Davide Vernizzi

Learn More
Security breaches on the Internet rarely involve compromising secure channels - typically based on protocols like Transport Layer Security (TLS) or Internet Protocol Security (IPsec) - because communication endpoints are much easier to compromise. Recent approaches aiming to solve this problem rely on the TLS protocol to additionally provide integrity(More)
Virtualization of computers enables a wide variety of applications ranging from server consolidation to secure sandboxing of malicious content. Today, lack of security of virtual machines is a major obstacle for broad adoption of virtual machine technology. We address this obstacle by an open architecture that adds scalable trusted computing concepts to a(More)
Among the problems of binary remote attestation, scalability has often been mentioned in literature because a verifier must know all possible measurements considered acceptable. In this paper, we show that scalability is a manageable issue when attesting a Linux distribution. The main issues remain identifying, with low time impact, the scripts executed,(More)
† This paper is an extended version of the paper by the same title that appeared in the proceedings of the CISIS’08 conference. Abstract: Information systems controlling critical infrastructures are vital elements of our modern society. Purely software-based protection techniques have demonstrated limits in fending off attacks and providing assurance of(More)
A broadcast encryption (BE) system allows a center to send encrypted messages over a public broadcast channel towards many users. The use of BE has been proposed for different scenarios: multimedia broadcasting, encrypted file systems, secure mailing lists and peer-to-peer applications.BE protects the communication channel, but not the platforms where the(More)
The large number of online services poses serious problems to users' privacy. The sole confidentiality of data exchanged is not enough for complete privacy because an external observer may learn sensitive information simply by observing the communication channel, even if it is not possible to access the actual data transmitted. In this position paper, we(More)