Publications
Current marketplaces rely on search mechanisms with distributed systems but centralized governance, making them vulnerable to attacks, failures, censorship and biases. While search mechanisms with more decentralized governance (e.g., DeSearch) have been recently proposed, these are still exposed… Read more
Many smart home applications collect sensitive data and interact with remote services. The local-first principle minimizes data propagation by favoring local processing and communicating with remote services only when necessary. HubOS is an operating system for smart home hubs supporting… Read more
Feature representation is a key factor in machine learning-based malware detection, affecting the information expressed and used for detection, the choice of the classifier, and computational efficiency. While both tabular and graph-based feature representations have been widely studied, we lack… Read more
Intrusion Detection Systems (IDS) play a crucial role in network security. An IDS recognizes malicious activity in network traffic by matching it against patterns defined in a set of rules. The complexity and size of rule sets lead to substantial computational load. In a state-of-the-art IDS,… Read more
Graph-based representations of program behavior are a powerful foundation for machine learning-based malware detection. However, the large size and complexity of these behavior graphs pose scalability challenges. This paper presents a systematic evaluation of five graph reduction strategies—… Read more
Layer-2 protocols such as rollups can help address Ethereum’s throughput limits. An efficient data availability layer is key for layer-2 support in Ethereum, but broadcast methods do not scale. A promising approach is the selective distribution of layer-2 data and its verification by data… Read more
Ethereum is the dominant blockchain ecosystem capable of executing Turing-complete smart contracts. Rollups gained significant traction as the primary layer 2 (L2) solution meant to bring horizontal scalability to the main Ethereum network (L1). A core component of any rollup is the sequencer,… Read more
QUIC is a transport-layer protocol that encrypts most headers and all payload data, encapsulating them in UDP to provide security and low latency. However, this encryption and encapsulation pose challenges for kernel-level network and security monitoring. To address this, we present LinkQUIC,… Read more
Cyber attacks are increasing, causing financial losses, data breaches, and reputational damage for individuals and organizations. Since human error remains the leading cause, raising awareness of cyber threats is essential. Cyber range scenarios aim to mitigate these risks but often fail to… Read more
We propose a novel adaptive self-guarded honeypot called Asgard2.0,
designed to capture shell-based attacks on real Linux-based systems via
remote SSH access and to automatically recover when severely compromised.
Asgard2.0 leverages Deep Q-Networks (DQN), a Deep… Read morePolka is a post-quantum public-key encryption scheme from PKC 2023, designed in order to be efficiently protected against side-channel attacks. Its motivation arises from the acknowledged difficulty of protecting Kyber against such attacks. Concretely, the structure of Polka aims to allow so-… Read more
In 2001, Hirt proposed a receipt-free voting scheme, which
prevents malicious voters from proving to anybody how they voted, under
the assumption of the availability of a helping server that is trusted for
receipt-freeness, and only for that property. This appealing design led to
a… Read moreWe design new encryption mechanisms that enable the design of the first universally verifiable voting schemes, supporting both receipt-freeness and everlasting privacy without assuming the existence of an anonymous channel.
Our schemes support the two most traditional election tallying… Read more
opn.vote is a publicly verifiable e-voting system that mitigates the single point of failure in traditional bulletin board architectures by moving critical processes to a public blockchain. Using Ethereum's Account Abstraction, it lets voters cast and re-cast ballots without wallets or… Read more
A honeypot is a security tool which is deliberately designed to be vulnerable, enticing attackers to probe, attack, and compromise it. It has been used since the early 1990s to capture cyberattacks. Today, it remains one of the most widely used security tools, alongside other security mechanisms… Read more
The security of smart contracts, a fundamental component of decentralized applications (dApps) on blockchain platforms, remains a critical concern due to the risk of severe financial losses from vulnerabilities. Traditional detection methods, such as fuzzing and symbolic execution, are effective… Read more