M.Sc. Tommaso Frassetto

Research Assistant

Mornewegstraße 30
D-64293 Darmstadt

Phone:+49 (0)6151 16 - 25340
Email:tommaso.frassetto(a-t)trust.tu-darmstadt.de (PGP key)



Since 2016

Research Assistant

at CYSEC and Technische Universität Darmstadt, Germany 


M.Sc. Computer Science

at University of Padua, Italy


B.Sc. Computer Science

at University of Padua, Italy


  • Best Poster Award, ICDCS 2017

    Markus Miettinen, Samuel Marchal, Ibbad Hafeez, Tommaso Frassetto, N. Asokan, Ahmad-Reza Sadeghi and Sasu Tarkoma, "IoT Sentinel Demo: Automated Device-Type Identification for Security Enforcement in IoT" In: Proc. 37th IEEE International Conference on Distributed Computing Systems (ICDCS 2017), June 5-8, 2017, Atlanta, Georgia, USA.

Publications (2018)

IMIX: In-Process Memory Isolation EXtension

Tommaso Frassetto, Patrick Jauernig, Christopher Liebchen, Ahmad-Reza Sadeghi
In: 27th USENIX Security Symposium, August 2018

The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX

Andrea Biondo, Mauro Conti, Lucas Davi, Tommaso Frassetto, Ahmad-Reza Sadeghi
In: 27th USENIX Security Symposium, August 2018


Selfrando: Securing the Tor Browser against De-anonymization Exploits

Author Mauro Conti, Stephen Crane, Tommaso Frassetto, Andrei Homescu, Georg Koppen, Per Larsen, Christopher Liebchen, Mike Perry, Ahmad-Reza Sadeghi
Date July 2016
Kind Inproceedings
Book titleThe annual Privacy Enhancing Technologies Symposium (PETS)
Research Areas CASED, CROSSING, CYSEC, CRISP, ICRI-SC, System Security Lab, S2, Secure Things, Solutions
Abstract Tor is a well-known anonymous communication system used by millions of users, including journalists and civil rights activists all over the world. The Tor Browser gives non-technical users an easy way to access the Tor Network. However, many government organizations are actively trying to compromise Tor not only in regions with repressive regimes but also in the free world, as the recent FBI incidents clearly demonstrate. Exploiting software vulnerabilities in general, and browser vulnerabilities in particular, constitutes a clear and present threat to the Tor software. The Tor Browser shares a large part of its attack surface with the Firefox browser. Therefore, Firefox vulnerabilities (even patched ones) are highly valuable to attackers trying to monitor users of the Tor Browser. In this paper, we present selfrando — an enhanced and practical load-time randomization technique for the Tor Browser that defends against exploits, such as the one FBI allegedly used against Tor users. Our solution significantly improves security over standard ASLR techniques currently used by Firefox and other mainstream browsers. Moreover, we collaborated closely with the Tor Project to ensure that selfrando is fully compatible with AddressSanitizer, a compiler feature to detect memory corruption. AddressSanitizer is used in a hardened version of Tor Browser for test purposes. The Tor Project decided to include our solution in the hardened releases of the Tor Browser, which is currently undergoing field testing.
Full paper (pdf)
[Export this entry to BibTeX]
[Back to List-View]

Important Copyright Notice:

The documents contained in these directories are included by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.
A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang