Reach me here:

Publications

  • Rusconi D., Zoia M., Buccioli L., Pierazzi F., Bruschi D., Cavallaro L., Toffalini F., Lanzi A.. ''EmbedWatch: Fat Pointer Solution for Detecting Spatial Memory Errors in Embedded Systems'' Proceeding of the 6th Workshop on CPS and IoT Security (CPSIoTSec)
  • Zheng H., Toffalini F., Payer M.. ''TuneFuzz: Adaptively Exploring Target Programs'' Proceeding of the 17th Intl. Workshop on Search-Based and Fuzz Testing (SBFT 2024)
  • Srivastava P., Toffalini F., Vorobyov K., Gauthier F., Bianchi A., Payer M.. ''Crystallizer: A Hybrid Path Analysis Framework To Aid in Uncovering Deserialization Vulnerabilities'' Proceeding of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2023)
  • Zheng H., Zhang J., Huang Y., Ren Z., Wang H., Cao C., Zhang Y., Toffalini F., Payer M.. ''FishFuzz: Throwing Larger Nets to Catch Deeper Bugs'' Proceeding of the 32nd USENIX Security Symposium (Usenix SEC 2023)
  • Xu J., Di Bartolomeo L., Toffalini F., Mao B., Payer M.. ''WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches'' Proceeding of the 44th IEEE Symposium on Security and Privacy (S&P 2023)
  • Liu Q., Toffalini F., Zhou Y., Payer M.. ''ViDeZZO: Dependency-aware Virtual Device Fuzzing'' Proceeding of the 44th IEEE Symposium on Security and Privacy (S&P 2023)
  • Toffalini F., Payer M., Zhou J., Cavallaro L.. ''Designing a Provenance Analysis for SGX Enclaves'' Proceeding of the 38th Annual Computer Security Applications Conference (ACSAC 2022)
  • Jiang Z., Gan S., Herrera A., Toffalini F., Romerio L., Tang C., Egele M., Zhang C., Payer M.. ''Evocatio: Conjuring Bug Capabilities from a Single PoC'' Proceeding of the ACM SIGSAC Conference on Computer and Communications Security (CCS 2022)
  • Toffalini F., Graziano M., Conti M., Zhou J.. ''SnakeGX: a sneaky attack against SGX Enclaves'' Proceeding of the 19th International Conference on Applied Cryptography and Network Security (ACNS 2022)
  • Toffalini F., Oliveri A., Graziano M., Zhou J., Balzarotti D.. ''The evidence beyond the wall: Memory forensics in SGX environments'' Forensic Science International: Digital Investigation, 2021
  • Toffalini F., Losiouk E., Biondo A., Zhou J., Conti M.. ''ScaRR: Scalable Runtime Remote Attestation for Complex Systems'' Proceeding of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019)
  • Toffalini F., Ochoa M., Sun J., Zhou J.. ''Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing'' Proceeding of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY 2019)
  • Homoliak I., Toffalini F., Guarnizo J., Elovici Y., Ochoa M.. ''Insight Into Insiders and IT: A Survey of Insider Threat Taxonomies, Analysis, Modeling, and Countermeasures'' ACM Computing Surveys (CSUR), 2019
  • Toffalini F., Sun J., Ochoa M.. ''Practical static analysis of context leaks in Android applications'' Software: Practice and Experience, 2019
  • Toffalini F., Sun J., Ochoa M.. ''Static Analysis of Context Leaks in Android Applications'' Proceeding of the 40th International Conference on Software Engineering: Software Engineering in Practice (SEPA@ICSE)
  • Toffalini F., Homoliak I., Harilal A., Binder A., Ochoa M.. ''Detection of Masqueraders Based on Graph Partitioning of File System Access Events'' Proceeding of IEEE Security and Privacy Workshops (SPW)
  • Harilal A., Toffalini F., Homoliak I., John C., Guarnizo J., Mondal S., Ochoa M.. ''The Wolf Of SUTD (TWOS): A Dataset of Malicious Insider Threat Behavior Based on a Gamified Competition'' Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 2018
  • Harilal A., Toffalini F., John C., Guarnizo J., Homoliak I., Ochoa M.. ''TWOS: A Dataset of Malicious Insider Threat Behavior Based on Gamified Competition'' Proceeding of the 9th ACM CCS International Workshop on Managing Insider Security Threats (MIST)
  • Toffalini F., Abba' M., Carra D., Balzarotti D.. ''Google Dorks: Analysis, Creation, and new Defenses'' Proceeding of the 13th International Conference of Detection of Intrusions, Malware, and Vulnerability Assessment, (DIMVA 2016)
  • De Stefani F., Gamba P., Goldoni E., Savioli A., Silvestri D., Toffalini F.. ''REnvDB, a RESTful Database for Pervasive Environmental Wireless Sensor Networks'' Proceeding of the 30th IEEE International Conference on Distributed Computing Systems Workshops