Simone Nicchi scite author profile

Simone Nicchi

5Publications

9Citation Statements Received

173Citation Statements Given

How they've been cited

How they cite others

127

173

Affiliations

Sapienza University of Rome

Publications

Order By: Most citations

SymNav: Visually Assisting Symbolic Execution

Angelini

Blasilli

Borzacchiello

et al. 2019

View full text Add to dashboard Cite

Modern software systems require the support of automatic program analyses to answer questions about their correctness, reliability, and safety. In recent years, symbolic execution techniques have played a pivotal role in this field, backing research in different domains such as software testing and software security. Like other powerful machine analyses, symbolic execution is often affected by efficiency and scalability issues that can be mitigated when a domain expert interacts with its working, steering the computation to achieve the desired goals faster. In this paper we explore how visual analytics techniques can help the user to grasp properties of the ongoing analysis and use such insights to refine the symbolic exploration process. To this end, we discuss two real-world usage scenarios from the malware analysis and the vulnerability detection domains, showing how our prototype system can help users make a wiser use of symbolic exploration techniques in the analysis of binary code.

show abstract

Designing Robust API Monitoring Solutions

D’Elia

Nicchi

Mariani

et al. 2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Tracing the sequence of library calls and system calls that a program makes is very helpful to characterize its interactions with the surrounding environment and, ultimately, its semantics. However, due to the entanglements of real-world software stacks, accomplishing this task can be surprisingly challenging as we take accuracy, reliability, and transparency into the equation. In this article, we identify six challenges that API monitoring solutions should overcome in order to manage these dimensions effectively and outline actionable design points for building robust API tracers that can be used even for security research. We then detail and evaluate SNIPER, an open-source API tracing system available in two variants based on dynamic binary instrumentation (for simplified in-guest deployment) and hardware-assisted virtualization (realizing the first general user-space tracer of this kind), respectively.

show abstract

Experience of practitioners and delivery outcome

2013

View full text Add to dashboard Cite

show abstract

SoK

D’Elia

Coppa

Nicchi

et al. 2019

View full text Add to dashboard Cite

Dynamic binary instrumentation (DBI) techniques allow for monitoring and possibly altering the execution of a running program up to the instruction level granularity. The ease of use and flexibility of DBI primitives has made them popular in a large body of research in different domains, including software security. Lately, the suitability of DBI for security has been questioned in light of transparency concerns from artifacts that popular frameworks introduce in the execution: while they do not perturb benign programs, a dedicated adversary may detect their presence and defeat the analysis. The contributions we provide are twofold. We first present the abstraction and inner workings of DBI frameworks, how DBI assisted prominent security research works, and alternative solutions. We then dive into the DBI evasion and escape problems, discussing attack surfaces, transparency concerns, and possible mitigations. We make available to the community a library of detection patterns and stopgap measures that could be of interest to DBI users. CCS CONCEPTS • Security and privacy → Systems security; Intrusion/anomaly detection and malware mitigation; Software reverse engineering; Software security engineering.

show abstract

Designing Robust API Monitoring Solutions

D’Elia¹,

Nicchi²,

Mariani³

et al. 2020

Preprint

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Simone Nicchi

SymNav: Visually Assisting Symbolic Execution

Designing Robust API Monitoring Solutions

Experience of practitioners and delivery outcome

SoK

Designing Robust API Monitoring Solutions

Contact Info

Product

Resources

About