Alessandro Sorniotti, PhD
Short Bio
Alessandro is a research staff member at IBM Research. His research focuses on system security and blockchain. Prior to joining IBM, he was a member of the Security&Trust research program of SAP Research. He has been engaged in several EU projects including Avantssar (formal validation of security properties in service-oriented infrastructures) and TClouds (security and reliability in cloud computing). He has also been a member of the SAP Product Security Team, acting as an internal security consultant for SAP business units.
Alessandro holds a PhD in applied cryptography from EURECOM and Telecom ParisTech (former Ecole Nationale Supérieure des Télécommunications, Paris) and a double MSc degree from Politecnico di Torino (Turin, Italy) in Computer Science and from EURECOM in Networking.
Publications
Full list of publications:
[DBLP]
[Google Scholar]
Selected Publications
- Hesse, Julia; Singh, Nitin; Sorniotti, Alessandro
How to Bind Anonymous Credentials to Humans
USENIX Security Symposium 2023
[Download PDF file]
- Sorniotti, Alessandro; Weissbacher, Michael; Kurmus, Anil
Go or No Go: Differential Fuzzing of Native and C Libraries
2023 IEEE Security and Privacy Workshops
[Download PDF file]
- Bootle, Jonathan; Lyubashevsky, Vadim; Nguyen, Ngoc Khanh; Sorniotti, Alessandro
A Framework for Practical Anonymous Credentials from Lattices
CRYPTO 2023
[Download PDF file]
- De Feo, Luca; Poettering, Bertram; Sorniotti, Alessandro
On the (In)Security of ElGamal in OpenPGP
The 28th ACM Conference on Computer and Communications Security (CCS'21)
[Download PDF file]
Best Paper Award
- Mambretti, Andrea;Sandulescu, Alexandra; Sorniotti, Alessandro; Robertson, William; Kirda, Engin; Kurmus, Anil
Bypassing memory safety mechanisms through speculative control flow hijacks
EuroS&P 2021
[Download PDF file]
- Mambretti, Andrea; Convertini, Pasquale; Sorniotti, Alessandro; Sandulescu, Alexandra; Kirda, Engin; Kurmus, Anil
GhostBuster: understanding and overcoming the pitfalls of transient execution vulnerability checkers
SANER 2021
[Download PDF file]
- Bhattacharyya, Atri; Sandulescu, Alexandra; Neugschwandtner, Matthias; Sorniotti, Alessandro; Falsafi, Babak; Payer, Mathias; Kurmus, Anil
SMoTherSpectre: exploiting speculative execution through port contention
The 26th ACM Conference on Computer and Communications Security (CCS'19).
[Download PDF file]
- Mambretti, Andrea; Neugschwandtner,Matthias; Sorniotti, Alessandro; Kirda, Engin; Robertson, William; Kurmus. Anil
Speculator: A Tool to Analyze Speculative Execution Attacks and Mitigations
35th Annual Computer Security Applications Conference (ACSAC'19).
[Download PDF file]
- Andrea Mambretti, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Anil Kurmus
Two methods for exploiting speculative control flow hijacks.
WOOT @ USENIX Security Symposium 2019
[Download PDF file]
- Jan Camenisch, Angelo De Caro, Esha Ghosh, Alessandro Sorniotti
Oblivious PRF on Committed Vector Inputs and Application to Deduplication of Encrypted Data.
Financial Cryptography 2019.
[Link to publication]
- Matthias Neugschwandtner, Alessandro Sorniotti, Anil Kurmus
Memory Categorization: Separating Attacker-Controlled Data.
DIMVA 2019
[Download PDF file]
- Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, Christopher Ferris, Gennady Laventman, Yacov Manevich, Srinivasan Muralidharan, Chet Murthy, Binh Nguyen, Manish Sethi, Gari Singh, Keith Smith, Alessandro Sorniotti, Chrysoula Stathakopoulou, Marko Vukolic, Sharon Weed Cocco, Jason Yellick
Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains
EuroSys 2018.
[Download PDF file]
- Stanek, Jan; Sorniotti, Alessandro; Androulaki, Elli; Kencl, Lukas
A secure data deduplication scheme for cloud storage
Proc. 18th conference Financial Cryptography and Data Security (FC) 2014.
[Download PDF file]
- Cachin, Christian; Haralambiev, Kristiyan; Hsiao, Hsu-Chun; Sorniotti, Alessandro
Policy-based Secure Deletion
The 20th ACM Conference on Computer and Communications Security (CCS'13), 2013
[Download PDF file]
- Armando, Alessandro; Carbone, Roberto; Compagna, Luca; Cuellar, Jorge; Pellegrino, Giancarlo; Sorniotti, Alessandro
An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations
Computers & Security 33: 41-58 (2013).
[Download PDF file]
- Basescu, Cristina; Cachin, Christian; Eyal, Ittay; Haas, Robert; Sorniotti, Alessandro; Vukolic, Marko; Zachevsky, Ido
Robust data sharing with key-value stores
In Proc. Intl. Conference on Dependable Systems and Networks (DSN), June 2012, Boston, US.
[Download PDF file]
- Di Pietro, Roberto; Sorniotti, Alessandro
Boosting Efficiency and Security in Proof of Ownership for Deduplication
7th ACM Symposium on Information, Computer and Communications Security (AsiaCCS 2012), May 2012, Seoul, Korea.
[Download PDF file]
- Kerschbaum, Florian; Sorniotti, Alessandro
Searchable Encryption for Outsourced Data Analytics
Public Key Infrastructures, Services and Applications - 7th European Workshop, EuroPKI 2010, Athens, Greece, September 23-24, 2010.
[Download PDF file]
- Sorniotti, Alessandro; Molva, Refik
Federated Secret Handshakes with Support for Revocation
Information and Communications Security - 12th International Conference, ICICS 2010, Barcelona, Spain, December 15-17, 2010.
[Download PDF file]
- Sorniotti, Alessandro; Molva, Refik
A provably secure secret handshake with dynamic controlled matching
Computers & Security, December 2009.
[Download PDF file]
- Sorniotti, Alessandro; Molva, Refik
Secret handshakes with revocation support
ICISC 2009, 12th International Conference on Information Security and Cryptology, December 2-4, 2009, Seoul, Korea
[Download PDF file]
- Sorniotti, Alessandro; Molva, Refik
A provably secure secret handshake with dynamic controlled matching
IFIP SEC 2009, 24th International Information Security Conference, May 18-20, 2009, Pafos, Cyprus , pp 330-341
Best Student Paper Award
[Download PDF file]