Serena Elisa Ponta

Orcid: 0000-0002-6208-4743

According to our database1, Serena Elisa Ponta authored at least 34 papers between 2009 and 2023.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

On csauthors.net:

Bibliography

2023
Journey to the Center of Software Supply Chain Attacks.
IEEE Secur. Priv., 2023

The Hitchhiker's Guide to Malicious Third-Party Dependencies.
Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, 2023

On the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPI.
Proceedings of the Annual Computer Security Applications Conference, 2023

2022
Vuln4Real: A Methodology for Counting Actually Vulnerable Dependencies.
IEEE Trans. Software Eng., 2022

Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite.
IEEE Trans. Software Eng., 2022

Identifying Challenges for OSS Vulnerability Scanners - A Study & Test Suite (Short Summary).
Proceedings of the Software Engineering 2022, 2022

Towards the Detection of Malicious Java Packages.
Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, 2022

Risk Explorer for Software Supply Chains: Understanding the Attack Surface of Open-Source based Software Development.
Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, 2022

2021
The Used, the Bloated, and the Vulnerable: Reducing the Attack Surface of an Industrial Application.
Proceedings of the IEEE International Conference on Software Maintenance and Evolution, 2021

2020
Detection, assessment and mitigation of vulnerabilities in open source dependencies.
Empir. Softw. Eng., 2020

Code-Based Vulnerability Detection in Node.js Applications: How far are we?
Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering, 2020

2019
A manually-curated dataset of fixes to vulnerabilities of open-source software.
Proceedings of the 16th International Conference on Mining Software Repositories, 2019

2018
Beyond Metadata: Code-Centric and Usage-Based Analysis of Known Vulnerabilities in Open-Source Software.
Proceedings of the 2018 IEEE International Conference on Software Maintenance and Evolution, 2018

Vulnerable open source dependencies: counting those that matter.
Proceedings of the 12th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, 2018

2017
Automatically finding execution scenarios to deploy security-sensitive workflows.
J. Comput. Secur., 2017

Aegis: Automatic Enforcement of Security Policies in Workflow-driven Web Applications.
Proceedings of the Seventh ACM Conference on Data and Application Security and Privacy, 2017

2016
Cerberus: Automated Synthesis of Enforcement Mechanisms for Security-Sensitive Business Processes.
Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems, 2016

Modular Synthesis of Enforcement Mechanisms for the Workflow Satisfiability Problem: Scalability and Reusability.
Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies, 2016

2015
Modularity for Security-Sensitive Workflows.
CoRR, 2015

Security Threat Identification and Testing.
Proceedings of the 8th IEEE International Conference on Software Testing, 2015

Impact assessment for vulnerabilities in open-source software libraries.
Proceedings of the 2015 IEEE International Conference on Software Maintenance and Evolution, 2015

Assisting the Deployment of Security-Sensitive Workflows by Finding Execution Scenarios.
Proceedings of the Data and Applications Security and Privacy XXIX, 2015

2014
Model checking authorization requirements in business processes.
Comput. Secur., 2014

Increasing Trust in the Cloud through Configuration Validation.
Proceedings of the On the Move to Meaningful Internet Systems: OTM 2014 Workshops, 2014

2013
Modeling and Reasoning about Business Processes under Authorization Constraints: A Planning-Based Approach.
Proceedings of the Twenty-Third International Conference on Automated Planning and Scheduling, 2013

2012
An action-based approach to the formal specification and automatic analysis of business processes under authorization constraints.
J. Comput. Syst. Sci., 2012

The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures.
Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems, 2012

Detection of Configuration Vulnerabilities in Distributed (Web) Environments.
Proceedings of the Security and Privacy in Communication Networks, 2012

Configuration Assessment as a Service.
Proceedings of the Data Privacy Management and Autonomous Spontaneous Security, 2012

2011
Security validation tool for business processes.
Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, 2011

Towards Formal Validation of Trust and Security in the Internet of Services.
Proceedings of the Future Internet, 2011

Security Validation of Business Processes via Model-Checking.
Proceedings of the Engineering Secure Software and Systems - Third International Symposium, 2011

2009
Formal Specification and Automatic Analysis of Business Processes under Authorization Constraints: An Action-Based Approach.
Proceedings of the Trust, 2009

Model Checking of Security-Sensitive Business Processes.
Proceedings of the Formal Aspects in Security and Trust, 6th International Workshop, 2009


  Loading...