Giancarlo Pellegrino: Home

Giancarlo Pellegrino
353 Serra Mall
Gates Computer Science Building, Room 495
Stanford CA 94305
US
gpellegrino@cispa.saarland / gpellegrino@stanford.edu
Follow @tgianko

I am a visiting Assistant Professor at Stanford University and Research Group Leader at CISPA (Center for IT Security, Privacy, and Accountability). Before that I was postdoc in the System Security group at CISPA and during my doctoral studies I was member of the S3 group at EURECOM in Sophia-Antipolis (France) under the supervision of Davide Balzarotti. Until August 2013, I worked as researcher associate in the Security and Trust group at the SAP research labs.

News: PhD Positions in Application Security

I am looking for talented Ph.D. students in the area of vulnerability detection, web security, and program analysis. Application instructions here.

Research

I research on multiple aspects of the security of modern application software, in particular on web-based application. While my core research goal is to advance the state of the art of automated vulnerability detection and analysis, I also study the security properties of emerging technologies/trends in application software.

Current interests:

Vulnerability Detection and Analysis:
- Cross-site request forgery (Deemon [CSS'17])
- Web application scanners and dynamic JavaScript analysis (jAEk [RAID'15])
- Logic vulnerabilities [NDSS'14]
- Server-side requests [RAID '16]
- Web API security (Data leak in ride-hailing services [NDSS'19])
Web Platform Security:
- Web enclaves and trusted user I/O path (Fidelius [IEEESSP'19])
- Internet core services security (Who controls the Internet [WWW'17], the great cannon [WOOT'15])
Deep Learning Systems Security:
- Attacking perceptual ad-blocking [Arxiv'18]
- Detection of adversarial physical attacks [Arxiv'18]

Services

PC member at Usenix Security (2019), ACSAC (2019, 2018, 2017), ASIA CCS (2019), EuroSec (2019), ISC (2019), CARDS (2019), ACM CCS (2018), Usenix WOOT (2018), ACM CCS Poster (2016), IWCC (2016, 2015), DEPEND (2016, 2015), WTMC (2016), STAST (2014), NBiS (2014)
Usenix Security Invited Talks Committee (2019), Publicity chair for ACM CCS (2017),
PC (co-)chair at SECTEST2015
Reviewer for ACM Computing Surveys, IEEE Transactions on Cloud Computing (TCC), and Transactions on Dependable and Secure Computing (TDSC)

Presentations and Talks

Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs, ITASEC Italian Conference on Cybersecurity, Milan, Italy, February 2018
[ slides ]
Compression Bombs Strike Back, BeNeLux OWASP Day 2016, Leuven, Belgium, November 25, 2016
[ slides ]
Compression Bombs Strike Back, OWASP AppSec Europe '16, Rome, Italy, June 27 - July 01, 2016
[ slides ]
Business Logic Vulnerabilities in eCommerce Web Applications, OWASP Europe Tour 2013, Biot Sophia Antipolis, France, June 24, 2013
[ slides