Alessandro Sorniotti, PhD

Principal Research Scientist IBM Research - Zurich Säumerstrasse 4 CH-8803 Rüschlikon, Switzerland Email: aso at zurich dot ibm dot com Twitter: @sigusr0 Github: @ale-linux

Short Bio

Alessandro is a research staff member at IBM Research. His research focuses on system security and blockchain. Prior to joining IBM, he was a member of the Security&Trust research program of SAP Research. He has been engaged in several EU projects including Avantssar (formal validation of security properties in service-oriented infrastructures) and TClouds (security and reliability in cloud computing). He has also been a member of the SAP Product Security Team, acting as an internal security consultant for SAP business units.

Alessandro holds a PhD in applied cryptography from EURECOM and Telecom ParisTech (former Ecole Nationale Supérieure des Télécommunications, Paris) and a double MSc degree from Politecnico di Torino (Turin, Italy) in Computer Science and from EURECOM in Networking.

Projects

• Take a look at what's keeping us busy in our blog
• I am one of the maintainers of hyperledger fabric

Professional activities

• PC Member of the ACM Conference on Computer and Communications Security (2023, 2024)
• PC Member of the Network and Distributed System Security (NDSS) Symposium (2023, 2024)
• PC Member of the USENIX Security Symposium (2022, 2023, 2024)
• PC Member of the International Conference on Financial Cryptography and Data Security (2022, 2023)
• PC Member of the European Symposium on Research in Computer Security ESORICS (2023, 2024)
• PC Member of the EuroSys conference (2023)
• PC Member of the European workshop on systems security Eurosec (2022, 2023)
• PC Member of the 25th International Symposium on Research in Attacks, Intrusions and Defenses RAID (2022, 2023)
• PC Member of the 16th IEEE Workshop on Offensive Technologies WOOT 2022
• TPC Member of the IEEE International Conference on Blockchain and Cryptocurrency 2019, 2020, 2021
• TPC Member of the IEEE International Conference on Blockchain Blockchain (2019, 2020, 2021)
• TPC Member of the first ACM Workshop on Blockchain, Cryptocurrencies and Contracts (BCC'17) co-located with ASIACCS'17
• TPC Member of the Fifth International Workshop on Security in Cloud Computing (SCC)
• Technical Committee Member of the Computer Communications Editorial Board
• PC Member of the 8th ACM Cloud Computing Security Workshop CCSW'16
• TPC Member of the Third International Workshop on Security in Cloud Computing (SCC 2015) co-located with ASIACCS
• PC member of the 11th and 12th International Conference on Security and Cryptography
• PC member of the 7th, 8th and 9th DPM International Workshop on Data Privacy Management co-located with ESORICS
• TPC member of the Track on Security, Privacy, and Trust (SPT) of the 23rd International Conference on Computer Communications and Networks (ICCCN 2014)
• PC member of the Security Track of the ACM Symposium on Applied Computing in 2013
• TPC member of the Cloud Computing and Networking Symposium, co-located with ICNC 2013
• PC member of the 5th, 6th and 7th International Symposium on Foundations & Practice of Security FPS 2014
• PC member of the Pervasive Cloud, Cluster and Grid Computing track of the 4th International Conference on Emerging Ubiquitous Systems and Pervasive Networks
• TPC member of the Third IEEE International Symposium on Trust and Security in Cloud Computing TSCloud 2013
• TPC member of the Sixth International Conference on Dependability DEPEND 2013

Publications

Full list of publications: [DBLP] [Google Scholar]

Selected Publications

• Hesse, Julia; Singh, Nitin; Sorniotti, Alessandro
  How to Bind Anonymous Credentials to Humans
  USENIX Security Symposium 2023
  [Download PDF file]
  
• 
  
• Sorniotti, Alessandro; Weissbacher, Michael; Kurmus, Anil
  Go or No Go: Differential Fuzzing of Native and C Libraries
  2023 IEEE Security and Privacy Workshops
  [Download PDF file]
  
• 
  
• Bootle, Jonathan; Lyubashevsky, Vadim; Nguyen, Ngoc Khanh; Sorniotti, Alessandro
  A Framework for Practical Anonymous Credentials from Lattices
  CRYPTO 2023
  [Download PDF file]
  
• 
  
• De Feo, Luca; Poettering, Bertram; Sorniotti, Alessandro
  On the (In)Security of ElGamal in OpenPGP
  The 28th ACM Conference on Computer and Communications Security (CCS'21)
  [Download PDF file]
  Best Paper Award
  
• 
  
• Mambretti, Andrea;Sandulescu, Alexandra; Sorniotti, Alessandro; Robertson, William; Kirda, Engin; Kurmus, Anil
  Bypassing memory safety mechanisms through speculative control flow hijacks
  EuroS&P 2021
  [Download PDF file]
  
• 
  
• Mambretti, Andrea; Convertini, Pasquale; Sorniotti, Alessandro; Sandulescu, Alexandra; Kirda, Engin; Kurmus, Anil
  GhostBuster: understanding and overcoming the pitfalls of transient execution vulnerability checkers
  SANER 2021
  [Download PDF file]
  
• 
  
• Bhattacharyya, Atri; Sandulescu, Alexandra; Neugschwandtner, Matthias; Sorniotti, Alessandro; Falsafi, Babak; Payer, Mathias; Kurmus, Anil
  SMoTherSpectre: exploiting speculative execution through port contention
  The 26th ACM Conference on Computer and Communications Security (CCS'19).
  [Download PDF file]
  
• 
  
• Mambretti, Andrea; Neugschwandtner,Matthias; Sorniotti, Alessandro; Kirda, Engin; Robertson, William; Kurmus. Anil
  Speculator: A Tool to Analyze Speculative Execution Attacks and Mitigations
  35th Annual Computer Security Applications Conference (ACSAC'19).
  [Download PDF file]
  
• 
  
• Andrea Mambretti, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Anil Kurmus
  Two methods for exploiting speculative control flow hijacks.
  WOOT @ USENIX Security Symposium 2019
  [Download PDF file]
  
• 
  
• Jan Camenisch, Angelo De Caro, Esha Ghosh, Alessandro Sorniotti
  Oblivious PRF on Committed Vector Inputs and Application to Deduplication of Encrypted Data.
  Financial Cryptography 2019.
  [Link to publication]
  
• 
  
• Matthias Neugschwandtner, Alessandro Sorniotti, Anil Kurmus
  Memory Categorization: Separating Attacker-Controlled Data.
  DIMVA 2019
  [Download PDF file]
  
• 
  
• Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, Christopher Ferris, Gennady Laventman, Yacov Manevich, Srinivasan Muralidharan, Chet Murthy, Binh Nguyen, Manish Sethi, Gari Singh, Keith Smith, Alessandro Sorniotti, Chrysoula Stathakopoulou, Marko Vukolic, Sharon Weed Cocco, Jason Yellick
  Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains
  EuroSys 2018.
  [Download PDF file]
  
• 
  
• Stanek, Jan; Sorniotti, Alessandro; Androulaki, Elli; Kencl, Lukas
  A secure data deduplication scheme for cloud storage
  Proc. 18th conference Financial Cryptography and Data Security (FC) 2014.
  [Download PDF file]
  
• 
  
• Cachin, Christian; Haralambiev, Kristiyan; Hsiao, Hsu-Chun; Sorniotti, Alessandro
  Policy-based Secure Deletion
  The 20th ACM Conference on Computer and Communications Security (CCS'13), 2013
  [Download PDF file]
  
• 
  
• Armando, Alessandro; Carbone, Roberto; Compagna, Luca; Cuellar, Jorge; Pellegrino, Giancarlo; Sorniotti, Alessandro
  An authentication flaw in browser-based Single Sign-On protocols: Impact and remediations
  Computers & Security 33: 41-58 (2013).
  [Download PDF file]
  
• 
  
• Basescu, Cristina; Cachin, Christian; Eyal, Ittay; Haas, Robert; Sorniotti, Alessandro; Vukolic, Marko; Zachevsky, Ido
  Robust data sharing with key-value stores
  In Proc. Intl. Conference on Dependable Systems and Networks (DSN), June 2012, Boston, US.
  [Download PDF file]
  
• 
  
• Di Pietro, Roberto; Sorniotti, Alessandro
  Boosting Efficiency and Security in Proof of Ownership for Deduplication
  7th ACM Symposium on Information, Computer and Communications Security (AsiaCCS 2012), May 2012, Seoul, Korea.
  [Download PDF file]
  
• 
  
• Kerschbaum, Florian; Sorniotti, Alessandro
  Searchable Encryption for Outsourced Data Analytics
  Public Key Infrastructures, Services and Applications - 7th European Workshop, EuroPKI 2010, Athens, Greece, September 23-24, 2010.
  [Download PDF file]
  
• 
  
• Sorniotti, Alessandro; Molva, Refik
  Federated Secret Handshakes with Support for Revocation
  Information and Communications Security - 12th International Conference, ICICS 2010, Barcelona, Spain, December 15-17, 2010.
  [Download PDF file]
  
• 
  
• Sorniotti, Alessandro; Molva, Refik
  A provably secure secret handshake with dynamic controlled matching
  Computers & Security, December 2009.
  [Download PDF file]
• 
  
• Sorniotti, Alessandro; Molva, Refik
  Secret handshakes with revocation support
  ICISC 2009, 12th International Conference on Information Security and Cryptology, December 2-4, 2009, Seoul, Korea
[Download PDF file]

• 
  
• Sorniotti, Alessandro; Molva, Refik
  A provably secure secret handshake with dynamic controlled matching
  IFIP SEC 2009, 24th International Information Security Conference, May 18-20, 2009, Pafos, Cyprus , pp 330-341
  Best Student Paper Award
  
[Download PDF file]

•