Fabio Massacci Home Page
Professor and deputy Head of School (photo) at Università di Trento and in particular
My favourite quotes:
- According to the university, the duties of professors are 50% administration, 50% teaching, 50% research. Order is relevant. (Moshe Vardi)
- I'm on holiday at the moment, so not supposed to be reading my email. (Bashar Nuseibeh)
- Data is the new gold, but maybe is the new asbestos (Participant at Cambridge Risk Seminar)
A landmark paper has found a way to generate full collisions with SHA-1, one of the most used hash algorithm:.
In the paper they used logical cryptanalysis applied to hash function as a key component of the differential path search (my italic):
[...]all these attempts led to results that not only were unsatisfactory but that even threatened the feasibility of the second near-collision attack.[...] Our final solution was to encode this problem into a satisfiability (SAT) problem and use a SAT solver to find a drop-in replacement differential path over the first eight steps that is solvable.
Vegard Nossum has been a student at the University of Oslo I co-supervised and the work of his at the basis of the collision is well described in his thesis
More specifically, we adapted the SHA-1 SAT system generator from Nossum.
I have very pleased that Vegard's work is a critical component of this (much larger) endeavor. When we (myself and my master student Laura Marraro) first invented logical cryptanalysis in 1999 (see our Journal of Automated Reasoning paper here and at the publisher) the traditional comment from crypto people was "for ever useless"... well, in this case it is true that nothing is for ever...
Chapeau to Marc, Elie, their team and, last but not least, Vegard.
My present working topics are
My h-index was >= 30 according to Google Scholar and >= 13 according to Scopus. My Erdös
number is 3 .
Modelling Security Requirements Engineering
(Now I do experiments on SRE)
Security-by-Contract for Mobile and Smart Card
Practical Enforcement of Information Flow Properties
Logical Cryptanalysis or Crypto with SAT for representing crypto-problems as logical problems.
Cryptographic Protocol Verification
Modal and Description Logics
- EU-SESAR-WPE-EMFASE (Empirical Framework for Security Design and Economic Trade-Off)
- EU-SEC-CP-SECONOMICS - Security Economics (Coordinator) - 3MEuro (Trento approx 600K)
- EU-FET-IP-SECURECHANGE - Security Engineering for lifelong Evolvable Systems (Coordinator) - 5.1MEuro (Trento approx 500K)
- EU-IST-IP-MASTER - Managing Assurance, Security and Trust for Services - 920KEuro
- EU-IST-IP-SERENITY - Security and Dependability Engineering - 586KEuro
- EU-IST-STREP-S3MS - Security and Services for Mobile Systems (Coordinator) - 2.4MEuro (Trento approx 300K)
- PAT-FU-MOSTRO - Modeling Security and Trust Relationships within Organizations - 81KEuro
- SENSORIA - Software Engineering for Service-Oriented Overlay Computers - Closed
- ASI-DOVES - A Platform for Enabling on Board Autonomy - Closed
- EU-IST-FET WASP - Working Group on Answer Set Programming - Closed
- MIUR-FIRB ASTRO - Knowledge Level Software Engineering - Closed
- MIUR-FIRB - Security Protocols Verification - Closed
- EU-NoE-E-NEXT - Network of Excellence E-Next - Closed
PhD Students, Post-docs, Alumni
Current PhD Students
- Stanislav Dashevsky, on empirical methods for software vulnerabilities
- Ivan Pashchenko, on experimental comparison of static analysis methods
- Chan Nam Ngo, on distributed transactions systems (blockchains and all that)
- Wagner Medeiros Dos Santos, on operational risk
- Katsiaryna Labunets, from Trento Univ., on empirical methods for risk assessment
- Luca Allodi, from Trento Univ., on cybercrime measurements and economic theory
- Jing Nie, from Durham Business School, on digital finance and malicious trading
Former PhD students
- Luca Allodi on economics models of cybercryme. University of Trento, Best PhD Award
- Natalia Bielova on enforcement and compliance [Researcher @ INRIA]
- Hristo Koshutanski, on interactive access control. [Researcher @ University of Malaga, Spain]
- Katsiaryna Labunets, on empirical methods for risk assessment.
- Katsiarina Naliuka, on run-time monitors for mobile code security [Engineer @ Google CH]
- Minh Ngo, on programmable enforcement mechanisms for nformation flow [Post Doc @ INRIA]
- Viet H. Nguyen, on empirical security metrics of evolving systems. [System architect @ Bosch]
- Nataliya Rassadko, on XML/BP Security Views [Senior Developer @ GPI]
- Le Minh Sang Tran, on Game theory for evolving Security Requirements [Quantitative Researcher @ WorldQuant ] - CAiSE PhD Award 2016
- Ida SR Siahaan, on automata modulo theory for mobile code [Lecturer @ BN Univ. Indonesia]
- Artiom Yautsiukhin, on Security Engineering and Security Metrics [Researcher @ CNR Pisa]
- Nicola Zannone, on Security Requirements Engineering [Assistant Prof @ Tech. Univ. Eindhoven.] IEEE RE'2015, 10 years most influential paper in Requirements Engineering
- Yudis Asnar, from Univ. of Trento [Professional Consultant @ STIKP Indonesia].
- Nicola Dragoni from Univ. of Bologna [Associate Prof @ DTU - Denmark].
- Olga Gadyatskaya, from Novosibirsk [Research associate @ Univ. of Luxembourg]
- Stephan Neuhaus, from Saarland Univ. [Dozent @ Univ of Applied Sciences Zurich]
- Federica Paci, from Univ. of Milano and Purdue [Lecturer @ Southampton]
- Ayda Saidane, from Supelec [Security Consultant @ Revenue Quebec]
- Woohyun Shim, from Michigan State University [Associate Research Fellow @ Korea Institute for Public Administration]
Information for Master and Perspective PhD Students
MSc/MEng Thesis and PhD Thesis
Both BSc and MSc theses are available and some internships. Come and see me in person (after class is best, See below for a timetable).
I take research interns only within institutional university exchanges
(eg EIT Digital Master School, prof. Vladimir Vasilyev at UGATU and prof. Dang Tran Khanh at HCMUT).
or if the wanna-be intern is also interested in doing a PhD with me.
PhD Studies in Trento
If you you would like to apply for a PhD in Trento, you'll be pleasantly surprised that we run everything in English and that you don't have to
come to Trento for the admission exam. For further information, visit the International Graduate School in Information and Communication Technologies..
How to make sure your email is deleted
Please include among your favourite research topics something completely remote from the ones in this page. A good example:
- I have a propensity in the realm of Networking, Information Retrieval and Machine Learning
For the Courses see the Didattica on-line Web Page at the University of Trento or (much better) see here (Security and Privacy EIT Master).
If you are a lecturer and you would like to steal my English slides, please drop me a note. Being a great thief myself I'll be pleased to share.
(VERY OLD) Libri Didattici
I have been also involved in the sector of International
Voluntary Service Organizations.
In these days, you might be
interested in reading an essay written for a post-degree Foreign
Relations course by the Italian Minister of Forein Affairs I followed
in 1995 (once upon a time I won the competition to become U.N. officer). I
advocated a different relationship between Western Democracies and
Militant Islam, rather than funding conservative islamist leaders
(like Saddam Hussein or Saudi princes) to bash communists. History
proved me right. Download it in Postscript.
You can also see my wife (Beatrice De Blasi or also here) web page. I met her while a volunteer for the italian branch of Service Civil international.
Dipartimento di Scienze ed Ingegneria dell'Informazione
Università di Trento
Via Sommarive 9, I-38123 Trento, Italy
tel: +39.0461.282086 fax: +39.0461.282093
E-mail Fabio Massacci
If you need really to talk to me (and don't have my mobile phone) I suggest to contact
For anything else just send me an email. Eventually I'll respond (recall that in both branching and linear time eventually is not bounded by any finite constant).
Blue Ribbon Online Free Speech Campaign