me

Giancarlo Pellegrino

Dependable, Embedded Systems and Software
TU Darmstadt
Hochschulstrasse 10
64289 Darmstadt
Germany

Short bio:

I am currently a postdoc in the "Dependable Systems and Software" (DEEDS) group at the Technische Universität Darmstadt, Germany. I hold a Ph.D. in computer network and security from Telecom ParisTech, France. During my doctoral studies, I was member of the S3 group at EURECOM in Sophia-Antipolis (France) under the supervision of the Assistant Professor Davide Balzarotti. Until August 2013, I worked as Researcher Associate in the "Security and Trust" group at the SAP research laboratories in Sophia-Antipolis and Karlsruhe, contributing to the EU FP7 funded projects AVANTSSAR (Automated VAlidatioN of Trust and Security of Service-oriented ARchitectures) and SPaCIoS (Secure Provision and Consumption in the Internet of Services).

Research interests:

My main research interests include, but are not limited to, security testing, model-based testing, and formal methods in the area of web security, business applications, security protocols, and network protocols.

Publications:

Journal papers
  • A. Armando, R. Carbone, L. Compagna, J. Cuéllar, G. Pellegrino, A. Sorniotti
    An Authentication Flaw in Browser-based Single Sign-On Protocols: Impact and Remediations
    Computers & Security, 2013
    [url]
Conference Papers
  • G. Pellegrino, D. Balzarotti
    Toward Black-Box Detection of Logic Flaws in Web Applications
    Network and Distributed System Security symposium 2014 (NDSS2014), San Diego, USA, February 23-25, 2014
    [pdf]
  • G. Pellegrino, L. Compagna, T. Moreggia
    A Tool for Supporting Developers in Analyzing the Security of Web-based Security Protocols
    to appear in Proceedings of the 25th IFIP International Conference on Testing Software and Systems (ICTSS'13), Istanbul, Turkey, November 13-15, 2013
    [pdf]
  • A. Armando, G. Pellegrino, R. Carbone, A. Merlo, D. Balzarotti
    From Model-checking to Automated Testing of Security Protocols: Bridging the Gap
    6th International Conference on Tests & Proofs (TAP 2012), Prague (Czech Republic), May 31 - June 1, 2012
    [pdf]
  • A. Armando, W. Arsac, T. Avanesov, M. Barletta, A. Calvi, A. Cappai, R. Carbone, Y. Chevalier, L. Compagna, J. Cuéllar, G. Erzse, S. Frau, M. Minea, S. Mödersheim, D. von Oheimb, G. Pellegrino, S. E. Ponta, M. Rocchetto, M. Rusinowitch, M. Torabi Dashti, M. Turuani, and L. Viganò.
    The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures
    18th International Conference on Tools and Algorihms for the Construction and Analysis of Systems (TACAS 2012), Talling, Estonia, March 24 - April 1, 2012
    [pdf]
  • A. Armando, R. Carbone, L. Compagna, J. Cuéllar, G. Pellegrino, A. Sorniotti
    From Multiple Credentials to Browser-based Single Sign-On: Are We More Secure?
    26th IFIP TC-11 International Information Security Conference (SEC 2011), Luzern (Switzerland), June 7-9, 2011
    [pdf]
  • W. Arsac, L. Compagna, G. Pellegrino, S. E. Ponta
    Security Validation of Business Processes via Model-Checking
    International Symposium on Engineering Secure Software and Systems (ESSoS 2011), Madrid (Spain), February 9-10, 2011
Book chapters
  • A. Armando, R. Carbone, L. Compagna, G. Pellegrino
    Automatic security analysis of SAML-based single sign-on protocols
    Chapter 10 in "Digital Identity and Access Management: Technologies and Framework", Business Science.
    Editors: Raj Sharman R., Das Smith S., Gupta M., December 2011
    [url]
Workshop papers
  • A. Armando, R. Carbone, L. Compagna, K. Li, G. Pellegrino
    Model-checking Driven Security Testing of Web-Based Applications
    International Workshop on Modeling and Detection of Vulnerabilities (MDV 2010), Paris (France), April 10, 2010
    [pdf]