Sep 16, 2015: RFC 7627: my proposal to prevent the Triple Handshake attacks on TLS becomes an Internet standard.
Home Page
Alfredo PirontiCyber Security Specialiste-mail: alfredo at pironti.eu (where 'at' stands for '@') |
|
News
Aug 10, 2015: My paper on FlexTLS: a tool for testing TLS implementations won the Best Paper award at WOOT 15.
Jun 25, 2015: RFC 7568: my proposal to deprecate SSL 3.0 in favor of TLS becomes an Internet Standard.
May 20, 2015: My paper on state machine flaws in TLS implementations won the Distinguished Paper award at IEEE S&P 15.
Feb 11, 2015: My paper on compound authentication appeared at NDSS 15.
Short Bio and Research
I am a cyber security specialist and security researcher in formal methods for security protocol implementations and security-aware applications. My current research interests include traffic analysis and side channel analysis; I recently focused on miTLS, a verified implementation of the TLS security protocol in the computational model of cryptography, via refinement types. I was a member of the Prosecco research group at INRIA and of the Secure Distributed Computing project at the MSR-INRIA Joint Centre. My main collaborators are Karthikeyan Bhargavan, Cédric Fournet, Markulf Kohlweiss and Pierre-Yves Strub.
I received my PhD in 2010 at Politecnico di Torino, supervised by Riccardo Sisto. During my PhD I co-developed a framework, called spi2java, that allows to semi-automatically generate Java implementations of security protocols formally specified in the spi calculus language.
For half a year, I have been a visiting PhD student at the Microsoft Research Centre, Cambridge, UK, and the Open University, UK, supervised by Jan Jürjens. During my visit, I developed novel formally-based methodologies to design and develop monitors for legacy security protocols implementations.
I am a member of the CryptoForma network, aimed at bridging the gap between symbolic and computational formal methods.