. The increased complexity observed in such payloads calls for specific techniques and tools that can help in their analysis. In this...
Reconstructing C2 Servers for Remote Access Trojans with Symbolic Execution

The analysis of a malicious piece of software that involves a remote counterpart that instructs it can be troublesome for security professionals, as they may have to unravel the communication protocol in use to figure out what actions can be carried out on the victim’s machine. The possibility to...
The ROP needle: Hiding trigger-based injection vectors via code reuse

In recent years, researchers have come up with proof of concepts of seemingly benign applications such as InstaStock and Jekyll that remain dormant until triggered by an attacker-crafted condition, which activates a malicious behavior, eluding code review and signing mechanisms. In this paper, we...
SoK: Using Dynamic Binary Instrumentation for Security (And How You May Get Caught Red Handed)

Dynamic binary instrumentation (DBI) techniques allow for monitoring and possibly altering the execution of a running program up to the instruction level granularity. The ease of use and flexibility of DBI primitives has made them popular in a large body of research in different domains, including...
ROPMate: Visually Assisting the Creation of ROP-based Exploits

Exploits based on ROP (Return-Oriented Programming) are increasingly present in advanced attack scenarios. Testing systems for ROP-based attacks can be valuable for improving the security and reliability of software. In this paper, we propose ROPMATE, the first Visual Analytics system specifically...
SAFE: Self-Attentive Function Embeddings for Binary Similarity