Alvise RABITTI

Position: Technical Administrative Staff

Telephone: 041 234 7179

E-mail: alvise.rabitti@unive.it

Website: www.unive.it/people/alvise.rabitti (personal record)

Office: ASIT - Computer Security and Infrastructures Unit (Unit Coordinator)
Where: Rio Nuovo

Sicurezza: Addetto Squadre di Emergenza

Chiave PGP/GPG: Chiave pubblica [4Kb]

Publications

Year	Type	Publication
Year	Type	Publication

2023	Book Article	Michele Bugliesi; Stefano Calzavara; Alvise Rabitti Cryptographic Web Applications: from Security Engineering to Formal Analysis in Michele Bugliesi; Stefano Calzavara; Alvise Rabitti, Handbook of Formal Analysis and Verification in Cryptography, CRC Press (ISBN 9781003090052) DOI - ARCA card: 10278/5016383
2023	Article in Conference Proceedings	Hantke F.; Calzavara S.; Wilhelm M.; Rabitti A.; Stock B. You Call This Archaeology? Evaluating Web Archives for Reproducible Web Security Measurements , CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 3168-3182, Convegno: 30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, 2023 (ISBN 9798400700507) DOI - ARCA card: 10278/5046161
2022	Article in Conference Proceedings	Roth S.; Calzavara S.; Wilhelm M.; Rabitti A.; Stock B. The Security Lottery: Measuring Client-Side Web Security Inconsistencies , Proceedings of the 31st USENIX Security Symposium, Security 2022, USENIX Association, pp. 2047-2064, Convegno: 31st USENIX Security Symposium, Security 2022, 2022 (ISBN 9781939133311) - ARCA card: 10278/5011440
2021	Journal Article	Calzavara S.; Jonker H.; Krumnow B.; Rabitti A. Measuring Web Session Security at Scale in COMPUTERS & SECURITY, vol. 111, pp. 102472 (ISSN 0167-4048) DOI - ARCA card: 10278/5004094
2020	Journal Article	Calzavara S.; Conti M.; Focardi R.; Rabitti A.; Tolomei G. Machine Learning for Web Vulnerability Detection: The Case of Cross-Site Request Forgery in IEEE SECURITY & PRIVACY, vol. 18, pp. 8-16 (ISSN 1540-7993) DOI - ARCA card: 10278/3729046
2020	Article in Conference Proceedings	Calzavara S.; Focardi R.; Rabitti A.; Soligo L. A hard lesson: Assessing the HTTPS deployment of Italian university websites , CEUR Workshop Proceedings, CEUR-WS, vol. 2597, pp. 93-104, Convegno: 4th Italian Conference on Cyber Security, ITASEC 2020, 2020 (ISSN 1613-0073) - URL correlato - ARCA card: 10278/3729045
2020	Article in Conference Proceedings	Calzavara S.; Roth S.; Rabitti A.; Backes M.; Stock B. A tale of two headers: A formal analysis of inconsistent click-jacking protection on the web , Proceedings of the 29th USENIX Security Symposium, USENIX Association, pp. 683-697, Convegno: 29th USENIX Security Symposium, 2020 - ARCA card: 10278/3731395
2019	Journal Article	Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele Sub-session hijacking on the web: Root causes and prevention* in JOURNAL OF COMPUTER SECURITY, vol. 27, pp. 233-257 (ISSN 0926-227X) DOI - URL correlato - ARCA card: 10278/3713216
2019	Article in Conference Proceedings	Stefano Calzavara; Mauro Conti; Riccardo Focardi; Alvise Rabitti; Gabriele Tolomei Mitch: A machine learning approach to the black-box detection of CSRF vulnerabilities , Proceedings - 2019 IEEE European Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers Inc., pp. 528-543, Convegno: 4th IEEE European Symposium on Security and Privacy DOI - ARCA card: 10278/3713410
2019	Article in Conference Proceedings	Stefano Calzavara; Riccardo Focardi; Matus Nemec; Alvise Rabitti; Marco Squarcina Postcards from the post-HTTP world: Amplification of HTTPS vulnerabilities in the web ecosystem , Proceedings - 2019 IEEE Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers Inc., vol. 1, pp. 948-965, Convegno: 40th IEEE Symposium on Security and Privacy DOI - ARCA card: 10278/3713409
2019	Article in Conference Proceedings	Calzavara S.; Rabitti A.; Bugliesi M. Semantically Sound Analysis of Content Security Policies , Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, vol. 11535, pp. 293-297, Convegno: 39th IFIP WG 6.1 International Conference on Formal Techniques for Distributed Objects, Components, and Systems, FORTE 2019 held as part of the 14th International Federated Conference on Distributed Computing Techniques, DisCoTec 2019, 2019 (ISBN 978-3-030-21758-7; 978-3-030-21759-4) DOI - URL correlato - ARCA card: 10278/3716810
2019	Article in Conference Proceedings	Calzavara S.; Rabitti A.; Ragazzo A.; Bugliesi M. Testing for Integrity Flaws in Web Sessions , Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer, vol. 11736, pp. 606-624, Convegno: 24th European Symposium on Research in Computer Security, ESORICS 2019, 2019 (ISBN 978-3-030-29961-3; 978-3-030-29962-0) DOI - URL correlato - ARCA card: 10278/3722895
2018	Journal Article	Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele Semantics-based analysis of content security policy deployment in ACM TRANSACTIONS ON THE WEB, vol. 12, pp. 1-36 (ISSN 1559-1131) DOI - URL correlato - ARCA card: 10278/3698102
2018	Article in Conference Proceedings	Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele Dr Cookie and Mr Token - Web session implementations and how to live with them in Calzavara, Stefano, CEUR Workshop Proceedings in CEUR WORKSHOP PROCEEDINGS, CEUR-WS, vol. 2058, Convegno: 2nd Italian Conference on Cyber Security, ITASEC 2018, 2018 (ISSN 1613-0073) - URL correlato - ARCA card: 10278/3698101
2017	Article in Conference Proceedings	Stefano Calzavara, Alvise Rabitti, Michele Bugliesi CCSP: Controlled relaxation of content security policies by runtime policy composition , Proceedings of the 26th USENIX Security Symposium, USENIX Association, pp. 695-712, Convegno: USENIX Security Symposium - ARCA card: 10278/3698103
2016	Article in Conference Proceedings	Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele Content Security Problems? Evaluating the Effectiveness of Content Security Policy in the Wild , Proceedings of the ACM Conference on Computer and Communications Security, NEW YORK, ASSOC COMPUTING MACHINERY, vol. 24-28-, pp. 1365-1375, Convegno: 23rd ACM Conference on Computer and Communications Security, CCS 2016, 2016 (ISBN 9781450341394; 9781450341394) DOI - ARCA card: 10278/3685122
2016	Article in Conference Proceedings	Calzavara, Stefano; Rabitti, Alvise; Steffinlongo, Enrico; Bugliesi, Michele Static Detection of Collusion Attacks in ARBAC-based Workflow Systems , Proceedings - IEEE Computer Security Foundations Symposium, 345 E 47TH ST, NEW YORK, NY 10017 USA, IEEE, vol. 2016-, pp. 458-470, Convegno: 29th IEEE Computer Security Foundations Symposium, CSF 2016, 2016 (ISBN 9781509026074; 9781509026074) DOI - ARCA card: 10278/3685120
2015	Article in Conference Proceedings	Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele Compositional Typed Analysis of ARBAC Policies , Proceedings of the Computer Security Foundations Workshop, 345 E 47TH ST, NEW YORK, NY 10017 USA, IEEE, vol. 2015-, pp. 33-45, Convegno: 28th IEEE Computer Security Foundations Symposium, CSF 2015, 2015 (ISBN 9781467375382; 9781467375382) DOI - ARCA card: 10278/3679811
2015	Article in Conference Proceedings	Calzavara, Stefano; Rabitti, Alvise; Bugliesi, Michele Formal verification of Liferay RBAC , Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, vol. 8978, pp. 1-16, Convegno: 7th International Symposium on Engineering Secure Software and Systems, ESSoS 2015, 2015 (ISBN 9783319156170) (ISSN 0302-9743) DOI - URL correlato - ARCA card: 10278/3679815

List of selected publications

Type	Name	Sender (Domain)	Description	Duration	Policy
Essential	_shibsession[], _shibsstate[]	Unive.it (www.unive.it)	They maintain the session data of the SingleSignOn.	session	Information
Essential	PHPSESSID	Unive.it (www.unive.it)	Unique user identifier for the website applications.	session	Information
Essential	cookie[*]	Unive.it (www.unive.it)	It stores the user's preferences on cookies. user preferences on cookies.	1 month	Information
Essential	cookie	idp.unive.it	It stores the user's preferences on cookies.	1 month	Information
Essential	fe_typo_user	Unive.it (www.unive.it)	Unique user identifier for the reserved area of the website	session	Information
Essential	JSESSIONID	Unive.it (www.unive.it)	Used to create web sessions into the Personal Area.	session	Information
Essential	ADMCMD_prev	Unive.it (www.unive.it)	Used to create web sessions into the Personal Area.	session	Information
Essential	unive.it	Unive.it (www.unive.it)	It stores the user's preferences on cookies.	6 months	Information
Essential	noiframe	Unive.it (www.unive.it)	It stores the user's preferences on cookies.	6 months	Information
Essential	_pk_id[*]	unive/WAI	*	30 days	Information
Essential	_pk_ses[*]	unive/WAI	*	1 day	Information
Essential	_pk_ref[*]	unive/WAI	*	6 months	Information
Essential	_gsas[*]	unive/google	It stores the user's preferences on cookies.	3 months	Information
Essential	_opensaml_req_cookie%[*]	unive	Authentication and SingleSignOn (shibboleth)	session	Information
Google - Youtube	__Secure-1PAPISID	Google (google.com)	Used for targeting purposes in order to acquire web visitors' interests and show them pertinent and customised Google advertising.	2 years	Information
Google - Youtube	CONSENT	Google (google.com)	Used by Google to store the user's preferences.	17 years	Information
Google - Youtube	__Secure-1PSID	Google (google.com)	Used for targeting purposes in order to acquire web visitors' interests and show them pertinent and customised Google advertising.	2 years	Information