Reach me here:

Short Bio

Hi folks!

I am a geeky guy who likes cybersecurity. I mainly deal with trusted computing. In particular, I play with SGX and TrustZone, but not only.

Currently, I am moving to fuzzing and software analysis.

I defended my Ph.D. at Singapore University of Technology and Design in September 2021. Currently, I am working as PostDoc with Mathias Payer in the HexHive.

If you are interested in my works, let's browse the nav bar above. Enjoy.

Academic Activities

  • Srivastava P., Toffalini F., Vorobyov K., Gauthier F., Bianchi A., Payer M.. ''Crystallizer: A Hybrid Path Analysis Framework To Aid in Uncovering Deserialization Vulnerabilities'' Proceeding of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2023)
  • Zheng H., Zhang J., Huang Y., Ren Z., Wang H., Cao C., Zhang Y., Toffalini F., Payer M.. ''FishFuzz: Throwing Larger Nets to Catch Deeper Bugs'' Proceeding of the 32nd USENIX Security Symposium (Usenix SEC 2023)
  • Xu J., Di Bartolomeo L., Toffalini F., Mao B., Payer M.. ''WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches'' Proceeding of the 44th IEEE Symposium on Security and Privacy (S&P 2023)
  • Liu Q., Toffalini F., Zhou Y., Payer M.. ''ViDeZZO: Dependency-aware Virtual Device Fuzzing'' Proceeding of the 44th IEEE Symposium on Security and Privacy (S&P 2023)
  • Toffalini F., Payer M., Zhou J., Cavallaro L.. ''Designing a Provenance Analysis for SGX Enclaves'' Proceeding of the 38th Annual Computer Security Applications Conference (ACSAC 2022)
  • Jiang Z., Gan S., Herrera A., Toffalini F., Romerio L., Tang C., Egele M., Zhang C., Payer M.. ''Evocatio: Conjuring Bug Capabilities from a Single PoC'' Proceeding of the ACM SIGSAC Conference on Computer and Communications Security (CCS 2022)
  • Toffalini F., Graziano M., Conti M., Zhou J.. ''SnakeGX: a sneaky attack against SGX Enclaves'' Proceeding of the 19th International Conference on Applied Cryptography and Network Security (ACNS 2022)
  • Toffalini F., Oliveri A., Graziano M., Zhou J., Balzarotti D.. ''The evidence beyond the wall: Memory forensics in SGX environments'' Forensic Science International: Digital Investigation, 2021
  • Toffalini F., Losiouk E., Biondo A., Zhou J., Conti M.. ''ScaRR: Scalable Runtime Remote Attestation for Complex Systems'' Proceeding of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)
  • Toffalini F., Ochoa M., Sun J., Zhou J.. ''Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing'' Proceeding of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY 2019)
  • Homoliak I., Toffalini F., Guarnizo J., Elovici Y., Ochoa M.. ''Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures'' ACM Computing Surveys (CSUR), 2019
  • Toffalini F., Sun J., Ochoa M.. ''Practical static analysis of context leaks in Android applications'' Software: Practice and Experience, 2019
  • Toffalini F., Sun J., Ochoa M.. ''Static Analysis of Context Leaks in Android Applications'' Proceeding of the 40th International Conference on Software Engineering: Software Engineering in Practice (SEPA@ICSE)
  • Toffalini F., Homoliak I., Harilal A., Binder A., Ochoa M.. ''Detection of Masqueraders Based on Graph Partitioning of File System Access Events'' Proceeding of IEEE Security and Privacy Workshops (SPW)
  • Harilal A., Toffalini F., Homoliak I., John C., Guarnizo J., Mondal S., Ochoa M.. ''The Wolf Of SUTD (TWOS): A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition'' Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 2018
  • Harilal A., Toffalini F., John C., Guarnizo J., Homoliak I., Ochoa M.. ''TWOS: A Dataset of Malicious Insider Threat Behavior Based on Gamified Competition'' Proceeding of the 9th ACM CCS International Workshop on Managing Insider Security Threats (MIST)
  • Toffalini F., Abba' M., Carra D., Balzarotti D.. ''Google Dorks: Analysis, Creation, and new Defenses'' Proceeding of the 13th International Conference of Detection of Intrusions, Malware, and Vulnerability Assessment, (DIMVA 2016)
  • De Stefani F., Gamba P., Goldoni E., Savioli A., Silvestri D., Toffalini F.. ''REnvDB, a RESTful Database for Pervasive Environmental Wireless Sensor Networks'' Proceeding of the 30th IEEE International Conference on Distributed Computing Systems Workshops