Fabio Massacci Home Page
Affiliation
Università di Trento and in particular
Current position
- Professor at Univ. of Trento
In the recent past I have been
- vide-director for Education ICTLabs - Trento Node - European Institute for Innovation and Technology (1 year and was enough)
- guest Scientist at SINTEF (Enforce and DIGIT Project) for 6 years
- deputy rector for ICT procurement (7 years, 2 rectors, 2 general directors, managing 70+ staff members and 3MEuro/yearly budget, being a "customer" of IT was unvaluable).
News
Do you remember vulnerability discovery models? Ross Anderson invented one, E. Rescorla some others, Alzhami and Malaya some more.
Well, the short info is that they don't work (on browsers). We tested them on IE, FF, GC for an history of more than 6 years. See our ASIACCS'12 paper (Viet's page).
We have been able to have a security-by-contract checker run on a smart-card. It checks that your javacard applet doesn't call shareable interfaces
it is not authorized to call at load time. So no need of run-time checks. See our Bytecode'12 paper (olga's page).
Check RE or ICSE and you will find lots of people talking about Security Requirements Engineering. Do they really work? We tested them with 30+ security & audit practictioners in the eRISE Risk and Security Requirements challenge.
Have a look on the e-RISE web site. We are going to do again in 2012.
Last but not least see our work on predictability of enforcement mechanisms (Nataliia Bielova's page).
My favourite quotes:
- According to the university, the duties of professors are 50% adiministration, 50% teaching, 50% research. Order is relevant. (Moshe Vardi)
- I'm on holiday at the moment, so not supposed to be reading my email. (Bashar Nuseibeh)
- If you use a free service, you are not the customer, you are the product being sold. (Krishna Ksheerabdhi)
Research Interests
A superzipped version of my research topics are:
- Empirical methods for security research and security metrics
- Security-by-Contract for mobile and embedded systems
- Security Requirements Engineering and NESSOS E-RISE CHallenge
- Enforcement, audit and accountability
- Automated Reasoning and verification
My current (=Feb/2012) h-index is 30 according to Google Scholar and 13 according to Scopus. My Erdös
number is 3 (for the moment).
Conferences and Journals
- Journal Associate Editor:
- International Journal of Information Security
- Journal Special Issue:
- Journal of Computer Security: Special Issue on EU Funded Research, Science of Computer Programming: special issue on security and Trust
- Steering Committee Member of Conferences:
- International Symposium on Engineering Secure Software and Systems (ESSoS)
In cooperation with ACM SIGSAC and SIGSOFT and IEEE TCSP. We are now at the forth edition.
I also started the ACM MetriSec workshop (Before Quality of Protection).
- Conference Chair:
- IJCAR-2001, iTrust-2005
- PC-Chair:
- NTMS-2008, ESSoS-2009, ESSOS-2010, IEEE SSIRI
- PC member:
- too many to track them.
Past Research
The Interactive access control project.
The Logical Cryptanalysis or Crypto with SAT for representing crypto-problems as logical problems.
Cryptographic Protocol Verification
Modal and Description Logics
Publications
Check
See also
Talks and Video
Security in Ambient Assisted Living: MPEG (148MB) or AVI (201MB) format.
Research Grants
- EU-SEC-CP-SECONOMICS - Security Economics (Coordinator) - 3MEuro (Trento approx 600K)
- EU-FET-IP-SECURECHANGE - Security Engineering for lifelong Evolvable Systems (Coordinator) - 5.1MEuro (Trento approx 500K)
- EU-IST-IP-MASTER - Managing Assurance, Security and Trust for Services - 920KEuro
- EU-IST-IP-SERENITY - Security and Dependability Engineering - 586KEuro
- EU-IST-STREP-S3MS - Security and Services for Mobile Systems (Coordinator) - 2.4MEuro (Trento approx 300K)
- PAT-FU-MOSTRO - Modeling Security and Trust Relationships within Organizations - 81KEuro
- SENSORIA - Software Engineering for Service-Oriented Overlay Computers - Closed
- ASI-DOVES - A Platform for Enabling on Board Autonomy - Closed
- EU-IST-FET WASP - Working Group on Answer Set Programming - Closed
- MIUR-FIRB ASTRO - Knowledge Level Software Engineering - Closed
- MIUR-FIRB - Security Protocols Verification - Closed
- EU-NoE-E-NEXT - Network of Excellence E-Next - Closed
PhD Students, Post-docs, Alumni
Current PhD Students
- Viet Hung NGUYEN on empirical security metrics of evolving systems.
- Le Minh Sang TRAN on Evolving Security Requirements (with John Mylopoulos) [Now visiting K. Stolen at SINTEF]
- Anton PHILIPPOV on security-by-contract for Web Services.
- Tong LI
on Evolving Security Requirements (with John Mylopoulos).
Luca ALLODI on economics models of cybercryme.
Minh NGO on Information flow for the browser.
Valentina PULICE on hardware trojans (With Max Sala).
Current Post-docs
Former PhD students
- Natalia Bielova on enforcement and compliance [Post-doc @ INRIA - Rennes]
- Hristo Koshutanski PhD on interactive access control. [Researcher @ University of Malaga, Spain]
- Nicola Zannone PhD on Security Requirements Engineering [Tenure Track Ass. Prof @ Tech. Univ. Eindhoven.]
- Artiom Yautsiukhin PhD on Security Engineering and Security Metrics [Researcher @ CNR Pisa]
- Ida SR Siahaan on automata modulo theory for mobile code [Post-doc @ Univ. of Calgary]
- Katsiarina Naliuka PhD on run-time monitors for mobile code security. [Engineer @ Google CH]
- Nataliya Rassadko PhD on XML/BP Security Views [Post-doc @ FBK].
Former Post-Docs
Other Connections...
MSc/MEng Thesis
Both BSc and MSc theses are available and some internships.
More details here on the Thesis Web Page of the University.
Research internship and PhD studies
I do not normally take research interns unless s/he is somebody who wants to do a PhD with me.
If you you would like to apply for a PhD in Trento, you'll be pleasantly
surprised that we run everything in English and that you don't have to
come to Trento for the admission exam. For further information, visit the International Graduate School in Information and Communication Technologies web site or download this presentation (not really meant for prospective students but you get an idea).
How to make sure your email is deleted
If you want to be sure that your email is deleted make sure to include among your favourite research topics something completely remote from the one in this page. A good example:
- I have a propensity in the realm of Networking, Information Retrieval and Machine Learning
Courses
For the Courses see the Didattica on-line Web Page at the University of Trento.
- Computational Complexity and Cryptography (2007-present)
- Security Engineering (2003-present)
- Network Security (2004-2007)
If you are a lecturer and you would like to steal my English slides, please drop me a note. Being a great thief myself I'll be pleased to share.
Libri Didattici
Personal Activities
I'm also involved in the sector of International
Voluntary Service Organizations. In these days, you might be
interested in reading an essay written for a post-degree Foreign
Relations course by the Italian Minister of Forein Affairs I followed
in 1995 (once upon a time I won the competition to become U.N. officer). I
advocated a different relationship between Western Democracies and
Militant Islam, rather than funding conservative islamist leaders
(like Saddam Hussein or Saudi princes) to bash communists. History
proved me right. Download it in PDF or Postscript.
You can also see my wife (Beatrice De Blasi) web page. I met her while a volunteer for the italian branch of Service Civil international.
Address
Fabio Massacci
Dipartimento di Scienze ed Ingegneria dell'Informazione
Università di Trento
Via Sommarive 14, I-38050 Povo (Trento), Italy
tel: +39.0461.882086 fax: +39.0461.882093
E-mail Fabio PUNTO Massacci CHIOCCIOLA unitn PUNTO it
If you need really to talk to me (and don't have my mobile phone) I suggest to contact
For anything else just send me an email. Eventually I'll respond (recall that in CTL and LTL eventually is not bounded by any finite constant).
Blue Ribbon Online Free Speech Campaign