Leonardo Querzoni

Pubblicazioni

Titolo Pubblicato in Anno
QMSan: Efficiently Detecting Uninitialized Memory Errors During Fuzzing Proceedings of the Network and Distributed System Security (NDSS) Symposium 2025 2025
Predictive Context-sensitive Fuzzing Proceedings of the Network and Distributed System Security (NDSS) Symposium 2024 2024
BinBert: Binary Code Understanding with a Fine-tunable and Execution-aware Transformer IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 2024
Evading Userland API Hooking, Again: Novel Attacks and a Principled Defense Method Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2024. Lecture Notes in Computer Science 2024
Adversarial Attacks against Binary Similarity Systems IEEE ACCESS 2024
Where Did My Variable Go? Poking Holes in Incomplete Debug Information International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS 2023
BinBench: a benchmark for x64 portable operating system interface binary function representations PEERJ. COMPUTER SCIENCE. 2023
SoK: Cybersecurity Regulations, Standards and Guidelines for the Healthcare Sector 2023 IEEE International Conference on Intelligence and Security Informatics (ISI) 2023
A MULTI-LAYER ATTACK MODEL INTEGRATING HUMAN FACTORS IN DELIVERING CYBERSECURITY STRATEGIC LEADERSHIP JOURNAL 2023
Evaluating Dynamic Binary Instrumentation Systems for Conspicuous Features and Artifacts DIGITAL THREATS 2022
An industry 4.0 approach to large scale production of satellite constellations. The case study of composite sandwich panel manufacturing ACTA ASTRONAUTICA 2022
Special issue on algorithmic theory of dynamic networks and Its applications JOURNAL OF COMPUTER AND SYSTEM SCIENCES 2022
Debugging Debug Information with Neural Networks IEEE ACCESS 2022
Principled Composition of Function Variants for Dynamic Software Diversity and Program Protection Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering 2022
Function Representations for Binary Similarity IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING 2021
Who's Debugging the Debuggers? Exposing Debug Information Bugs in Optimized Binaries ASPLOS 2021: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems 2021
Rope: Covert Multi-process Malware Execution with Return-Oriented Programming Computer Security – ESORICS 2021 2021
Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization Proceedings of the ACM Conference on Computer and Communications Security 2021
Klink: Progress-Aware Scheduling for Streaming Data Systems In Proceedings of the 2021 International Conference on Management of Data (SIGMOD/PODS '21) 2021
SMART MANUFACTURING IN THE SPACE INDUSTRY. A CYBER-PHYSICAL SYSTEM ARCHITECTURE AND ITS IMPLEMENTATION TO A MAIT PROCESS FOR MEGA CONSTELLATIONS OF SATELLITES 2021

ERC

  • PE6_2
  • PE6_5

KET

  • Big data & computing

Interessi di ricerca

Cybersecurity

The security of cyber physical systems represents today a field where countries are basing their future economic growth. Despite its importance, this is a field where the asymmetry between criminals and defendants is continuously growing: dozens of new attacks with severe impacts are discovered every day, while technologies and methodologies for securing target systems struggle to advance at an adequate pace. Further research is strongly needed to improve the ability of security operators to face more effectively and timely an ever increasing mass of attacks. My research in this context is focused on the study of new approaches to support security analysis in their reverse engineering efforts. Some of the solutions I investigate are based on the usage of language based models, the we exploit to automatically identify relevant characteristics in binary code.

Stream processing

In the last few years we are witnessing a huge growth in information production. IBM claims that "every day, we create 2.5 quintillion bytes of data - so much that 90% of the data in the world today has been created in the last two years alone". This apparently unrelenting growth is a consequence of several factors including the pervasiveness of social networks, the smartphone market success, the shift toward an “Internet of things” and the consequent widespread deployment of sensor networks. Big Data applications are typically characterized by the three V's: large volumes (up to petabytes) at a high velocity (intense data streams that must be analyzed in quasi real-time) with extreme variety (mix of structured and unstructured data). These large datasets are typically analyzed using either a batch approach (using well-known frameworks like Apache Hadoop) or with stream processing. This latter approach focussed on representing data as a real-time flow of events proved to be particularly advantageous for all those applications where data is continuously produced and must be analyzed on the fly. Complex event processing engines are used to apply complex detection and aggregation rules on intense data streams and output, as a result, new events. My research in this context is focussed in studying novel solutions for increasing the scalability and efficiency of stream processing systems as well as improving their reliability to faults.

Keywords

cybersecurity
Stream processing

Progetti di Ricerca

Gruppi di ricerca

Computer Networks and Pervasive Systems

Gruppi di ricerca - Responsabile

Cybersecurity

© Università degli Studi di Roma "La Sapienza" - Piazzale Aldo Moro 5, 00185 Roma