TU Wien Informatics

20 Years

About

My research interests focus mainly on Web and mobile security, but I'm passionate about computer security and hacking in its broadest sense. I love teaching, and I strongly support the concept of learning by doing. Sometimes I play and organise CTF competitions with w0y and mhackeroni. I had the privilege to do cool things connected with my job, like talking at Black Hat USA, playing DEF CON CTF finals 4 times, co-organizing the Italian Cyber Challenge project, training Team Europe for the International Cybersecurity Challenge (ICC), or hosting the largest Attack/Defense CTF in the history of the European Cybersecurity Challenge (ECSC 2022). I'm now coaching the Austrian team for ECSC and coordinating other national educational activities on IT security.

Role

2023W

2024S

 

  • Cookie Crumbles: Breaking and Fixing Web Session Integrity / Squarcina, M., Adão, P., Lorenzo Veronese, & Matteo Maffei. (2023). Cookie Crumbles: Breaking and Fixing Web Session Integrity. In J. Calandrino & C. Troncoso (Eds.), SEC ’23: Proceedings of the 32nd USENIX Conference on Security Symposium (pp. 5539–5556). USENIX Association. https://doi.org/10.34726/5329
    Downloads: Paper (1020 KB) / Appendix Paper (342 KB) / Slides (2.54 MB)
    Projects: Browsec (2018–2024) / ViSP (2019–2023) / W4MP (2023–2027)
  • WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms / Veronese, L., Farinier, B., Bernardo, P., Tempesta, M., Squarcina, M., & Maffei, M. (2023). WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms. In 2023 IEEE Symposium on Security and Privacy (SP) (pp. 2761–2779). IEEE. https://doi.org/10.1109/SP46215.2023.10179465
    Projects: Browsec (2018–2024) / ViSP (2019–2023)
  • The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches / Squarcina, M., Calzavara, S., & Maffei, M. (2021). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches. In 2021 IEEE Security and Privacy Workshops (SPW). 15th IEEE Workshop on Offensive Technologies, San Francisco, CA, United States of America (the). https://doi.org/10.1109/spw53761.2021.00062
  • Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web / Squarcina, M., Tempesta, M., Veronese, L., Calzavara, S., & Maffei, M. (2021). Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web. In 30th USENIX Security Symposium (pp. 2917–2934). 30th USENIX Security Symposium, USENIX Security 2021, August 11-13, 2021. http://hdl.handle.net/20.500.12708/58469
  • The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications / Somé, D. F., Squarcina, M., Calzavara, S., & Maffei, M. (2020). The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications. EuroS&P 2020 SecWeb Workshop, Genova, IT, EU. http://hdl.handle.net/20.500.12708/87080
  • Gathering of robots in a ring with mobile faults / Das, S., Focardi, R., Luccio, F. L., Markou, E., & Squarcina, M. (2019). Gathering of robots in a ring with mobile faults. Theoretical Computer Science, 764, 42–60. https://doi.org/10.1016/j.tcs.2018.05.002
  • Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem / Calzavara, S., Focardi, R., Nemec, M., Rabitti, A., & Squarcina, M. (2019). Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, Austria. IEEE. https://doi.org/10.1109/sp.2019.00053
  • Surviving the Web / Calzavara, S., Squarcina, M., Focardi, R., & Tempesta, M. (2018). Surviving the Web. In Companion of the The Web Conference 2018 on The Web Conference 2018 - WWW ’18. International World Wide Web Conferences Steering Committee Republic and Canton of Geneva, Switzerland ©2018, Austria. ACM. https://doi.org/10.1145/3184558.3186232
  • Mind Your Keys? A Security Evaluation of Java Keystores / Focardi, R., Squarcina, M., Steel, G., Palmarini, M., & Tempesta, M. (2018). Mind Your Keys? A Security Evaluation of Java Keystores. In Proceedings of 2019 Network and Distributed System Security Symposium (pp. 1–15). http://hdl.handle.net/20.500.12708/57775
  • WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring / Calzavara, S., Maffei, M., Schneidewind, C., Tempesta, M., & Squarcina, M. (2018). WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring. In Proceedings of the 27th USENIX Security Symposium (pp. 1493–1510). USENIX. http://hdl.handle.net/20.500.12708/57493
  • Surviving the Web: A Journey into Web Session Security / Calzavara, S., Focardi, R., Squarcina, M., & Tempesta, M. (2017). Surviving the Web: A Journey into Web Session Security. ACM Computing Surveys, 50(1), 1–34. https://doi.org/10.1145/3038923
  • Run-Time Attack Detection in Cryptographic APIs / Squarcina, M., & Focardi, R. (2017). Run-Time Attack Detection in Cryptographic APIs. In 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE Computer Security Foundations Symposium, Santa Barbara, USA, Non-EU. IEEE Xplore Digital Library. https://doi.org/10.1109/csf.2017.33