Please follow My GitHub New Web Page. As you will see I have far few hair...

Fabio Massacci


Fabio Massacci
Professor of Cyber Security
PhD in Computer Science, MSc in Computer Engineering, Master in International Relations

University of Trento, Dept. of Information Sciences and Engineering
Via Sommarive 5, 38123 Trento, Italy
Office: +39-0461-28-2086, Email:
Vrije Universiteit of Amsterdam, Department of Computer Science
De Boelelaan 1111, 1081 HV, Amsterdam, Netherlands
Office: +31-20-59-86098,
Where I am:
Now: Smart-Working from home...
on web design and market price:

Welcome in my pre-historic page: no CMS, no CSS, no JS, no PHP, no Tweets, nothing. If you would like a page with fancy inserts, social connections etc. you may want to read what Zuckerberg dixit: your Facebook Friends are worth 10 cents. Plus of course anything else you have there (2012 figure in US Dollars).

Our new paper on Stakeholders' opinions on European Cybersecurity policies and priorities for fundings (it's short read it and you'll be surprised).
ICSE'19 Journal First (TSE) on Screening Test for Vulnerabilities (spoiler in some cases you shouldn't worry).
ESEM'18 paper on Counting Vulnerabilities that matter (SPoiler several papers generate threat inflation).
On the same topic, see also our paper on the The work averse attacker in which we adapt and empirically apply Stokey's model to cyber attackers (Appearead at WEIS'17) and show that the all powerful attacker advocated by most is actually wrong...
Our IEEE Security and Privacy Symposium (aka Oakland) paper on FuturesMEX showing that is is actually possible to implement a distributed, secure Futures Exchange (we are not as performant as the Chicago Mercantile Exchange but for having spend 1K$ rather than 30M$ we are not that bad...). See also the YouTube video.

A Political Statement
On a staged massacre of activits in the Philippines by Army and the Police. This seems at odd with a professor's job except this time I know a name on the list...
See also UNITN Security Group Wiki
Data and models for vulnerabilities and exploits in the wild
Security economics
Empirical validation of risk and security methodologies
Security testbeds and malware analysis
Less Active
Modelling Security Requirements Engineering (Now I do experiments on SRE)
Logical Cryptanalysis or Crypto with SAT for representing crypto-problems as logical problems (See for new ongoing development as well). I have some new interest in this so if you are interested drop me an email.
Security-by-Contract for Mobile and Smart Card
Practical Enforcement of Information Flow Properties
Cryptographic Protocol Verification. See Larry Paulson's SET protocol page for the papers and the proof scripts).
Automated Reasoning for Modal, Description and Security Logics
2015: Ten Years Most Influential Paper Award at IEEE Requirements Engineering Conference] for our paper on Modeling security requirements through ownership, permission and delegation. You can read our pre-print copy or see our presentation at RE'15.
2001: AI*IA - Marco Somalvico Career Award for Young Researchers in AI by the Italian Association for Artificial Intelligence
Our research on risk reduction for vulnerability assessment made its way to the world standard Common Vulnerability Scoring System (CVSS) v3. You can see our Black Hat'13 presentation read the full paper on ACM TISSEC (Comparing Vulnerability Severity and Exploits Using Case-Control Studies) or our pre-print copy.
See the recent development of an intellectual child of mine: Logical Cryptanalysis was instrumental to break SHA-1
Ph.D. Students
Ivan Pashchenko on experimental comparison of static analysis methods for vulnerability analysis 2nd Place at ESEC/FSE 2017 SRC Graduate Competition
Chan Nam Ngo on FinTech and distributed transactions systems
Duc Ly on using Machine Learning to identify vulnerabilities fixes or exploits - Marie Curie Fellowship
Ganbayar Uuganbayar on models for cyberinsurance (Co-funded by CNR - Marie Curie Fellowship with CNR)

What makes research active is the presence of PhD students. If you are interested, contact me but before doing so please read R.T. Azuma's guide (in particular the sections on graduate student as a job, and contacting perspective advisors). I recommend doing first a 1 year research fellowship with us before the PhD. Forward your cv and 1 page research statement to security.positions.disi @ Do not write to me generic emails. Always send your cv to the email above first.
Apply Now to the SchoolYou can also directly apply to the ICT PhD School and mention in the research proposal and in the motivation letter that you are interested in working with me.

We are hiring! We have positions both as post-doctoral researcher and research assistant professor (the latter is still soft money but you are a faculty for three years (renewable for 2 more) so it takes around 4-5 months for setting it up). You can write to me but make sure to write to security.positions.disi @ as well. If you contact us before August of each year (and we decide to hire you) we will also help you to write a Marie Curie Application to start having your own independent funding.
Former Students
Luca Allodi [Assistant Professor at TU Eindhoven], University of Trento, Best PhD Award, CVSS SIG Voting Member
Natalia Bielova [Researcher @ INRIA]
Stanislav Dashevsky [Post-doc @ Uni. Luxembourg]
Hristo Koshutanski [Researcher at ATOS Research and Innovation, Spain]
Katsiaryna Labunets [Post-doctoral Researcher @ TU Delft]
Katsiaryna Naliuka [Software Engineer @ Google]
Minh Ngo [Post Doc @ INRIA]
Viet Hung Nguyen [System architect @ Bosch]
Nataliya Rassadko [Senior Developer @ GPI]
Le Minh Sang Tran [Quantitative Researcher @ WorldQuant ], CAiSE PhD Award 2016
Ida SR Siahaan [Post-doc @ University of Napoli]
Artiom Yautsiukhin [Researcher @ CNR Pisa]
Nicola Zannone [Associate Prof @ TU Eindhoven], IEEE RE'2015, 10 years most influential paper in Requirements Engineering
Former Post-docs
Yudis Asnar, from Univ. of Trento [Professional Consultant @ STIKP Indonesia].
Nicola Dragoni from Univ. of Bologna [Associate Prof @ DTU - Denmark, and Full Professor @ Oregro, Sweden].
Olga Gadyatskaya, from Univ. of Novosibirsk [Research associate @ Univ. of Luxembourg]
Jing Nie, from Durham Business School [Assistant Professor @ University of International Business and Economics (UIBE) in Beijing]
Stephan Neuhaus, from Saarland Univ. [Dozent @ Univ of Applied Sciences Zurich]
Federica Paci, from Univ. of Milano and Purdue [Lecturer @ Southampton]
Ayda Saidane, from Supelec [Security Consultant @ Revenue Quebec]
Woohyun Shim, from Michigan State Univ. [Associate Research Fellow @ Korea Institute for Public Administration]
Recent publications on the Group's Wiki, and old Publications
Google Scholar and Elsevier's Scopus
My Erdös number is 3
Research Grants
EU-H2020-Pilot-CyberSec4Europe Cyber Security for Europe. One of the four pilots to experiments wih the Governance of the EU Cyber Security Center and Network of National Centers - 500K
EIT-UNBIAS (Universal Network for Better Invoice Attribute Sharing), EIT Innovatioon Project with Innopay (NL) - 150K
EU-H2020-CSA-OPTICS-2 (Is Europe performing the right safety and security research?) - 90K
IND-Filiera Sicura Industry Project with CISCO on Secure Supply Chain - 250K
EU-SESAR-WPE-EMFASE (Empirical Framework for Security Design and Economic Trade-Off), EU Coordinator 600KEuro (UNITN - 200K)
IT-MIUR-PRIN-TENACE (Security of Critical Infrastructure) - 90K
EU-FP7-SEC-CP-SECONOMICS (Security Meets Socio-Economics), EU Coordinator - 3MEuro (UNITN - 600K)
EU-FP7-CSA-SECCORD (SECurity and trust COoRDination and enhanced collaboration) - 110K
EU-FP7-FET-IP-SECURECHANGE (Security Engineering for lifelong Evolvable Systems), EU Coordinator - 5.1MEuro (UNITN - 500K)
EU-FP7-CSA-EFFECTSPLUS (European Framework for Future internet compliance, Trust, security and Privacy through effective clustering) - 80K
EU-FP6-IP-MASTER (Managing Assurance, Security and Trust for Services) - 900K
EU-FP6-IP-SERENITY (Security and Dependability Engineering) - 600KE
EU-FP6-STREP-S3MS (Security and Services for Mobile Systems), EU Coordinator - 2.4MEuro (UNITN - 300K)
IT-PAT-MOSTRO (Modeling Security and Trust Relationships within Organizations) - 88K
Grant before 2005: ASI-DOVES (A Platform for Enabling on Board Autonomy), EU-IST-FET WASP (Working Group on Answer Set Programming), MIUR-FIRB ASTRO (Knowledge Level Software Engineering), MIUR-FIRB (Security Protocols Verification), EU-NoE-E-NEXT (Network of Excellence E-Next)
Courses at UNITN
Official Page of the Master in Computer Science and Engineering (Program is taught in English to a mixed audience of Italian and International students).
Our Security and Privacy EIT Curriculum in the framework of the EIT Digital Master School
University Administration
2017-now: Deputy Head of School of Information Engineering and Coordinator of the entire offering on ICT in Trento.
2011-2012: Vice-Director for Education- Italian Node of EIT Digital
2005-2011: Coordinator of the Computer Science Degree Programme
2002-2009: Deputy Rector for ICT Procurements and Services for 7 years managing a staff of 70+ people and 5MEuro/year budget. Being on the customer side of IT changed by view of what CS should do.
Other Activities
1995: International habilitation as United Nation Officer (Level P2)
1992-1997: European Executive Board Member and European Treasurer of Service Civil International.
If you think that is strange, I have been also strongly involved in the sector of International Voluntary Service Organizations. Read an essay written for a post-degree Foreign Relations course by the Italian Minister of Foreign Affairs. I advocated a different relationship between Western Democracies and Militant Islam, rather than funding conservative islamist leaders (like Saddam Hussein or Saudi princes) to bash communists. History proved me right. Download it in Postscript.
I met my wife (Beatrice De Blasi) while working in the NGO sector.
My Favourite Quotes
According to the university, the duties of professors are 50% administration, 50% teaching, 50% research. Order is relevant. (Moshe Vardi)
I'm on holiday at the moment, so not supposed to be reading my email. (Bashar Nuseibeh)
Data is the new gold, but maybe is the new asbestos (Participant at Cambridge Risk Seminar)
Information for Students
Both BSc and MSc theses are available and some research and industry internships. Come and see me in person (after class is best).
Click for Instructions for Recommendation Letters