Giampaolo Bella

• Doctor of Philosophy
• Professor (Associate) at University of Catania

In vulnerability detection, machine learning has been used as an effective static analysis technique, although it suffers from a significant rate of false positives. Contextually, in vulnerability discovery, fuzzing has been used as an effective dynamic analysis technique, although it requires manually writing fuzz drivers. Fuzz drivers usually tar...

Digital forensics is a cornerstone of modern crime investigations, yet it raises significant privacy concerns due to the collection, processing, and storage of digital evidence. Despite that, privacy threats in digital forensics crime investigations often remain underexplored, thereby leading to potential gaps in forensic practices and regulatory c...

As individuals engage with innovative technologies, including smart cars and smart homes, a comprehensive treatment of the threats to their privacy becomes increasingly urgent. This article recognises the relevance of security and, in particular, privacy threat modelling, especially under the umbrella of GDPR compliance, and addresses the challenge...

Data and derived information about target victims has always been key for successful attacks, both during historical wars and modern cyber wars. Ours turns out to be an era in which modern cars generate a plethora of data about their drivers, and such data could be extremely attractive for offenders. This paper seeks to assess how well modern cars...

The new frontiers of digital attack and compromise have led to the evolution of security at an organisational level. Recent security regulations and directives require the implementation of specific security measures in the organisations they address. Consequently, organisations need to be compliant with those measures. At the same time, however, t...

Despite their apparent simplicity, devices like smart light bulbs and electrical plugs are often perceived as exempt from rigorous security measures. However, this paper challenges this misconception, uncovering how vulnerabilities in these seemingly innocuous devices can expose users to significant risks. This paper extends the findings outlined i...

Decentralised ledgers are gaining momentum following the interest of industries and people in smart contracts. Major attention is paid to blockchain applications intended for trading assets that exploit digital cryptographic certificates called tokens. Particularly relevant tokens are the non-fungible tokens (NFTs), namely, unique and non-replicabl...

Criminal investigations are inherently complex as they typically involve interactions among various actors like investigators, prosecutors, and defendants. The pervasive integration of technology in daily life adds an extra layer of complexity, especially in crimes that involve a digital element. The establishment of digital forensics as a foundati...

Criminal investigations are inherently complex as they typically involve interactions among various actors like investigators, prosecutors, and defendants. The pervasive integration of technology in daily life adds an extra layer of complexity, especially in crimes that involve a digital element. The establishment of digital forensics as a foundati...

Electronic commerce and finance are progressively supporting and including decentralized, shared and public ledgers such as the blockchain. This is reshaping traditional commercial activities by advancing them towards Decentralized Finance (DeFi) and Commerce 3.0, thereby supporting the latter’s potential to outpace the hurdles of central authority...

In this paper, we introduce a formalisation of attacks on Voice Controllable Devices (VCDs), focusing specifically on attacks leveraging the voice command self-issue. The presentation starts from the seminal Lockheed Martin kill chain, which is used to derive a tailored kill chain with the necessary steps to perform self-activation attacks. Our new...

Fuzzing is a widely adopted technique for automated vulnerability testing due to its effectiveness and applicability throughout the Software Development Life Cycle. Nevertheless, applying fuzzing “out of the box” to any system can prove to be a challenging endeavour. Consequently, the demand for target-specific solutions necessitates a substantial...

Physical persons playing the role of car drivers consume data that is sourced from the Internet and, at the same time, themselves act as sources of relevant data. It follows that citizens’ privacy is potentially at risk while they drive, hence the need to model privacy threats in this application domain. This paper addresses the privacy threats by...

This article investigates the extent to which modern car drivers understand the implications that cars may have on their privacy. Such implications stem from the variety of services that modern cars offer upon the basis of the personal data that they collect about their drivers. The core of the research lies in a questionnaire aimed to distil out d...

Physical persons playing the role of car drivers consume data that is sourced from the Internet and, at the same time, themselves act as sources of relevant data. It follows that citizens' privacy is potentially at risk while they drive, hence the need to model privacy threats in this application domain. This paper addresses the privacy threats by...

The IoT is getting more and more pervasive. Even the simplest devices, such as a light bulb or an electrical plug, are made "smart" and controllable by our smartphone. This paper describes the findings obtained by applying the PETIoT kill chain to conduct a Vulnerability Assessment and Penetration Testing session on a smart bulb, the Tapo L530E by...

Cybersecurity, which notoriously concerns both human and technological aspects, is becoming more and more regulated by a number of textual documents spanning several pages, such as the European GDPR Regulation and the NIS Directive. This paper introduces an approach that leverages techniques of semantic representation and reasoning, hence an ontolo...

Foundational ontologies devoted to the effective representation of processes and procedures are not widely investigated at present, thereby limiting the practical adoption of semantic approaches in real scenarios where the precise instructions to follow must be considered. Also, the representation ought to include how agents should carry out the ac...

Large documents written in juridical language are difficult to interpret, with long sentences leading to intricate and intertwined relations between the nouns. The present paper frames this problem in the context of recent European security directives. The complexity of their language is here thwarted by automating the extraction of the relevant in...

Legal language can be understood as the language typically used by those engaged in the legal profession and, as such, it may come both in spoken or written form. Recent legislation on cybersecurity obviously uses legal language in writing, thus inheriting all its interpretative complications due to the typical abundance of cases and sub-cases as w...

Semantic representation is a key enabler for several application domains, and the multi-agent systems realm makes no exception. Among the methods for semantically representing agents, one has been essentially achieved by taking a behaviouristic vision, through which one can describe how they operate and engage with their peers. The approach essenti...

Semantic representation is a key enabler for several application domains, and the multi-agent systems realm makes no exception. Among the methods for semantically representing agents, one has been essentially achieved by taking a behaviouristic vision, through which one can describe how they operate and engage with their peers. The approach essenti...

Modern cars are getting so computerised that ENISA's phrase "smart cars" is a perfect fit. The amount of personal data that they process is very large and, yet, increasing. Hence, the need to address citizens' privacy while they drive and, correspondingly, the importance of privacy threat modelling (in support of a respective risk assessment, such...

This paper questions how to approach threat modelling in the automotive domain at both an abstract level that features no domain-specific entities such as the CAN bus and, separately, at a detailed level. It addresses such questions by contributing a systematic method that is currently affected by the analyst's subjectivity because most of its inne...

Attackers may attempt exploiting Internet of Things (IoT) devices to operate them unduly as well as to gather personal data of the legitimate device owners'. Vulnerability Assessment and Penetration Testing (VAPT) sessions help to verify the effectiveness of the adopted security measures. However, VAPT over IoT devices, namely VAPT targeted at IoT...

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the years, different approaches have been developed, and among the most popular lies the coverage-based one. It relies...

The advanced and personalised experience that modern cars offer makes them more and more data-hungry. For example, the cabin preferences of the possible drivers must be recorded and associated to some identity, while such data could be exploited to deduce sensitive information about the driver’s health. Therefore, drivers’ privacy must be taken ser...

This article recognises the widespread application of risk assessment in ICT and aims at reducing the influence of human subjectivity and distraction by means of a methodology for the Automated and Intelligent Likelihood Assignment (AILA). The AILA Methodology, with its various components, applies when risk assessment proceeds exclusively upon info...

Fuzz testing (or fuzzing) is an effective technique used to find security vulnerabilities. It consists of feeding a software under test with malformed inputs, waiting for a weird system behaviour (often a crash of the system). Over the years, different approaches have been developed, and among the most popular lies the coverage-based one. It relies...

This paper questions how to approach threat modelling in the automotive domain at both an abstract level that features no domain-specific entities such as the CAN bus and, separately, at a detailed level. It addresses such questions by contributing a systematic method that is currently affected by the analyst's subjectivity because most of its inne...

Fuzzing has become one of the best-established methods to uncover software bugs. Meanwhile, the market of embedded systems, which binds the software execution tightly to the very hardware architecture, has grown at a steady pace, and that pace is anticipated to become yet more sustained in the near future. Embedded systems also benefit from fuzzing...

An increasing number of Electronic Control Units (ECUs) communicate with each other to accomplish the functionalities of modern vehicles. ECUs form an in-vehicle network that is precisely regulated and must be adequately protected from malicious activity, which has had several outbreaks in recent years. Therefore, we present CINNAMON, an AUTOSAR-ba...

When we use secure computer systems, we engage with carefully orchestrated and ordered interactions called “security ceremonies”, all of which exist to assure security. A great deal of attention has been paid to improving the usability of these ceremonies over the last two decades, to make them easier for end-users to engage with. Yet, usability im...

Socio-Technical Systems (STSs) combine the operations of technical systems with the choices and intervention of humans, namely the users of the technical systems. Designing such systems is far from trivial due to the interaction of heterogeneous components, including hardware components and software applications, physical elements such as tickets,...

Printing over a network and calling over VoIP technology are routine at present. This article investigates to what extent these services can be attacked using freeware in the real world if they are not configured securely. In finding out that attacks of high impact, termed the Printjack and Phonejack families, could be mounted at least from insider...

We present Alexa versus Alexa (AvA), a novel attack that leverages audio files containing voice commands and audio reproduction methods in an offensive fashion, to gain control of Amazon Echo devices for a prolonged amount of time. AvA leverages the fact that Alexa running on an Echo device correctly interprets voice commands originated from audio...

IP cameras have always been part of the Internet of Things (IoT) and are among the most widely used devices in both home and professional environments. Unfortunately, the vulnerabilities of IP cameras have attracted malicious activities. For example, in 2016, a massive attack resulted in thousands of cameras and IoT devices being breached and used...

Printing over a network and calling over VoIP technology are routine at present. This article investigates to what extent these services can be attacked using freeware in the real world if they are not configured securely. In finding out that attacks of high impact, termed the Printjack and Phonejack families, could be mounted at least from insider...

Risk assessment is core to any institution’s evaluation of risk, no- tably for what concerns people’s privacy. The assessment often re- lies on information stated in a policy shaped as a text document. The risk assessor, or analyst in brief, is called to understand documenta- tion that can be long, unclear or incomplete, hence subjectivity or distr...

Security ceremonies still fail despite decades of efforts by researchers and practitioners. Attacks are often a cunning amalgam of exploits for technical systems and of forms of human behaviour. For example, this is the case with the recent news headline of a large-scale attack against Electrum Bitcoin wallets, which manages to spread a malicious u...

Blockchains are gaining momentum due to the interest of industries and people in decentralized applications (Dapps), particularly in those for trading assets through digital certificates secured on blockchain, called tokens. As a consequence, providing a clear unambiguous description of any activities carried out on blockchains has become crucial,...

The introduction of Information and Communication Technology (ICT) in transportation systems leads to several advantages (efficiency of transport, mobility, traffic management). However, it may bring some drawbacks in terms of increasing security challenges, also related to human behaviour. As an example , in the last decades attempts to characteri...

Decentralized applications (in short, DApps) built on blockchains are disrupting the digital commerce foundations by pursuing new business models based on trustless, decentralized transactions, where intermediaries and central authorities are discarded. One of those emerging means are the digital tokens, certificates emitted and exchanged on the bl...

The Controller Area Network (CAN) is the most common protocol interconnecting the various control units of modern cars. Its vulnerabilities are somewhat known but we argue they are not yet fully explored -- although the protocol is obviously not secure by design, it remains to be thoroughly assessed how and to what extent it can be maliciously expl...

Printers are common devices whose networked use is vastly unsecured, perhaps due to an enrooted assumption that their services are somewhat negligible and, as such, unworthy of protection. This article develops structured arguments and conducts technical experiments in support of a qualitative risk assessment exercise that ultimately undermines tha...

Modern cars are no longer purely mechanical devices but shelter so much digital technology that they resemble a network of computers. Electronic Control Units (ECUs) need to exchange a large amount of data for the various functions of the car to work, and such data must be made secure if we want those functions to work as intended despite malicious...

This paper introduces CINNAMON, a software module that extends and seamlessly integrates with the AUTOSAR "Secure Onboard Communication" (SecOC) module to also account for confidentiality of data in transit. It stands for Confidential, INtegral aNd Authentic on board coMunicatiON (CINNAMON). It takes a resource-efficient and practical approach to e...

Modern cars technologies are evolving quickly. They collect a variety of personal data and treat it on behalf of the car manufacturer to improve the drivers' experience. The precise terms of such a treatment are stated within the privacy policies accepted by the user when buying a car or through the infotainment system when it is first started. Thi...

VoIP phones are early representatives as well as present enhancers of the IoT. This paper observes that they are still widely used in a traditional, unsecured configuration and demonstrates the Phonejack family of attacks: Phonejack 1 conjectures the exploitation of phone vulnerabilities; Phonejack 2 demonstrates how to mount a denial-of-service at...

Modern cars are evolving in many ways. Technologies such as infotainment systems and companion mobile applications collect a variety of personal data from drivers to enhance the user experience. This paper investigates the extent to which car drivers understand the implications for their privacy, including that car manufacturers must treat that dat...

Blockchains are gaining momentum due to the interest of industries and people in \emph{decentralized applications} (Dapps), particularly in those for trading assets through digital certificates secured on blockchain, called tokens. As a consequence, providing a clear unambiguous description of any activities carried out on blockchains has become cr...

Modern cars are evolving in many ways. Technologies such as infotainment systems and companion mobile applications collect a variety of personal data from drivers to enhance the user experience. This paper investigates the extent to which car drivers understand the implications for their privacy, including that car manufacturers must treat that dat...

Modern cars technologies are evolving quickly. They collect a variety of personal data and treat it on behalf of the car manufacturer to improve the drivers’ experience. The precise terms of such a treatment are stated within the privacy policies accepted by the user when buying a car or through the infotainment system when it is first started. Thi...

Cyber risks associated with modern cars are often referred to safety. However, modern cars expose a variety of digital services and process a variety of personal data, at least of the driver’s. This paper unfolds the argument that car (cyber-)security and drivers’ privacy are worthy of additional consideration, and does so by advancing “COSCA”, a f...

The introduction of Information and Communication Technology (ICT) in transportation systems leads to several advantages (efficiency of transport, mobility, traffic management). However, it may bring some drawbacks in terms of increasing security challenges, also related to human behaviour. As an example , in the last decades attempts to characteri...

This paper introduces CINNAMON, a software module that extends and seamlessly integrates with the AU-TOSAR "Secure Onboard Communication" (SecOC) module [3], [5] to also account for confidentiality of data in transit. It stands for Confidential, INtegral aNd Authentic on board coMunica-tiON (CINNAMON). It takes a resource-efficient and practical ap...

Purpose Security ceremonies still fail despite decades of efforts by researchers and practitioners. Attacks are often a cunning amalgam of exploits for technical systems and of forms of human behaviour. For example, this is the case with the recent news headline of a large-scale attack against Electrum Bitcoin wallets, which manages to spread a mal...

VoIP phones are early representatives as well as present enhancers of the IoT. This paper observes that they are still widely used in a traditional, unsecured configuration and demonstrates the Phonejack family of attacks: Phonejack 1 conjectures the exploitation of phone vulnerabilities; Phonejack 2 demonstrates how to mount a denial-of-service at...

Formal methods are vast and varied. This paper reports the essentials of what I have observed and learned by teaching the Inductive Method for security protocol analysis for nearly twenty years. My general finding is something I realised after just a couple of years, that my target audience of post-graduate students with generally little appreciati...

Printers are common devices whose networked use is vastly unsecured, perhaps due to an enrooted assumption that their services are somewhat negligible and, as such, unworthy of protection. This article develops structured arguments and conducts technical experiments in support of a qualitative risk assessment exercise that ultimately undermines tha...

Modern vehicles embed a lot of software that turns them into Cyper-Physical Systems (CPS). Electronic Control Units (ECUs) communicate through the CAN bus protocol, which was not designed to be secure. This paper presents a proof-of-concept of TOUCAN, a new security protocol designed to secure CAN bus communications following the AUTOSAR standard....

Modern vehicles abound with Electronic Control Units (ECUs) that need to speak with each other. They adopt a binary language and form an in-vehicle network that must be precisely regulated. This was the aim for the inception of "Controller Area Network" protocol, also known as CAN bus [1] and is widespread today. It is standardised in ISO 11898-1:2...

Modern cars are no longer purely mechanical devices but shelter so much digital technology that they resemble a network of computers. Electronic Control Units (ECUs) need to exchange a large amount of data for the various functions of the car to work, and such data must be made secure if we want those functions to work as intended despite malicious...

We address the fundamental question of what are, and how to define, the threat models for a security protocol and its expected human users, the latter pair forming a heterogeneous system that is typically called a security ceremony. Our contribution is the systematic definition of an encompassing method to build the full threat model chart for secu...

“Beautiful Security” is a paradigm that requires security ceremonies to contribute to the ‘beauty’ of a user experience. The underlying assumption is that people are likely to be willing to engage with more beautiful security ceremonies. It is hoped that such ceremonies will minimise human deviations from the prescribed interaction, and that securi...

The debate on people's right to privacy and on its meaning is ongoing worldwide, for example in Europe with the newly adopted General Data Protection Regulation. By contrast, works in the area of formal e-voting privacy analysis, which aim at assessing the privacy preservation of a target e-voting system by means of mathematical rigour, appear to h...

The Controller Area Network (CAN) is the most common protocol interconnecting the various control units of modern cars. Its vulnerabilities are somewhat known but we argue they are not yet fully explored—although the protocol is obviously not secure by design, it remains to be thoroughly assessed how and to what extent it can be maliciously exploit...

The authentication of a web server is a crucial procedure in the security of web browsing. It relies on certificate validation, a process that may require the participation of the user. Thus, the security of certificate validation is socio-technical as it depends on traditional security technology as well as on social elements such as cultural valu...

In the last decades, digital security has gone through many theoretical breakthroughs, practical developments, worldwide deployments and subtle flaws in a continuous loop. It is mainly understood as a property of a technical system, which is eventually built as a tangible piece of technology for common people to use. It has therefore been assessed...

I’m presenting joint work with Luca Viganò and Bruce, and it’s all going to be about what I like to call invisible security.

Secure systems for voting, exams, auctions and conference paper management are theorised to address the same problem, that of secure evaluations. In support of such a unifying theory comes a model for Secure Evaluation Systems (SES), which offers innovative common grounds to understand all four groups. For example, all rest on submissions, respecti...

Historically, exam security has mainly focused on threats ascribed to candidate cheating. Such threats have been normally mitigated by invigilation and anti-plagiarism methods. However, as recent exam scandals confirm, also invigilators and authorities may pose security threats. The introduction of computers into the different phases of an exam, su...

Relying on a trusted third party (TTP) in the design of a security protocol introduces obvious risks. Although the risks can be mitigated by distributing the trust across several parties, it still requires at least one party to be trustworthy. In the domain of exams this is critical because parties typically have conflicting interests, and it may b...

Mobile systems are becoming more and more ubiquitous. With the number of people using mobile devices that are continuously connected to the Internet or exchange information via peering and other near-field transmission technologies, these devices are now an essential part of our social interactions in a globalised world. The use of mobile devices h...