Photo

Fabio Massacci
Professor of Cyber Security
PhD in Computer Science, MSc in Computer Engineering, Master in International Relations

University of Trento, Dept. of Information Sciences and Engineering
Via Sommarive 5, 38123 Trento, Italy
Office: +39-0461-28-2086, PA: +39-0461-28-3175, Email: Fabio.Massacci@unitn.it
Where I am now:Vietnam (till 5/12).
Research
UNITN Security Group Wiki
  • Empirical validation of risk and security methodologies
  • Data and models for vulnerabilities and exploits in the wild
  • Security economics
  • Security testbeds and malware analysis
  • Former Research
    Modelling Security Requirements Engineering (Now I do experiments on SRE)
    Security-by-Contract for Mobile and Smart Card
    Practical Enforcement of Information Flow Properties
    Logical Cryptanalysis or Crypto with SAT for representing crypto-problems as logical problems.
    Cryptographic Protocol Verification. See Larry Paulson's SET protocol page for the papers and the proof scripts).
    Automated Reasoning for Modal, Description and Security Logics
    Awards
    2015: Ten Years Most Influential Paper Award at IEEE Requirements Engineering Conference] for our paper on Modeling security requirements through ownership, permission and delegation. You can read our pre-print copy or see our presentation at RE'15.
    2001: AI*IA - Marco Somalvico Career Award for Young Researchers in AI by the Italian Association for Artificial Intelligence
    Impact
    Our research on risk reduction for vulnerability assessment made its way to the world standard Common Vulnerability Scoring System (CVSS) v3. You can see our Black Hat'13 presentation read the full paper on ACM TISSEC (Comparing Vulnerability Severity and Exploits Using Case-Control Studies) or our pre-print copy.
    See the recent development of an intellectual child of mine: Logical Cryptanalysis was instrumental to break SHA-1
    Ph.D. Students
    Ivan Pashchenko on experimental comparison of static analysis methods for vulnerability analysis 2nd Place at ESEC/FSE 2017 SRC Graduate Competition
    Chan Nam Ngo on FinTech and distributed transactions systems
    Silvio Biagioni on experimental measures of operational (cyber) risk
    If you are interested in a PhD make sure to read R.T. Azuma's guide (in particular the sections on graduate student as a job, and contacting perspective advisors). Then apply to the ICT PhD School and mention in the research proposal and in the motivation letter that you are interested in working with me. Forward your complete application to security.positions.disi @ unitn.it. Do not write to me generic emails. Always send your cv to the email above first.
    Post-docs
    Stanislav Dashevsky, on empirical methods for software vulnerabilities
    If you are interested in a Post-doc please send your academic CV to security.positions.disi @ unitn.it. If you do this before August of each year (and we decide to hire you) we will also help you to write a Marie Curie Application that could provide you with your own independent funding.
    Former Students
    Luca Allodi [Assistant Professor at TU Eindhoven], University of Trento, Best PhD Award, CVSS SIG Voting Member
    Natalia Bielova [Researcher @ INRIA]
    Hristo Koshutanski [Co-founder and CTO @ Safe Society Labs S.L., Spain]
    Katsiaryna Labunets [Post-doctoral Researcher @ TU Delft]
    Katsiaryna Naliuka [Software Engineer @ Google]
    Minh Ngo [Post Doc @ INRIA]
    Viet Hung Nguyen [System architect @ Bosch]
    Nataliya Rassadko [Senior Developer @ GPI]
    Le Minh Sang Tran [Quantitative Researcher @ WorldQuant ], CAiSE PhD Award 2016
    Ida SR Siahaan [Post-doc @ AIT, Ireland]
    Artiom Yautsiukhin [Researcher @ CNR Pisa]
    Nicola Zannone [Associate Prof @ TU Eindhoven], IEEE RE'2015, 10 years most influential paper in Requirements Engineering
    Former Post-docs
    Yudis Asnar, from Univ. of Trento [Professional Consultant @ STIKP Indonesia].
    Nicola Dragoni from Univ. of Bologna [Associate Prof @ DTU - Denmark].
    Olga Gadyatskaya, from Univ. of Novosibirsk [Research associate @ Univ. of Luxembourg]
    Jing Nie, from Durham Business School [Assistant Professor @ University of International Business and Economics (UIBE) in Beijing]
    Stephan Neuhaus, from Saarland Univ. [Dozent @ Univ of Applied Sciences Zurich]
    Federica Paci, from Univ. of Milano and Purdue [Lecturer @ Southampton]
    Ayda Saidane, from Supelec [Security Consultant @ Revenue Quebec]
    Woohyun Shim, from Michigan State Univ. [Associate Research Fellow @ Korea Institute for Public Administration]
    Publications:
    Recent publications on the Group's Wiki, and old Publications
    Google Scholar and Elsevier's Scopus
    My Erdös number is 3
    Research Grants
    EU-SESAR-WPE-EMFASE (Empirical Framework for Security Design and Economic Trade-Off), EU Coordinator
    MIUR-PRIN-TENACE (Security of Critical Infrastructure),
    EU-SEC-CP-SECONOMICS (Security Meets Socio-Economics), EU Coordinator, 3MEuro (UNITN approx 600K)
    EU-FET-IP-SECURECHANGE (Security Engineering for lifelong Evolvable Systems), EU Coordinator, 5.1MEuro (UNITN approx 500K)
    EU-IST-IP-MASTER (Managing Assurance, Security and Trust for Services) 920KEuro
    EU-IST-IP-SERENITY (Security and Dependability Engineering) 586KEuro
    EU-IST-STREP-S3MS (Security and Services for Mobile Systems), EU Coordinator, 2.4MEuro (UNITN approx 300K)
    PAT-FU-MOSTRO (Modeling Security and Trust Relationships within Organizations) 81KEuro
    Grant before 2005: ASI-DOVES (A Platform for Enabling on Board Autonomy), EU-IST-FET WASP (Working Group on Answer Set Programming), MIUR-FIRB ASTRO (Knowledge Level Software Engineering), MIUR-FIRB (Security Protocols Verification), EU-NoE-E-NEXT (Network of Excellence E-Next)
    Courses at UNITN
    Official Page of the Master in Computer Science and Engineering (Program is taught in English to a mixed audience of Italian and International students).
    Our Security and Privacy EIT Curriculum in the framework of the EIT Digital Master School
    Other Activities
    2002-2009: Deputy Rector for ICT Procurements and Services for 7 years managing a staff of 70+ people and 5MEuro/year budget.
    1995: International habilitation as United Nation Officer (Level P2)
    1992-1997: European Executive Board Member and European Treasurer of Service Civil International.
    At the ones above seems strange, I have been also strongly involved in the sector of International Voluntary Service Organizations. Read an essay written for a post-degree Foreign Relations course by the Italian Minister of Foreign Affairs. I advocated a different relationship between Western Democracies and Militant Islam, rather than funding conservative islamist leaders (like Saddam Hussein or Saudi princes) to bash communists. History proved me right. Download it in Postscript.
    I met my wife (Beatrice De Blasi) while working in the NGO sector.
    My Favourite Quotes
    According to the university, the duties of professors are 50% administration, 50% teaching, 50% research. Order is relevant. (Moshe Vardi)
    I'm on holiday at the moment, so not supposed to be reading my email. (Bashar Nuseibeh)
    Data is the new gold, but maybe is the new asbestos (Participant at Cambridge Risk Seminar)
    Information for Students
    Both BSc and MSc theses are available and some research and industry internships. Come and see me in person (after class is best).
    Click for Instructions for Recommendation Letters