me

Giancarlo Pellegrino

System Security Research Group
CISPA, Saarland University
Campus E1.7
66123 Saarbrücken
Germany

Short bio:

I am currently a postdoc in the System Security research group at Saarland University, Germany. I hold a Ph.D. in computer network and security from Telecom ParisTech/EURECOM, France. During my doctoral studies, I was member of the S3 group at EURECOM in Sophia-Antipolis (France) under the supervision of the Assistant Professor Davide Balzarotti. Until August 2013, I worked as Researcher Associate in the "Security and Trust" group at the SAP research laboratories in Sophia-Antipolis and Karlsruhe.

Research interests:

My main research interests include, but are not limited to, security testing, model-based testing, and formal methods in the area of web security, modern business applications, security protocols, and network protocols.

Selected publications

A complete list is available here

  • In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services
    G. Pellegrino, D. Balzarotti, S. Winter, N. Suri
    Accepted to USENIX Security 2015
    [pdf]
  • Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics
    G. Pellegrino, C. Rossow, F. J. Ryba, T. C. Schmidt, M. Waehlisch
    Accepted to WOOT 2015
    [pdf]
  • Toward Black-Box Detection of Logic Flaws in Web Applications
    G. Pellegrino, D. Balzarotti
    Network and Distributed System Security symposium 2014 (NDSS2014), San Diego, USA, February 23-25, 2014
    [pdf]
  • An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations
    A. Armando, R. Carbone, L. Compagna, J. Cuéllar, G. Pellegrino, A. Sorniotti
    Computers & Security, 2013
    [url]
  • A Tool for Supporting Developers in Analyzing the Security of Web-based Security Protocols
    G. Pellegrino, L. Compagna, T. Moreggia
    25th IFIP International Conference on Testing Software and Systems (ICTSS'13), Istanbul, Turkey, November 13-15, 2013
    [pdf]
  • From Model-checking to Automated Testing of Security Protocols: Bridging the Gap
    A. Armando, G. Pellegrino, R. Carbone, A. Merlo, D. Balzarotti
    6th International Conference on Tests & Proofs (TAP 2012), Prague (Czech Republic), May 31 - June 1, 2012
    [pdf]

Projects

Presentations and Talks

Professional activities

Vulnerability discovery and disclosure

A complete list is available here