Summary
Dr Sergio Maffeis is a Senior Lecturer in Computer Security. His research interests include cyber security, machine learning, programming languages and formal methods. Maffeis received his Ph.D. from Imperial College London, and his MSc from University of Pisa, Italy.
Research Group: Security & Machine Learning lab.
See also: Personal web page.
Selected Publications
Conference
Al Wahaibi S, Foley M, Maffeis S, 2023, SQIRL: Grey-box detection of SQL injection vulnerabilities using reinforcement learning, USENIX Security, USENIX Security, Pages:6097-6114
Foley M, Maffeis S, 2023, HAXSS: Hierarchical reinforcement learning for XSS payload generation, IEEE TrustCom 2022, IEEE, Pages:147-158
Alageel A, Maffeis S, 2022, EARLYCROW: Detecting APT Malware Command and Control over HTTP(S) Using Contextual Summaries, 25th International Conference, ISC 2022, Springer International Publishing, Pages:290-316
Hanif H, Maffeis S, 2022, VulBERTa: Simplified Source Code Pre-Training for Vulnerability Detection, IEEE International Conference on Fuzzy Systems (FUZZ-IEEE) / IEEE World Congress on Computational Intelligence (IEEE WCCI) / International Joint Conference on Neural Networks (IJCNN) / IEEE Congress on Evolutionary Computation (IEEE CEC), IEEE, ISSN:2161-4393
Rabheru R, Hanif H, Maffeis S, 2022, A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities, 5th IEEE Conference on Dependable and Secure Computing (IEEE DSC), IEEE
Alageel A, Maffeis S, 2021, Hawk-Eye: holistic detection of APT command and control domains, SAC '21: The 36th ACM/SIGAPP Symposium on Applied Computing, ACM, Pages:1664-1673
Zizzo G, Hankin C, Maffeis S, et al., Adversarial attacks on time-series intrusion detection for industrial control systems, The 19th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Institute of Electrical and Electronics Engineers
Hothersall-Thomas C, Maffeis S, Novakovic C, 2015, BrowserAudit: Automated testing of browser security features, 2015 International Symposium on Software Testing and Analysis, Association for Computing Machinery, New York, NY, Pages:37-47
Bodin M, Chargueraud A, Filaretti D, et al., 2014, A Trusted Mechanised JavaScript Specification, 41st Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), Association for Computing Machinery (ACM), Pages:87-100, ISSN:1523-2867
Filaretti D, Maffeis S, 2014, An Executable Formal Semantics of PHP, European Conference on Object-Oriented Programming (ECOOP'14), Pages:120-145
Bhargavan K, Delignat-Lavaud A, Maffeis S, 2013, Language-based defenses against untrusted browser origins, 22nd Usenix Security Symposium, Pages:653-670
Bansal C, Bhargavan K, Delignat-Lavaud A, et al., 2013, Keys to the Cloud: Formal Analysis and Concrete Attacks on Encrypted Web Storage, Conference on Principles of Security and Trust (POST'13), Pages:126-146
Maffeis S, Mitchell JC, Taly A, 2010, Object Capabilities and Isolation of Untrusted Web Applications, Symposium on Security and Privacy, IEEE COMPUTER SOC, Pages:125-140, ISSN:1081-6011
Maffeis S, Mitchell JC, Taly A, 2009, Isolating JavaScript with Filters, Rewriting, and Wrappers, 14th European Symposium on Research in Computer Security (ESORICS 2009), SPRINGER-VERLAG BERLIN, Pages:505-+, ISSN:0302-9743