Mariano Ceccato

Short bio:

Mariano Ceccato is associate professor in the Computer Science department in University of Verona, Italy. He was principal investigator of several publicly funded research projects and private industrial research contracts. He received the PhD in Computer Science from the University of Trento in 2006. He is author or coauthor of more than 100 peer-reviewed research papers published in international journals and conferences. He was recently visiting research scientist in University of Luxembourg. His research interests include security testing, penetration testing, code hardening and empirical studies.

Mariano Ceccato

Computer Science department
University of Verona
Strada le Grazie 15 
37134 Verona, Italy

email:    name dot surname at univr dot it
homepage: https://profs.scienze.univr.it/~ceccato/
Institutional page: https://www.di.univr.it/?ent=persona&id=60574&lang=en

Publication list

Journal Papers

Davide Pizzolotto, Stefano Berlato, and Mariano Ceccato. Mitigating debugger-based attacks to java applications with self-debugging. ACM Transactions Software Engineering and Methodology, jan 2024.
Lwin Khin Shar, Biniam Fisseha Demissie, Mariano Ceccato, Yan Naing Tun, David Lo, Lingxiao Jiang, Christoph Bienert, Experimental comparison of features, analyses, and classifiers for Android malware detection. Empirical Software Engineering, Springer, 28(6):1–40, 2023.
Andrea Romdhana, Alessio Merlo, Mariano Ceccato, and Paolo Tonella. Assessing the security of inter-app communications in android through reinforcement learning. Computers & Security, 131:103311, Elsevier, 2023.
Michele Pasqua, Andrea Benini, Filippo Contro, Marco Crosara, Mila Dalla Preda, and Mariano Ceccato. Enhancing ethereum smart-contracts static analysis by computing a precise control-flow graph of ethereum bytecode. Journal of Systems and Software, 200:111653, 2023.
Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta and Silvio Ranise. Empirical Validation on the Usability of Security Reports for Patching TLS Misconfigurations: User- and Case-Studies on Actionable Mitigations Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 13(1):56–86, 2022.
Davide Corradini, Amedeo Zampieri, Michele Pasqua, Emanuele Viglianisi, Michael Dallago, Mariano Ceccato. Automated Black-Box Testing of Nominal and Error Scenarios in RESTful APIs Software Testing, Verification and Reliability, Wiley 32(5):e1808, 2022.
Andrea Romdhana, Alessio Merlo, Mariano Ceccato, Paolo Tonella. Deep Reinforcement Learning for Black-Box Testing of Android Apps. ACM Transactions on Software Engineering and Methodology, 31(4), jul 2022.
Biniam Fisseha Demissie, Mariano Ceccato, Lwin Khin Shar Security Analysis of Permission Re-delegation Vulnerabilities in Android Apps Empirical Software Engineering, Springer, 25:5084-5136, 2020.
Emanuele Viglianisi, Mariano Ceccato, Paolo Tonella A Federated Society of Bots for Smart Contract Testing. Journal of Systems and Software, 168:110647, 2020.
Roberto Fellin and Mariano Ceccato Experimental assessment of xor-masking data obfuscation based on k-clique opaque constants. Journal of Systems and Software, 162:110492, 2020.
Stefano Berlato and Mariano Ceccato A large-scale study on the adoption of anti-debugging and anti-tampering protections in android apps. Journal of Information Security and Applications, 52:102463, 2020.
Alessio Viticchie, Leonardo Regano, Cataldo Basile, Marco Torchiano, Mariano Ceccato, Paolo Tonella Empirical Assessment of the Effort Needed to Attack Programs Protected with Client/Server Code Splitting. Empirical Software Engineering, Springer, 25(1):1-48, Jan 2020.
Mariano Ceccato, Paolo Tonella, Cataldo Basile, Paolo Falcarin, Marco Torchiano, Bart Coppens, and Bjorn De Sutter. Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge. Empirical Software Engineering, Springer, 24(1):240-286, Feb 2019.
Mariano Ceccato, Alessandro Marchetto, Leonardo Marian, Cu D. Nguyen, Paolo Tonella. Do Automatically Generated Test Cases Make Debugging Easier? An Experimental Assessment of Debugging Effectiveness and Efficiency. In ACM Transactions on Software Engineering and Methodology., 25(1):5:1-5:38, Dec. 2015
Mariano Ceccato, Andrea Capiluppi, Paolo Falcarin, and Cornelia Boldyreff. A large study on the effect of code obfuscation on the quality of java code. In Empirical Software Engineering, Springer, 20(6):1486-1524, 2015.
Luca Sabatucci, Mariano Ceccato, Alessandro Marchetto, Angelo Susi. Ahab's legs in scenario-based requirements validation: An experiment to study communication mistakes. In Journal of Systems and Software, 109:124-136. Elsevier. 2015.
Itzel Morales-Ramirez, Anna Perini, Mariano Ceccato. Towards supporting the analysis of online discussions in oss communities: A speech-act based approach. In Information Systems Engineering in Complex Environments, Lecture Notes in Business Information Processing, pages 215-232. Springer, 2015.
Mariano Ceccato, Zheng Li, James R. Cordy Guest editorial for the special issue on source code analysis and manipulation, SCAM 2012. Journal of Software: Evolution and Process, Wiley, 26(6):531-532, 2014.
Mariano Ceccato, Massimiliano Di Penta, Paolo Falcarin, Filippo Ricca, Marco Torchiano, Paolo Tonella. A Family of Experiments to Assess the Effectiveness and Efficiency of Source Code Obfuscation Techniques. In Empirical Software Engineering. An International Journal, volume 19, pages 1040-1074. Springer, 2014.
Andrea Avancini and Mariano Ceccato. Security Oracle Based on Tree Kernel Methods. Volume 379 of Communications in Computer and Information Science pages 30-43. Springer Berlin Heidelberg, 2013.
Andrea Avancini and Mariano Ceccato. Comparison and Integration of Genetic Algorithms and Dynamic Symbolic Execution for Security Testing of Cross-Site Scripting Vulnerabilities. Information and Software Technology, Elsevier. 55(12), pages 2209-2222, 2013.
Mariano Ceccato and Paolo Tonella. Codebender: Remote software protection using orthogonal replacement. IEEE Software, 28(2):28-34, 2011.
Mariano Ceccato, Thomas RoyDean, Paolo Tonella and Davide Marchignoli. Migrating legacy data structures based on variable overlay to java. Journal of Software Maintenance and Evolution-Research and Practice, 22(3):211-237, 2010. John Wiley & Sons.
Filippo Ricca, Massimiliano Di Penta, Marco Torchiano, Paolo Tonella, and Mariano Ceccato. How developers' experience and ability influence web application comprehension tasks supported by uml stereotypes: A series of four experiments. IEEE Transactions on Software Engineering, 36(1):96-118, Jan.-Feb. 2010.
Mariano Ceccato and Paolo Tonella, Dynamic Aspect Mining. IET Software,Vol. 3 No. 4 pp.321-336 (2009).
Paolo Tonella, Mariano Ceccato, Davide Marchignoli, Cristina Matteotti and Thomas Roy Dean, Migrazione di sistemi software legacy. Mondo Digitale, (30):31-39, 2009.
Mariano Ceccato, Thomas Roy Dean and Paolo Tonella. Recovering structured data types from a legacy data model with overlays. Information and Software Technology, 51(10):1454-1468, 2009.
Mariano Ceccato, Mila dalla Preda, Jasvir Nagra, Christian Collberg and Paolo Tonella. Trading-off security and performance in barrier slicing for remote software entrusting. Journal of Automated Software Engineering, Springer. 16(2):235-261, June 2009.
Filippo Ricca, Marco Torchiano, Massimiliano Di Penta, Mariano Ceccato and Paolo Tonella. Using acceptance tests as a support for clarifying requirements: A series of experiments. Information and Software Technology, 51(2):270-283, 2009.
Filippo Ricca, Marco Torchiano, Massimiliano Di Penta, Mariano Ceccato and Paolo Tonella. The use of executable Fit tables to support maintenance and evolution tasks. Electronic Communications of the EASST, 8, 2008.
Filippo Ricca, Massimiliano Di Penta, Marco Torchiano, Paolo Tonella, Mariano Ceccato. How design notations affect the comprehension of Web applications. Journal of Software Maintenance and Evolution: Research and Practice. Vol. 19, n. 5, pp. 339-359. September/October 2007.
David Binkley, Mariano Ceccato, Mark Harman, Filippo Ricca, Paolo Tonella. Tool-Supported Refactoring of Existing Object-Oriented Code into Aspects. IEEE Transactions on Software Engineering. Vol. 32, No. 9, pp. 698-717, September 2006
Mariano Ceccato, Marius Marin, Kim Mens, Leon Moonen, Paolo Tonella, Tom Tourwe. Applying and combining three different aspect Mining Techniques, Software Quality Journal. Volume 14, Issue 3, Sep 2006, Pages 209-231
Paolo Tonella, Mariano Ceccato. Refactoring the Aspectizable Interfaces: an Empirical Assessment. IEEE Transactions on Software Engineering. Vol. 31, n. 10, pp. 819-832. October, 2005.

Book Chapters

Andrea Bisegna, Roberto Carbone, Mariano Ceccato, Salvatore Manfredi, Silvio Ranise, Giada Sciarretta, Alessandro Tomasi and Emanuele Viglianisi. Automated Assistance to the Security Assessment of API for Financial Services in Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures. Edited by John Soldatos, James Philpot and Gabriele Giunta. 2020 pp. 94–103. Now Publishers. DOI: 10.1561/9781680836875.ch6.

Conference Papers

Davide Corradini, Zeno Motolli, Michele Pasqua, Mariano Ceccato. DeepREST: Automated Test Case Generation for REST APIs Exploiting Deep Reinforcement Learning. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering (ase 2024), pages 1383–1394, 2024.
Michele Pasqua, Mariano Ceccato, and Paolo Tonella. Hypertesting of programs: Theoretical foundation and automated test generation. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (icse 2024), pages 1–12, 2024.
Myeongsoo Kim, Davide Corradini, Saurabh Sinha, Alessandro Orso, Michele Pasqua, Rachel Tzoref-Brill, Mariano Ceccato Enhancing REST API testing with NLP techniques. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (issta 2023), pages 1232–1243, 2023.
Fabio Pavanello, Cédric Marchand, Ian O’Connor, Régis Orobtchouk, Fabien Mandorlo, et al. NEUROPULS: NEUROmorphic energy-efficient secure accelerators based on Phase change materials aUgmented siLicon photonicS. In IEEE European Test Symposium (ETS 2023) 2023.
Davide Corradini, Michele Pasqua and Mariano Ceccato. Automated Black-box Testing of Mass Assignment Vulnerabilities in RESTful APIs . In 45th IEEE/ACM International Conference on Software Engineering (ICSE 2023) pages 2557–2568, 2023.
Sebastiano Gaiardelli, Stefano Spellini, Michele Pasqua, Mariano Ceccato, and Franco Fummi. Integrating smart contracts in manufacturing for automated assessment of production quality. In 48th Annual Conference of the IEEE Industrial Electronics Society (IECON 2022), pages 1–6, 2022.
Davide Corradini, Amedeo Zampieri, Michele Pasqua, and Mariano Ceccato. Resttestgen: An extensible framework for automated black-box testing of restful apis. In 2022 IEEE International Conference on Software Maintenance and Evolution (ICSME 2022), pages 504–508, 2022.
Andrea Romdhana, Alessio Merlo, Mariano Ceccato, Paolo Tonella. IFRIT: Focused Testing through Deep Reinforcement Learning In 15th IEEE International Conference on Software Testing, Verification and Validation, ICST 2022, pages 24–34. [Best research paper award]
Davide Corradini, Amedeo Zampieri, Michele Pasqua, and Mariano Ceccato Empirical comparison of black-box test case generation tools for restful apis In 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation SCAM 2021, pages 226-236. IEEE Computer Society., 2021.
Davide Corradini, Amedeo Zampieri, Michele Pasqua, and Mariano Ceccato. Restats: A test coverage tool for restful apis. In 2021 IEEE International Conference on Software Maintenance and Evolution ICSME 2021, pages 594-598. IEEE Computer Society., 2021.
Filippo Contro, Marco Crosara, Mariano Ceccato, Mila Dalla Preda. Ethersolve: Computing an accurate control-flow graph from ethereum bytecode In IEEE/ACM 29th International Conference on Program Comprehension ICPC 2021, pages 127–137, Los Alamitos, CA, USA, may 2021. IEEE Computer Society.
Emanuele Viglianisi, Mariano Ceccato, Paolo Tonella. Summary of: A federated society of bots for smart contract testing In 14th IEEE Conference on Software Testing, Verification and Validation (ICST), pages 282–283, 2021.
Andrea Romdhana, Mariano Ceccato, Gabriel Claudiu Georgiu, Alessio Merlo, Paolo Tonella. Cosmo: Code coverage made easier for Android In 14th IEEE Conference on Software Testing, Verification and Validation (ICST), pages 417–423, 2021.
Lwin Khin Shar, Biniam Fisseha Demissie, Ceccato Mariano, Wei Minn. Experimental comparison of features and classifiers for android malware detection. In Proceedings of the 7th IEEE/ACM International Conference on Mobile Software Engineering and Systems, MOBILESoft 2020, pages 50-60. IEEE/ACM, 2020.
Biniam Fisseha Demissie, Mariano Ceccato. Security testing of second order permission re-delegation vulnerabilities in android apps. In Proceedings of the 7th IEEE/ACM International Conference on Mobile Software Engineering and Systems, MOBILESoft 2020, pages 1-11. IEEE/ACM, 2020.
Mariano Ceccato, Davide Corradini, Luca Gazzola, Fitsum Meshesha Kifetew, Leonardo Mariani, Matteo Orrù, Paolo Tonella. A framework for in-vivo testing of mobile applications. In Proceedings of the 2020 13th IEEE International Conference on Software Testing, Validation and Verification (ICST), ICST 2020, pages 286–296. IEEE Computer Society, 2020.
Maurizio Leotta, Matteo Biagiola, Filippo Ricca, Mariano Ceccato, Paolo Tonella. A family of experiments to assess the impact of page object pattern in web test suite development. In Proceedings of the 2020 13th IEEE International Conference on Software Testing, Validation and Verification (ICST), ICST 2020, pages 263–273. IEEE Computer Society, 2020.
Emanuele Viglianisi, Michael Dallago, Mariano Ceccato. RestTestGen: Automated black-box testing of RESTful APIs. In Proceedings of the 2020 13th IEEE International Conference on Software Testing, Validation and Verification (ICST), ICST 2020, pages 142–152. IEEE Computer Society, 2020. [Best paper award]
Davide Pizzolotto, Roberto Fellin, Mariano Ceccato, Oblive: Seamless code obfuscation for java programs and android apps. In 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019), pages 629-633. IEEE Computer Society, 2019.
Davide Pizzolotto, Mariano Ceccato, Obfuscating java programs by translating selected portions of bytecode to native libraries. In 2018 IEEE 18th International Working Conference on Source Code Analysis and Manipulation, (SCAM 2018), pages 40-49.
Biniam Fisseha Demissie, Mariano Ceccato, Lwin Khin Shar Anflo: Detecting anomalous sensitive information flows in android apps. In 2018 ACM/IEEE 5th International Conference on Mobile Software Engineering and Systems, (MOBILESoft 2018), pages 24-34.
Mariano Ceccato, Paolo Tonella, Cataldo Basile, Bart Coppens, Bjorn De Sutter, Paolo Falcarin, Marco Torchiano. How professional hackers understand protected code while performing attack tasks. In Proceedings of the 25th International Conference on Program Comprehension (ICPC 2017), pages 154-164, Piscataway, NJ, USA, 2017. IEEE Press. [Best paper award] [ACM distinguished paper award]
Roberto Tiella and Mariano Ceccato. Automatic generation of opaque constants based on the k-clique problem for resilient data obfuscation. In 24th International Conference on Software Analysis, Evolution and Reengineering (SANER 2017) , pages 182-192, Feb 2017
Mariano Ceccato, Paolo Falcarin, Alessandro Cabutto, Yosief Weldezghi Frezghi, Cristian-Alexandru Staicu. Search Based Clustering for Protecting Software with Diversified Updates. In Proceedings of the 8th Symposium on Search-Based Software Engineering (SSBSE 2016) , pages 159-175. Springer, 2016.
Alessio Viticchié, Leonardo Regano, Marco Torchiano, Cataldo Basile, Mariano Ceccato, Paolo Tonella, Roberto Tiella. Assessment of Source Code Obfuscation Techniques. In Proceedings of the 16th IEEE International Working Conference on Source Code Analysis and Manipulation, pages 11-20, New York, NY, USA, 2016. IEEE Computer Society.
Mariano Ceccato, Riccardo Scandariato. Static Analysis and Penetration Testing from the Perspective of Maintenance Teams. In Proceedings of the 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurements ESEM 2016. New York, NY, USA, 2016. ACM. Pages 25:1-25:6
Mariano Ceccato, Cu D. Nguyen, Dennis Appelt, Lionel C. Briand. SOFIA: An automated security oracle for black-box testing of sql-injection vulnerabilities. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016, pages 167-177, New York, NY, USA, 2016. ACM. [ACM distinguished paper award]
Bjorn De Sutter, Paolo Falcarin, Brecht Wyseur, Cataldo Basile, Mariano Ceccato, Jerome d'Annoville, Michael Zunke. A reference architecture for software protection. In 13th Working IEEE/IFIP Conference on Software Architecture. (WICSA), pages 291-294, April 2016.
Biniam Fisseha Demissie, Davide Ghio, Mariano Ceccato, Andrea Avancini. Identifying Android inter app communication vulnerabilities using static and dynamic analysis. In Proceedings of the 3rd IEEE/ACM International Conference on Mobile Software Engineering and Systems, MobileSoft '16, pages 255-266. ACM, 2016.
Paolo Tonella, Mairano Ceccato, Bjorn De Sutter, and Bart Coppens. A measurement framework to quantify software protections. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS '14, pages 1505-1507, New York, NY, USA, 2014. ACM.
Andrea Avancini and Mariano Ceccato. Circe: A Grammar-Based Oracle for Testing Cross-Site Scripting in Web Applications. In Proceedings of the 20th Working Conference on Reverse Engineering (WCRE), pages 262-271, Oct 2013.
Cataldo Basile and Mariano Ceccato Towards a unified software attack model to assess software protections. In Proceedings of the 21st International Conference on Program Comprehension (ICPC), pages 219-222. IEEE Computer Society, May 2013.
Mariano Ceccato, Alessandro Marchetto, Anna Perini, Angelo Susi, Liria Veronesi. Do mobile-app users care about privacy?. In 19th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2013), pages 171-175. April 2013.
Mariano Ceccato, Alessandro Marchetto, Leonardo Mariani, Cu D. Nguyen, Paolo Tonella An Empirical Study about the Effectiveness of Debugging When Random Test Cases Are Used. In 2012 34th International Conference on Software Engineering (ICSE), pages 452-462. IEEE Computer Society, 2012.
Andrea Avancini and Mariano Ceccato. Security testing of web applications: a search based approach for cross-site scripting vulnerabilities. In 11th IEEE International Working Conference on Source Code Analysis and Manipulation, pages 85-94. IEEE Computer Society, 2011.
Mariano Ceccato, Paolo Tonella. Static analysis for enforcing intra-thread consistent locks in the migration of a legacy system. In Proceedings of the 26th IEEE International Conference on Software Maintenance (ICSM 2010), Timisoara, Romania, September 2010.
Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo Ricca, Marco Torchiano and Paolo Tonella. The Effectiveness of Source Code Obfuscation: an Experimental Assessment. In Proceedings of the 17th IEEE International Conference on Program Comprehension (ICPC 2009), Vancouver, Canada, 17-19 May 2009. IEEE pp. 178-187.
Mariano Ceccato, Paolo Tonella, Mila Dalla Preda and Anirban Majumdar. Remote software protection by orthogonal client replacement. In D. Shin, editor, Proceedings of the 24th ACM Symposium on Applied Computing (SAC 2009), pages 448-455. ACM SIGAPP, March 2009.
Mario Luca Bernardi, Giuseppe A. Di Lucca, and Mariano Ceccato. Workshop on maintenance of aspect oriented systems. In A. Winter, R. Ferenc and J. Knodel, editor, Proceedings of the 13th European Conference on Software Maintenance and Reengineering (CSMR 2009), pages 273-274. IEEE Computer Society, March 2009.
Mariano Ceccato, Thomas Roy Dean, Paolo Tonella and Davide Marchignoli. Data Model Reverse Engineering in Migrating a Legacy System to Java. In 15th Working Conference on Reverse Engineering, 2008. WCRE `08, Antwerp, Belgium, 15-18 October 2008. IEEE pp. 177-186 (2008).
Mariano Ceccato, Thomas Roy Dean and Paolo Tonella. Using program transformations to add structure to a legacy data model. In Source Code Analysis and Manipulation, 2008 Eighth IEEE International Working Conference on pages 197-206, September 2008.
Filippo Ricca, Massimiliano Di Penta, Marco Torchiano, Paolo Tonella, Mariano Ceccato and Corrado Aron Visaggio. Are Fit tables really talking? a series of experiments to understand whether Fit tables are useful during evolution tasks. In Proceedings of the 30th International Conference on Software Engineering (ICSE 2008), pages 361-370. IEEE Computer Society, 10-18 May 2008.
Mariano Ceccato. Automatic support for the migration towards aspects. In K. Kontogiannis, C. Tjortjis, and A. Winter, editors, Proceedings of the 12th European Conference on Software Maintenance and Reengineering (CSMR 2008), pages 298-301. IEEE Computer Society, April 2008.
Mariano Ceccato, Paolo Tonella, and Cristina Matteotti. Goto elimination strategies in the migration of legacy code to java. In K. Kontogiannis, C. Tjortjis, and A. Winter, editors, Proceedings of the 12th European Conference on Software Maintenance and Reengineering (CSMR 2008), pages 53-62. IEEE Computer Society, April 2008.
Mariano Ceccato, Jasvir Nagra and Paolo Tonella. Distributing trust verification to increase application performance. In D. E. Baz, J. Bourgeois and F. Spies editors, Proc. of the 16th Euromicro Conference on Parallel, Distributed and Network-based Processing (PDP 2008), pages 604-610. IEEE Computer Society, February 2008.
Mariano Ceccato, Yoram Ofek and Paolo Tonella. Remote entrusting by run-time software authentication. In V. Geffert, J. Karhumaki, A. Bertoni, B. Preneel, P. Navrat, and M. Bielikova, editors, Proceedings of the 34th Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM 2008), volume 4910 of Lecture Notes in Computer Science, pages 83-97. Springer, 2008.
Mariano Ceccato. Migrating object oriented code to aspect oriented programming. In proceedings of the 23rd IEEE International Conference on Software Maintenance, 2007 (ICSM 2007) pages 497-498. IEEE Computer Society, October 2007.
Mariano Ceccato, Mila Dalla Preda, Jasvir Nagra, Christian Collberg and Paolo Tonella. Barrier Slicing for Remote Software Trusting, In Proceedings of the Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007). pp.27-36, Sept. 30 2007-Oct. 1 2007. IEEE Computer Society, Washington, DC.
Filippo Ricca, Marco Torchiano, Massimiliano Di Penta, Mariano Ceccato and Paolo Tonella. The use of executable fit tables to support maintenance and evolution tasks. Proceedings of the Third International ERCIM Symposium on Software Evolution (Evol 2007), pages 83-92, October 2007.
Filippo Ricca, Massimiliano Di Penta, Marco Torchiano, Paolo Tonella and Mariano Ceccato. The Role of Experience and Ability in Comprehension Tasks Supported by UML Stereotypes. In Proceedings of the 29th International Conference on Software Engineering (ICSE 2007). pp. 375-384. May, 2007. IEEE Computer Society, Washington, DC.
Filippo Ricca, Massimiliano Di Penta, Marco Torchiano, Paolo Tonella, Mariano Ceccato An empirical study on the usefulness of Conallen's stereotypes in Web application comprehension. Proceedings of the Eighth IEEE International Symposium on Web Site Evolution (WSE'06) pp. 58-68 September, 2006. IEEE Computer Society.
Dave Binkley and Mariano Ceccato and Mark Harman and Filippo Ricca and Paolo Tonella, Automated Refactoring of Object Oriented Code into Aspects, In Proceedings of the 21st IEEE Int. Conf. on Software Maintenance (ICSM 2005). pp. 27-36. September, 2005. IEEE Computer Society, Los Alamitos, California, USA.
Paolo Tonella and Mariano Ceccato, Aspect Mining through the Formal Concept Analysis of Execution Traces, In Proceedings of the IEEE Eleventh Working conference on Reverse Engineering (WCRE 2004). pp. 112-121. November, 2004. IEEE Computer Society, Los Alamitos, California, USA.
Paolo Tonella and Mariano Ceccato, Migrating Interface Implementations to Aspects, In Proceedings of the 20th IEEE Int. Conf. on Software Maintenance (ICSM 2004). Mark Harman and Bogdan Korel (eds.). pp. 220-229. September, 2004. IEEE Computer Society, Chicago, Illinois, USA.

Workshop Papers

Niccolò Marastoni and Mariano Ceccato. Remote attestation of iot devices using physically unclonable functions: Recent advancements and open research challenges. In Proceedings of the 5th Workshop on CPS&IoT Security and Privacy, CPSIoTSec ’23, page 25–36, New York, NY, USA, 2023. Association for Computing Machinery.
Mariano Ceccato, Youssef Driouich, Ruggero Lanotte, Marco Lucchese, Massimo Merro. Towards Reverse Engineering of Industrial Physical Processes In The 3rd International Workshop on Cyber-Physical Security for Critical Infrastructures Protection, (CPS4CIP 2022), Co-located with the 27th European Symposium on Research in Computer Security (ESORICS 2022), Copenhagen, Denmark, 26-30, Sep., 2022.
Salvatore Manfredi, Mariano Ceccato, Giada Sciarretta, Silvio Ranise. Do security reports meet usability? lessons learned from using actionable mitigations for patching tls misconfigurations In The 16th International Conference on Availability, Reliability and Security, ARES 2021, New York, NY, USA, 2021. Association for Computing Machinery.
Robin David, Luigi Coniglio, Mariano Ceccato. Qsynth - a program synthesis based approach for binary code deobfuscation. In Proceedings of the Binary Analysis Research Workshop (BAR 2020), Reston, VA, 2020. Internet Society.
Leonidas Vasileiadis, Mariano Ceccato, Davide Corradini. Revealing malicious remote engineering attempts on Android apps with magic numbers. In Proceedings of the 9th Workshop on Software Security, Protection, and Reverse Engineering (SSPREW9 2019), pages 1:1-1:12, New York, NY, USA, 2019. ACM.
Mariano Ceccato, Luca Gazzola, Fitsum Kifetew, Leonardo Mariani, Matteo Orrù, Paolo Tonella. Towards in-vivo testing of mobile apps. In IEEE International Symposium on Software Reliability Engineering Workshops (GAUSS 2019 Workshop), pages 137-143, Los Alamitos, California, USA, 2019. IEEE Computer Society.
Bjorn De Sutter, Cataldo Basile, Mariano Ceccato, Paolo Falcarin, Michael Zunke, Brecht Wyseur, Jerome d'Annoville. The ASPIRE framework for software protection. In Proceedings of the 2016 ACM Workshop on Software PROtection (SPRO 2016), pages 91-92, New York, NY, USA, 2016. ACM.
Alessio Viticchié, Cataldo Basile, Andrea Avancini, Mariano Ceccato, Bert Abrath, and Bart Coppens. Reactive attestation: Automatic detection and reaction to software tampering attacks. In Proceedings of the 2016 ACM Workshop on Software PROtection (SPRO 2016), pages 73-84, New York, NY, USA, 2016. ACM.
Biniam Fisseha Demissie, Mariano Ceccato, Roberto Tiella. Assessment of data obfuscation with residue number coding. In 2015 IEEE/ACM International Workshop on Software Protection, pages 38-44. IEEE, 2015.
Mariano Ceccato. On the need for more human studies to assess software protection. In ARO Workshop on Continuously Upgradeable Software Security and Protection, pages 55-56, November 2014.
Mariano Ceccato, Alessandro Marchetto, Anna Perini, and Angelo Susi. How smartphone users assess the value/risk trade-off of apps: An observational study. In IEEE Fourth International Workshop on Empirical Requirements Engineering (EmpiRE), 2014, pages 17-24, Aug 2014.
Andrea Avancini and Mariano Ceccato, Security testing of the communication among android applications. In Proceedings of the 8th International Workshop on Automation of Software Test, pages 57–63. IEEE Computer Society, 2013.
Andrea Avancini, Mariano Ceccato, Towards a Security Oracle Based on Tree Kernel Methods. In Proceedings of 2012 Joint Workshop on Intelligent Methods for Software System Engineering, pages 1-4. 2012.
Andrea Avancini, Mariano Ceccato, Grammar Based Oracle for Security Testing of Web Applications. In Proceedings of the 7th International Workshop on Automation of Software Test (AST), pages 15-21. IEEE Computer Society, 2012.
Luca Sabatucci, Mariano Ceccato, Alessandro Marchetto, Angelo Susi. Ahab's leg dilemma: on the design of a controlled experiment. In International Workshop on Empirical Requirements Engineering, pages 69-76, IEEE, 2011.
Andrea Avancini and Mariano Ceccato. Towards security testing with taint analysis and genetic algorithms. In SESS 2010: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, pages 65-71, New York, NY, USA, 2010. ACM.
Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo Ricca, Marco Torchiano and Paolo Tonella. Towards experimental evaluation of code obfuscation techniques. In QoP `08: Proceedings of the 4th ACM workshop on Quality of protection, Alexandria (Virginia), USA, 27 October 2008. ACM pp. 39-46 (2008).
Filippo Ricca, Marco Torchiano, Mariano Ceccato, Paolo Tonella. Talking Tests: an Empirical Assessment of the Role of Fit Acceptance Tests in Clarifying Requirements Prooceedings of 9th International Workshop On Principles of Software Evolution (IWPSE 2007) pp 51-58, September 2007. Dubrovnik, Croatia.
Mariano Ceccato and Marius Marin and Kim Mens and Leon Moonen and Paolo Tonella and Tom Tourwe, A Qualitative Comparison of Three Aspect Mining Techniques. Proceedings of the 13th International Workshop on Program Comprehension (IWPC 2005). pp. 13-22. May, 2005. IEEE Computer Society, Washington, DC, USA.
Dave Binkley and Mariano Ceccato and Mark Harman and Paolo Tonella, Automated Pointcut Extraction. In on-line Proceedings of the First Linking Aspect Technology and Evolution Workshop (LATE 2005). March, 2005. Chicago, Illinois.
Mariano Ceccato and Paolo Tonella and Filippo Ricca, Is AOP code easier or harder to test than OOP code?. In on-line Proceedings of the First Workshop on Testing Aspect-Oriented Programs (WTAOP 2005). March, 2005. Chicago, Illinois.
Mariano Ceccato and Paolo Tonella, Measuring the Effects of Software Aspectization. In Cd-rom Proceedings of the 1st Workshop on Aspect Reverse Engineering (WARE 2004). November, 2004. Delft, The Netherlands.
Mariano Ceccato and Paolo Tonella, Adding Distribution to Existing Applications by means of Aspect Oriented Programming. In Proceedings of the 4th IEEE Int. Workshop on Source Code Analysis and Manipulation (SCAM 2004). Rainer Koschke and Michael Van de Vanter (eds.). pp. 107-116. September, 2004. IEEE Computer Society, Chicago, Illinois, USA.