Alessio Merlo

Learn More
We present a previously undisclosed vulnerability of Android OS which can be exploited by mounting a Denial-of-Service attack that makes devices become totally unresponsive. We discuss the characteristics of the vulnerability – which affects all versions of Android – and propose two different fixes, each involving little patching implementing a few(More)
The security model of the Android OS is based on the effective combination of a number of well-known security mechanisms (e.g. statically defined permissions for applications, the isolation offered by the Dalvik Virtual Machine, and the well-known Linux discretionary access control model). Although each security mechanism has been extensively tested and(More)
The growing spread of malware on Android OS requires new approaches for the detection and recognition of malicious applications on mobile devices. An emerging idea is characterizing malicious behaviors in terms of energy consumption, to support the definition of Energy-aware Intrusion Detection Systems that are able to recognize malicious behaviors in terms(More)
DNS Tunnels are built through proper tools that allow embedding data on DNS queries and response. Each tool has its own approach to the building tunnels in DNS that differently affects the network performance. In this paper, we propose a brief architectural analysis of the current state-of-the-art of DNS Tunneling tools. Then, wepropose the first(More)
Social environments were already present in the original Web vision, but nowadays are mainly available through Online Social Networks (OSNs), which are a real cultural phenomenon. However, their actual deployment is very heterogeneous, reflecting into different development choices and functional architectures. Such aspects, jointly with the intrinsic(More)
We present a distributed approach for grid resource discovery, which combines a structured view of resources (single machines, homogeneous and heterogeneous clusters) at the physical organization (PO) level with a super-peer network connecting the various POs. The proposed architecture is modular and independent of the particular grid middleware. After a(More)
Mobile devices have an important role to play in the private as well as the professional activities of working people. However, their use can pose a serious threat to the security of the working environment. Many organizations therefore establish a specific bring your own device (BYOD) policy. This paper presents a proposal for how to foster a secure,(More)
Model checkers have been remarkably successful in finding flaws in security protocols. In this paper we present an approach to binding specifications of security protocols to actual implementations and show how it can be effectively used to automatically test implementations against putative attack traces found by the model checker. By using our approach we(More)