Reach me here:

About Me

Dr. Flavio Toffalini is a cybersecurity researcher and newly appointed assistant professor at Ruhr-Universität Bochum (RUB) starting September 2024. His research expertise lies in system security, with a focus on automatic software testing, threat mitigation, and trusted computing technologies.

Dr. Toffalini earned his Ph.D. from the Singapore University of Technology and Design (SUTD) under the supervision of Professor Jianying Zhou. His doctoral thesis explored the intersection of trusted execution environments—particularly SGX and TrustZone—and software engineering, identifying new attack surfaces and proposing innovative defense mechanisms.

Following his Ph.D., Dr. Toffalini joined the HexHive group as a Postdoctoral Researcher under the guidance of Professor Mathias Payer. During his stay at EPFL, he expanded his expertise in automatic software testing and threat mitigation.

At RUB, Dr. Toffalini continues his pioneering research in system security. He is actively recruiting Ph.D. students to join his team and contribute to cutting-edge projects in automatic software testing, threat mitigation, and trusted computing. Current opportunities include research on browser and interpreter testing.

For any inquiries, feel free to contact him at flavio.toffalini@rub.de.

Academic Activities

Publications

  • Rusconi D., Zoia M., Buccioli L., Pierazzi F., Bruschi D., Cavallaro L., Toffalini F., Lanzi A.. ''EmbedWatch: Fat Pointer Solution for Detecting Spatial Memory Errors in Embedded Systems'' Proceeding of the 6th Workshop on CPS and IoT Security (CPSIoTSec)
  • Zheng H., Toffalini F., Payer M.. ''TuneFuzz: Adaptively Exploring Target Programs'' Proceeding of the 17th Intl. Workshop on Search-Based and Fuzz Testing (SBFT 2024)
  • Srivastava P., Toffalini F., Vorobyov K., Gauthier F., Bianchi A., Payer M.. ''Crystallizer: A Hybrid Path Analysis Framework To Aid in Uncovering Deserialization Vulnerabilities'' Proceeding of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2023)
  • Zheng H., Zhang J., Huang Y., Ren Z., Wang H., Cao C., Zhang Y., Toffalini F., Payer M.. ''FishFuzz: Throwing Larger Nets to Catch Deeper Bugs'' Proceeding of the 32nd USENIX Security Symposium (Usenix SEC 2023)
  • Xu J., Di Bartolomeo L., Toffalini F., Mao B., Payer M.. ''WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches'' Proceeding of the 44th IEEE Symposium on Security and Privacy (S&P 2023)
  • Liu Q., Toffalini F., Zhou Y., Payer M.. ''ViDeZZO: Dependency-aware Virtual Device Fuzzing'' Proceeding of the 44th IEEE Symposium on Security and Privacy (S&P 2023)
  • Toffalini F., Payer M., Zhou J., Cavallaro L.. ''Designing a Provenance Analysis for SGX Enclaves'' Proceeding of the 38th Annual Computer Security Applications Conference (ACSAC 2022)
  • Jiang Z., Gan S., Herrera A., Toffalini F., Romerio L., Tang C., Egele M., Zhang C., Payer M.. ''Evocatio: Conjuring Bug Capabilities from a Single PoC'' Proceeding of the ACM SIGSAC Conference on Computer and Communications Security (CCS 2022)
  • Toffalini F., Graziano M., Conti M., Zhou J.. ''SnakeGX: a sneaky attack against SGX Enclaves'' Proceeding of the 19th International Conference on Applied Cryptography and Network Security (ACNS 2022)
  • Toffalini F., Oliveri A., Graziano M., Zhou J., Balzarotti D.. ''The evidence beyond the wall: Memory forensics in SGX environments'' Forensic Science International: Digital Investigation, 2021
  • Toffalini F., Losiouk E., Biondo A., Zhou J., Conti M.. ''ScaRR: Scalable Runtime Remote Attestation for Complex Systems'' Proceeding of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)
  • Toffalini F., Ochoa M., Sun J., Zhou J.. ''Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing'' Proceeding of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY 2019)
  • Homoliak I., Toffalini F., Guarnizo J., Elovici Y., Ochoa M.. ''Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures'' ACM Computing Surveys (CSUR), 2019
  • Toffalini F., Sun J., Ochoa M.. ''Practical static analysis of context leaks in Android applications'' Software: Practice and Experience, 2019
  • Toffalini F., Sun J., Ochoa M.. ''Static Analysis of Context Leaks in Android Applications'' Proceeding of the 40th International Conference on Software Engineering: Software Engineering in Practice (SEPA@ICSE)
  • Toffalini F., Homoliak I., Harilal A., Binder A., Ochoa M.. ''Detection of Masqueraders Based on Graph Partitioning of File System Access Events'' Proceeding of IEEE Security and Privacy Workshops (SPW)
  • Harilal A., Toffalini F., Homoliak I., John C., Guarnizo J., Mondal S., Ochoa M.. ''The Wolf Of SUTD (TWOS): A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition'' Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 2018
  • Harilal A., Toffalini F., John C., Guarnizo J., Homoliak I., Ochoa M.. ''TWOS: A Dataset of Malicious Insider Threat Behavior Based on Gamified Competition'' Proceeding of the 9th ACM CCS International Workshop on Managing Insider Security Threats (MIST)
  • Toffalini F., Abba' M., Carra D., Balzarotti D.. ''Google Dorks: Analysis, Creation, and new Defenses'' Proceeding of the 13th International Conference of Detection of Intrusions, Malware, and Vulnerability Assessment, (DIMVA 2016)
  • De Stefani F., Gamba P., Goldoni E., Savioli A., Silvestri D., Toffalini F.. ''REnvDB, a RESTful Database for Pervasive Environmental Wireless Sensor Networks'' Proceeding of the 30th IEEE International Conference on Distributed Computing Systems Workshops