Matthew Rossi

A flexible and intuitive tool that relies on instrumentation to collect, merge, and audit the activity traces generated by any application component. This information is then used to create fine-grained access policies, and introduce sandboxing using recent Kernel security modules, strengthening the security boundary of entire cloud applications.

Index enabling query execution over encrypted datasets without leaking frequency information. The tool preprocesses the dataset to construct client-side mappings and encrypt the dataset. Then, it shows their runtime use, by automating the upload of the encrypted dataset to PostgresSQL and Redis, and querying them.

Patch to the Deno JavaScript runtime to provide strong isolation guarantees against the execution of native code. It allows developers to control access to filesystem, Inter-Process Communication, and network, effectively reducing the risks coming from the execution of binary programs and shared libraries. Despite the use of advanced security mechanisms, the solution features a simple interface that requires no application changes nor security expertise from developers.

Patch to the Deno JavaScript runtime to enable the creation of fine-grained sandboxes for the execution of subprocesses. The sandbox is mainly built using Landlock, with policy exceptions being supported thanks to eBPF. The primary goal of the proposed protection mechanism is to preserve the integrity of the filesystem, and prevent access to confidential resources.

Patch to the Android Open Source Project (AOSP) to improve the security of Android applications by allowing developers to define ad hoc policies for their app components. This is a natural evolution of the Android security model, and can help guarantee user privacy even in the presence of third-party components (e.g., advertisement libraries). It supports multiple Android versions and has been tested on virtual and physical devices.

Novel way of implementing time-locked secrets based on smart contracts. It relies on the blockchain to measure the elapse of time, and it combines threshold cryptography with economic incentives and penalties to replace cryptographic puzzles. The prototype is implemented on top of the Ethereum blockchain.

Encrypted virtual filesystem implemented on top of Filesystem in Userspace (FUSE) that persists data using the Mix&Slice all-or-nothing transform.

RDF-based policy engine to evaluate access requests according to the MOSAICrOWN policy language. It includes SQL integrations to identify the set of resources target of a query, make a policy decision, and, when possible, rewrite the query to guarantee the enforcement of the policy.

A recommender system to suggest songs a user would likely add to one of her playlists based on: other tracks in the same playlist, other playlists created by the same user and other playlists created by other users.

A simplified implementation of a rule-based expert system in the medical field, with the goal to filter diseases a patient may be suffering based on the symptoms they presents. A chatbot interacts with the patient by generating questions and parsing their answers with regular expressions.

An implementation of Snake for the Windows Command Prompt.

WebAssembly is a binary instruction format with strong security guarantees by design. While originally designed to run inside web browsers, there are now numerous runtimes that bring WebAssembly outside of it. The need to access system resources in these environments has led to the definition of the WebAssembly System Interface (WASI). With specific regard to the file system, WASI requires runtimes to implement security checks to only permit access to a predefined list of directories. While this is a step in the right direction, the approach not only suffers from poor granularity, but is also error-prone and has led to security issues. In this paper we replace the built-in security checks with eBPF programs, enabling the introduction of fine-grained per-module policies. Preliminary experiments confirm the efficiency of the solution.

Deno is a runtime for JavaScript and TypeScript that is receiving great interest by developers, and is increasingly used for the construction of back-ends of web applications. A primary goal of Deno is to provide a secure and isolated environment for the execution of JavaScript programs. However this protection does not extend to the execution of subprocesses. In this paper we propose Cage4Deno, a set of modifications to Deno enabling the creation of fine-grained sandboxes for the execution of subprocesses by using Landlock and eBPF. Experiments showcase the sandbox effectiveness against a number of exploits and prove the efficiency of the proposal.

k-Anonymity and ℓ-diversity are two well-known privacy metrics that guarantee protection of the respondents of a dataset by obfuscating information that can disclose their identities and sensitive information. Existing solutions assume to operate in a centralized scenario, and therefore cannot scale. In this paper, we propose a solution enforcing both k-anonymity and ℓ-diversity in a distributed manner with the use of Apache Spark. The experimental evaluation shows that our solution provides scalability without affecting the quality of the resulting anonymization.

An approach for indexing encrypted data stored at external providers to enable provider-side evaluation of queries. The approach supports the evaluation of point and range conditions on multiple attributes, and protects data against static frequency-based inferences by clustering tuples in fixed-size groups that are mapped to the same index values. The experiments evaluate query performance and client-storage requirements, and confirm the efficiency of our solution.

Time-Locks enable the release of a secret at a future point in time. Many approaches implement Time-Locks as cryptographic puzzles, binding the time span for the recovery of the secret to the time to solve the puzzle. To overcome this limitation, we propose I Told You Tomorrow (ITYT), a novel way of implementing time-locked secrets based on smart contracts. ITYT relies on the blockchain to measure the elapse of time, and it combines threshold cryptography with economic incentives and penalties to replace cryptographic puzzles. We analyze its resiliency to attacks with the help of economic game theory and demonstrate the low cost and limited resource consumption of the approach with our experiments.

The Android security model focuses on to the protection of system components and secure the interactions between apps. However, app developers have no way to isolate internal components of their applications. Our solution overcomes this limitation, giving developers the power to define ad-hoc Mandatory Access Control (MAC) policies for their apps. This is a natural evolution of the security mechanisms already available in Android, and can help guarantee user privacy even in the presence of third-party components.

An approach for enabling distributed anonymization of sensor data using an arbitrary number of workers with Apache Spark. The experimental evaluation shows that the proposed approach is scalable and does not affect the quality of the anonymized dataset.

The paper describes the prototype of Scalable Distributed Data Anonymization, and how to reproduce its experiments.