me

Giancarlo Pellegrino

Dependable, Embedded Systems and Software
TU Darmstadt
Hochschulstrasse 10
64289 Darmstadt
Germany

Short bio:

I am currently a postdoc in the "Dependable Systems and Software" (DEEDS) group at the Technische Universität Darmstadt, Germany. I hold a Ph.D. in computer network and security from Telecom ParisTech, France. During my doctoral studies, I was member of the S3 group at EURECOM in Sophia-Antipolis (France) under the supervision of the Assistant Professor Davide Balzarotti. Until August 2013, I worked as Researcher Associate in the "Security and Trust" group at the SAP research laboratories in Sophia-Antipolis and Karlsruhe.

Research interests:

My main research interests include, but are not limited to, security testing, model-based testing, and formal methods in the area of web security, business applications, security protocols, and network protocols.

Projects

Selected publications

A complete list is available here

  • Toward Black-Box Detection of Logic Flaws in Web Applications
    G. Pellegrino, D. Balzarotti
    Network and Distributed System Security symposium 2014 (NDSS2014), San Diego, USA, February 23-25, 2014
    [pdf]
  • An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations
    A. Armando, R. Carbone, L. Compagna, J. Cuéllar, G. Pellegrino, A. Sorniotti
    Computers & Security, 2013
    [url]
  • A Tool for Supporting Developers in Analyzing the Security of Web-based Security Protocols
    G. Pellegrino, L. Compagna, T. Moreggia
    to appear in Proceedings of the 25th IFIP International Conference on Testing Software and Systems (ICTSS'13), Istanbul, Turkey, November 13-15, 2013
    [pdf]
  • From Model-checking to Automated Testing of Security Protocols: Bridging the Gap
    A. Armando, G. Pellegrino, R. Carbone, A. Merlo, D. Balzarotti
    6th International Conference on Tests & Proofs (TAP 2012), Prague (Czech Republic), May 31 - June 1, 2012
    [pdf]

Presentations and Talks

Professional activities

Vulnerability discovery and disclosure

A complete list is available here