Foundations and Tools for Client-Side Web Security

Bitcoin-compatible Virtual Channels

Author(s): Lukas Aumayr, Oğuzhan Ersoy, Andreas Erwig, Sebastian Faust, Kristina Hostáková, Matteo Maffei, Pedro Moreno-Sanchez, Siavash Riahi
Published in: 2021 IEEE Symposium on Security and Privacy (SP), 2021
Publisher: IEEE

eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts

Author(s): Clara Schneidewind, Ilya Grishchenko, Markus Scherer, Matteo Maffei
Published in: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, Page(s) 621-640, ISBN 9781450370899
Publisher: ACM
DOI: 10.1145/3372297.3417250

A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network

Author(s): Sergei Tikhomirov, Pedro Moreno-Sanchez, Matteo Maffei
Published in: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2020, Page(s) 387-396, ISBN 978-1-7281-8597-2
Publisher: IEEE
DOI: 10.1109/eurospw51379.2020.00059

Blitz: Secure Multi-Hop Payments Without Two-Phase Commits

Author(s): Lukas Aumayr, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei
Published in: Usenix Security '21, 2021
Publisher: Usenix

The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches

Author(s): Marco Squarcina, Stefano Calzavara, Matteo Maffei
Published in: 2021 IEEE Security and Privacy Workshops (SPW), 2021, Page(s) 432-443, ISBN 978-1-6654-3732-5
Publisher: IEEE
DOI: 10.1109/spw53761.2021.00062

Breaking and Fixing Virtual Channels: Domino Attack and Donner

Author(s): Lukas Aumayr; Pedro Moreno-Sanchez; Aniket Kate; Matteo Maffei
Published in: Proceedings Network and Distributed System Security Symposium 2023, 2023, Page(s) 1-18, ISBN 1-891562-83-5
Publisher: NDSS
DOI: 10.14722/ndss.2023.24370

A2L: Anonymous Atomic Locks for Scalability in Payment Channel Hubs

Author(s): Erkan Tairi, Pedro Moreno-Sanchez, Matteo Maffei
Published in: 2021 IEEE Symposium on Security and Privacy (SP), 2021
Publisher: IEEE

Generalized Channels from Limited Blockchain Scripts and Adaptor Signatures

Author(s): Lukas Aumayr, Oguzhan Ersoy, Andreas Erwig, Sebastian Faust, Kristina Hostáková, Matteo Maffei, Pedro Moreno-Sanchez, Siavash Riahi
Published in: Advances in Cryptology – ASIACRYPT 2021. ASIACRYPT 2021. Lecture Notes in Computer Science, Issue Vol 13091, 2021, Page(s) 635-664, ISBN 978-3-030-92074-6
Publisher: Springer Cham
DOI: 10.1007/978-3-030-92075-3_22

From Firewalls to Functions and Back

Author(s): L. Ceragioli, L. Galletta, M. Tempesta
Published in: Proceedings of the Third Italian Conference on Cyber Security, 2019, ISSN 1613-0073
Publisher: CEUR-WS.org

Wappler: Sound Reachability Analysis for WebAssembly

Author(s): Markus Scherer, Jeppe Fredsgaard Blaabjerg, Alexander Sjösten, Magdalena Solitro, Matteo Maffei
Published in: 2024 IEEE 37th Computer Security Foundations Symposium (CSF), 2024, Page(s) 377-392, ISBN 979-8-3503-6203-9
Publisher: IEEE Computer Society
DOI: 10.1109/csf61375.2024.00025

Foundations of Coin Mixing Services

Author(s): Noemi Glaeser, Matteo Maffei, Giulio Malavolta, Pedro Moreno-Sanchez, Erkan Tairi, Sri Aravinda Krishnan Thyagarajan
Published in: CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Issue Nov 7th, 2022, 2022, Page(s) 1259-1273, ISBN 9781450394505
Publisher: Association for Computing Machinery
DOI: 10.1145/3548606.3560637

Formal Methods for the Security Analysis of Smart Contracts

Author(s): Matteo Maffei
Published in: Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021, 2021, Page(s) 8
Publisher: TU Wien Academic Press
DOI: 10.34727/2021/isbn.978-3-85448-046-4_3

The Bridge between Web Applications and Mobile Platforms is Still Broken

Author(s): P. Beer, L. Veronese, M. Squarcina, M. Lindorfer
Published in: SecWeb 2022. Peer-reviewed. Not in conference proceedings, 2022
Publisher: IEEE Security and Privacy Workshops (SPW)

Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks

Author(s): Cavallaro, Lorenzo; Kinder, Johannes; Wang, XiaoFeng; Katz, Jonathan; Egger, Christoph; Moreno-Sanchez, Pedro; Maffei, Matteo
Published in: CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019
Publisher: ACM

Thora: Atomic and Privacy-Preserving Multi-Channel Updates

Author(s): Lukas Aumayr, Kasra Abbaszadeh, Matteo Maffei
Published in: CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Issue Nov 7th, 2022, 2022, Page(s) 165-178, ISBN 9781450394505
Publisher: Association for Computing Machinery
DOI: 10.1145/3548606.3560556

Adoption and Actual Privacy of Decentralized CoinJoin Implementations in Bitcoin

Author(s): Rainer Stütz; Johann Stockinger; Pedro Moreno-Sanchez; Bernhard Haslhofer; Matteo Maffei
Published in: AFT '22: Proceedings of the 4th ACM Conference on Advances in Financial Technologies, 2023, Page(s) 254–267
Publisher: Association for Computing Machinery
DOI: 10.1145/3558535.3559782

eThor: Practical and Provably Sound Static Analysis of Ethereum Smart Contracts

Author(s): Ligatti, Jay; Ou, Xinming; Katz, Jonathan; Vigna, Giovanni; Schneidewind, Clara; Grishchenko, Ilya; Scherer, Markus; Maffei, Matteo
Published in: CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020
Publisher: ACM

Post-Quantum Adaptor Signature for Privacy-Preserving Off-Chain Payments

Author(s): Erkan Tairi, Pedro Moreno-Sanchez, Matteo Maffei
Published in: Financial Cryptography and Data Security 2021, 2021
Publisher: Springer

Sleepy Channels: Bi-directional Payment Channels without Watchtowers

Author(s): Lukas Aumayr, Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Pedro Moreno-Sanchez, Matteo Maffei
Published in: CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, Issue Nov 7th, 2022, 2022, Page(s) 179-192, ISBN 9781450394505
Publisher: Association for Computing Machinery
DOI: 10.1145/3548606.3559370

WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms

Author(s): L. Veronese, B. Farinier, P. Bernardo, M. Tempesta, M. Squarcina, M. Maffei
Published in: 2023 IEEE Symposium on Security and Privacy (SP), 2023, Page(s) 2761-2779, ISBN 978-1-6654-9336-9
Publisher: IEEE
DOI: 10.1109/sp46215.2023.10179465

Verifying Relational Properties using Trace Logic

Author(s): Gilles Barthe, Renate Eilers, Pamina Georgiou, Bernhard Gleiss, Laura Kovacs, Matteo Maffei
Published in: 2019 Formal Methods in Computer Aided Design (FMCAD), 2019, Page(s) 170-178, ISBN 978-0-9835678-9-9
Publisher: IEEE
DOI: 10.23919/fmcad.2019.8894277

Atomic Multi-Channel Updates with Constant Collateral in Bitcoin-Compatible Payment-Channel Networks

Author(s): Christoph Egger, Pedro Moreno-Sanchez, Matteo Maffei
Published in: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security - CCS '19, 2019, Page(s) 801-815, ISBN 9781-450367479
Publisher: ACM Press
DOI: 10.1145/3319535.3345666

Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem

Author(s): Stefano Calzavara, Riccardo Focardi, Matus Nemec, Alvise Rabitti, Marco Squarcina
Published in: 2019 IEEE Symposium on Security and Privacy (SP), 2019, Page(s) 281-298, ISBN 978-1-5386-6660-9
Publisher: IEEE
DOI: 10.1109/sp.2019.00053

Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability

Author(s): Giulio Malavolta, Pedro Moreno-Sanchez, Clara Schneidewind, Aniket Kate, Matteo Maffei
Published in: Proceedings 2019 Network and Distributed System Security Symposium, 2019, ISBN 1-891562-55-X
Publisher: Internet Society
DOI: 10.14722/ndss.2019.23330

WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring

Author(s): Stefano Calzavara, Riccardo Focardi, Matteo Maffei, Clara Schneidewind, Marco Squarcina, Mauro Tempesta
Published in: 27th Usenix Security Symposium, 2018, Page(s) 1493-1510, ISBN 978-1-939133-04-5
Publisher: Usenix

Simple Password-Hardened Encryption Services

Author(s): "Russell W. F. Lai, Christoph Egger, Manuel Reinert, Sherman S. M. Chow, Matteo Maffei, Dominique Schr{\""{o}}der"
Published in: 27th Usenix Security Symposium, 2018, Page(s) 1405-1421, ISBN 978-1-939133-04-5
Publisher: Usenix

Cookie Crumbles: Breaking and Fixing Web Session Integrity

Author(s): Marco Squarcina, Pedro Adão, Lorenzo Veronese, Matteo Maffei
Published in: 32nd USENIX Security Symposium (USENIX Security 23), 2023, Page(s) 5539-5556, ISBN 978-1-939133-37-3
Publisher: USENIX Association

Glimpse: On-Demand PoW Light Client with Constant-Size Storage for DeFi

Author(s): Giulia Scaffino, Lukas Aumayr, Zeta Avarikioti, Matteo Maffei
Published in: 32nd USENIX Security Symposium (USENIX Security 23), 2023, Page(s) 733-750, ISBN 978-1-939133-37-3
Publisher: Usenix Association

Language-Based Web Session Integrity

Author(s): Stefano Calzavara, Riccardo Focardi, Niklas Grimm, Matteo Maffei, Mauro Tempesta
Published in: 2020 IEEE 33rd Computer Security Foundations Symposium (CSF), 2020, Page(s) 107-122, ISBN 978-1-7281-6572-1
Publisher: IEEE
DOI: 10.1109/csf49147.2020.00016

Towards a Game-Theoretic Security Analysis of Off-Chain Protocols

Author(s): Rain, Sophie; Avarikioti, Georgia; Kovács, Laura; Maffei, Matteo
Published in: IEEE 36th Computer Security Foundations Symposium (CSF), 2023, Page(s) 107-122, ISBN 979-8-3503-2192-0
Publisher: Institute of Electrical and Electronics Engineers
DOI: 10.1109/csf57540.2023.00003

Can I Take Your Subdomain? Exploring Related-Domain Attacks in the Modern Web

Author(s): Marco Squarcina, Mauro Tempesta, Lorenzo Veronese, Stefano Calzavara, Matteo Maffei
Published in: Usenix Security, 2021
Publisher: Usenix

Tabbed Out: Subverting the Android Custom Tab Security Model

Author(s): Philipp Beer, Marco Squarcina, Lorenzo Veronese, Martina Lindorfer
Published in: 2024 IEEE Symposium on Security and Privacy (SP), 2024
Publisher: IEEE Computer Society
DOI: 10.1109/sp54263.2024.00105

Cross-Layer Deanonymization Methods in the Lightning Protocol

Author(s): Romiti, Matteo; Victor, Friedhelm; Moreno-Sanchez, Pedro; Haslhofer, Bernhard; Maffei, Matteo
Published in: Financial Cryptography and Data Security 2021, Issue 1, 2021
Publisher: Springer

Web Platform Threats: Automated Detection of Web Security Issues With WPT

Author(s): Pedro Bernardo, Lorenzo Veronese, Valentino Dalla Valle, Stefano Calzavara, Marco Squarcina, Pedro Adão, Matteo Maffei
Published in: Proceedings of the 33rd USENIX Security Symposium, 2024, Page(s) 757 - 774, ISBN 978-1-939133-44-1
Publisher: Usenix Association

FWS: Analyzing, maintaining and transcompiling firewalls

Author(s): Chiara Bodei, Lorenzo Ceragioli, Pierpaolo Degano, Riccardo Focardi, Letterio Galletta, Flaminia Luccio, Mauro Tempesta, Lorenzo Veronese
Published in: Journal of Computer Security, Issue 29/1, 2021, Page(s) 77-134, ISSN 0926-227X
Publisher: IOS Press
DOI: 10.3233/jcs-200017

Introducing robust reachability

Author(s): Guillaume Girol; Benjamin Farinier; Sébastien Bardin
Published in: Formal Methods in System Design, 2022, Page(s) 1-29, ISSN 0925-9856
Publisher: Kluwer Academic Publishers
DOI: 10.1007/s10703-022-00402-x

Group ORAM for privacy and access control in outsourced personal records

Author(s): Matteo Maffei, Giulio Malavolta, Manuel Reinert, Dominique Schröder
Published in: Journal of Computer Security, Issue 27/1, 2019, Page(s) 1-47, ISSN 0926-227X
Publisher: IOS Press
DOI: 10.3233/jcs-171030

Functional Credentials

Author(s): Dominic Deuber, Matteo Maffei, Giulio Malavolta, Max Rabkin, Dominique Schröder, Mark Simkin
Published in: Proceedings on Privacy Enhancing Technologies, Issue 2018/2, 2018, Page(s) 64-84, ISSN 2299-0984
Publisher: De Gruyter
DOI: 10.1515/popets-2018-0013

Strategic Analysis of Griefing Attack in Lightning Network

Author(s): Mazumdar, Subhra; Banerjee, Prabal; Sinha, Abhinandan; Ruj, Sushmita; Roy, Bimal
Published in: IEEE Transactions on Network and Service Management, Issue vol. 20, no. 2, 2022, Page(s) 1790-1803, ISSN 1932-4537
Publisher: Institute of Electrical and Electronics Engineers
DOI: 10.1109/tnsm.2022.3230768

Bulwark: Holistic and Verified Security Monitoring of Web Protocols

Author(s): Lorenzo Veronese, Stefano Calzavara, Luca Compagna
Published in: Computer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14–18, 2020, Proceedings, Part I, Issue 12308, 2020, Page(s) 23-41, ISBN 978-3-030-58950-9
Publisher: Springer International Publishing
DOI: 10.1007/978-3-030-58951-6_2

Foundations and Tools for the Static Analysis of Ethereum Smart Contracts

Author(s): Ilya Grishchenko, Matteo Maffei, Clara Schneidewind
Published in: Computer Aided Verification - 30th International Conference, CAV 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 14-17, 2018, Proceedings, Part I, Issue 10981, 2018, Page(s) 51-78, ISBN 978-3-319-96144-6
Publisher: Springer International Publishing
DOI: 10.1007/978-3-319-96145-3_4

A Semantic Framework for the Security Analysis of Ethereum Smart Contracts

Author(s): Ilya Grishchenko, Matteo Maffei, Clara Schneidewind
Published in: Principles of Security and Trust, Issue 10804, 2018, Page(s) 243-269, ISBN 978-3-319-89721-9
Publisher: Springer International Publishing
DOI: 10.1007/978-3-319-89722-6_10

Equivalence Properties by Typing in Cryptographic Branching Protocols

Author(s): Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei
Published in: Principles of Security and Trust, Issue 10804, 2018, Page(s) 160-187, ISBN 978-3-319-89721-9
Publisher: Springer International Publishing
DOI: 10.1007/978-3-319-89722-6_7

Not All Bugs Are Created Equal, But Robust Reachability Can Tell the Difference

Author(s): Guillaume Girol, Benjamin Farinier, Sébastien Bardin
Published in: Computer Aided Verification - 33rd International Conference, CAV 2021, Virtual Event, July 20–23, 2021, Proceedings, Part I, Issue 12759, 2021, Page(s) 669-693, ISBN 978-3-030-81684-1
Publisher: Springer International Publishing
DOI: 10.1007/978-3-030-81685-8_32

The Good, The Bad and The Ugly: Pitfalls and Best Practices in Automated Sound Static Analysis of Ethereum Smart Contracts

Author(s): Clara Schneidewind, Markus Scherer, Matteo Maffei
Published in: Leveraging Applications of Formal Methods, Verification and Validation: Applications - 9th International Symposium on Leveraging Applications of Formal Methods, ISoLA 2020, Rhodes, Greece, October 20–30, 2020, Proceedings, Part III, Issue 12478, 2020, Page(s) 212-231, ISBN 978-3-030-61466-9
Publisher: Springer International Publishing
DOI: 10.1007/978-3-030-61467-6_14

Alba: The Dawn of Scalable Bridges for Blockchains

Author(s): Giulia Scaffino, Lukas Aumayr, Mahsa Bastankhah, Zeta Avarikioti, Matteo Maffei
Published in: 2024
Publisher: IACR Cryptology ePrint Archive

CRYPTOVAMPIRE: Automated Reasoning for the Complete Symbolic AttackerCryptographic Model

Author(s): Simon Jeanteur, Laura Kovacs, Matteo Maffei, Michael Rawson
Published in: 2024
Publisher: IACR Cryptology ePrint Archive

Blink: An Optimal Proof of Proof-of-Work

Author(s): Lukas Aumayr, Zeta Avarikioti, Matteo Maffei, Giulia Scaffino, Dionysis Zindros
Published in: 2024
Publisher: IACR Cryptology ePrint Archive

Web Platform Threats: Automated Detection of Web Security Issues With WPT

Author(s): Pedro Bernardo, Lorenzo Veronese, Valentino Dalla Valle, Stefano Calzavara, Marco Squarcina, Pedro Adão, Matteo Maffei
Published in: 33rd USENIX Security Symposium, 2024
Publisher: USENIX Association