News: Sept 11th, 2016 - Participants section added. Looking forward to a next edition of the School!


Aylin Caliskan-Islam

Aylin Caliskan-Islam is a Postdoctoral Research Associate and a CITP Fellow at Princeton University. Her work on the two main realms, security and privacy, involves the use of machine learning and natural language processing. In her previous work, she demonstrated that de-anonymization is possible through analyzing linguistic style in a variety of textual media, including social media, cyber criminal forums, and source code. She is currently extending her de-anonymization work to include non-textual data such as binary files and developing countermeasures against de-anonymization.

Aylin's other research interests include quantifying and classifying human privacy behavior and designing privacy nudges to avoid private information disclosure as a countermeasure. At Princeton, she works with Dr. Arvind Narayanan on text sanitization of sensitive documents for public disclosure, which can enable researchers to share data with linguists, sociologists, psychologists, and computer scientists without breaching the research subjects' privacy. She holds a PhD in Computer Science from Drexel University and a Master of Science in Robotics from the University of Pennsylvania.

Lecture: De-anonymization and Machine Learning's Role in Privacy and Security


Michel Van Eeten

Michel van Eeten's chair focuses on the Governance of Cybersecurity. He studies the interplay between technological design and economic incentives in Internet security. His team analyses large-scale Internet measurement and incident data to identify how the markets for Internet services deal with security risks.

He has conducted empirical studies for the ITU and the OECD on the economics of malware and the role of Internet Service Providers in botnet mitigation. The Dutch government commissioned an in-depth study on the Dutch market. He is leading two projects funded by NWO (Netherlands Organisation for Scientific Research); one on security reputation metrics for Internet intermediaries and one on improving the effectiveness of abuse reporting mechanisms.

Additional funding has been granted via two EU projects: the Advanced Cyber Defense Center, which develops anti-botnet services for European operators and users, and the eCrime project, which will study the economic impact of cybercrime on non-ICT sectors, such as health and the chemical industry. He is also a member of the Dutch Cyber Security Council. As part of his administrative responsibilities, he currently serves as the Director of the TPM Graduate School.

Lecture: Who is bad? The hard task of developing security metrics on providers and what those metrics can teach us about the interplay of crime, markets and security


Lorenzo Cavallaro

Lorenzo Cavallaro is a Lecturer (equivalent of Assistant Professor) in the Information Security Group at Royal Holloway, University of London. His research interests span across a number of computer science disciplines, including operating systems, computer architectures and networks, compilers and programming languages, and machine learning.

Before joining the ISG at Royal Holloway, Lorenzo was a Post-Doctorate researcher in the Systems & Security group at Vrije Universiteit Amsterdam, where he joined Prof. Andrew S. Tanenbaum, and his team, working on (operating) systems security. From Apr 2008 to Dec 2009, he was a Post-Doctorate researcher in the Computer Security Lab at the University of California, Santa Barbara (UCSB), working with Profs Christopher Kruegel, and Giovanni Vigna on botnet analysis and detection/mitigation techniques. From Sep 2006 to Mar 2008, instead, Lorenzo was a Visiting Ph.D. Scholar first, and a Research Foundation Employee, after (Oct 2007 to Mar 2008), in the Department of Computer Science at the State University of New York at Stony Brook (Stony Brook University), joining the Cyber Security/Secure Systems Lab led by Prof. R. Sekar, working on memory error countermeasures, anomaly detection and taint analysis techniques.

Lorenzo is author and co-author of more than 18 papers, has published in top venues, and has served as PC member and reviewer of various conferences and journals, including IEEE Security & Privacy, USENIX Security Symposium, ACSAC, NDSS, RAID, DIMVA, EDCC, DSN-DCSS, SESOC, ICISS, EuroSec, ACM TISSEC, TDSC, COSE, and COMNET.

Lecture: Dynamic analysis of Malicious Android Apps


Fabian Yamaguchi

Fabian Yamaguchi is a Postdoctoral Researcher at the Institute of System Security, Technische Universität Braunschweig. He received his Doctoral Degree in Computer Science from the University of Göttingen in 2015 and his Masters Degree in Computer Engineering from Technische Universität Berlin in 2011. For his work on Pattern-Based Vulnerability Discovery, he received the CAST/GI Dissertation Award IT Security in 2016. Before joining University of Göttingen, he worked as a Security Consultant and Vulnerability Researcher for Recurity Labs GmbH, Berlin. His research currently involves vulnerability discovery, machine learning, and data mining.

Lecture: Data Mining for Vulnerability Discovery


Miguel P. Correia

Miguel P. Correia is an Associate Professor at Instituto Superior Técnico (IST) of the Universidade de Lisboa (ULisboa), in Lisboa, Portugal. He is a researcher at INESC-ID in the Distributed Systems Group (GSD). He is currently the coordinator of the Master Degree (MSc) in Information Systems and Computer Engineering. He has a PhD in Computer Science from the University of Lisboa Faculty of Sciences. He has been involved in several international and national research projects related to intrusion tolerance and security, including the SafeCloud, PCAS, TCLOUDS, ReSIST, CRUTIAL, and MAFTIA European projects. He has more than 100 publications and is Senior Member of the IEEE. His main research interests are: security, intrusion tolerance, distributed systems, distributed algorithms, computer networks, cloud computing, and critical infrastructure protection.

Lecture: Web application security: from static analysis to dynamic protections and recovery


Fabio Massacci

Fabio Massacci is a full professor at the University of Trento (IT). He has a Ph.D. in Computing from the University of Rome La Sapienza in 1998. He has been in Cambridge (UK), Toulouse (FR) and Siena (IT). He has published more than 250 articles in peer reviewed journals and conferences and his h-index is 35. His current research interest is in empirical methods for cyber security. He was the European Coordinator of the project SECONOMICS on socio-economic aspects of security. He is now working on the SESAR EMFASE project on empirical validation of security risk assessment in aviation.

Lecture: Empirical Validation of Risk and Security Requirements Methodologies


Enrico Frumento

Enrico Frumento is an expert in offensive and unconventional security and attacks techniques. His research activity started at CEFRIEL in the field of e-health service and telemedicine systems where he contributed with most of his scientific production.

Since 1998, he moved his research interests towards wearable electronic systems and unconventional security. Thanks to his participation to several European projects and specialized task forces, he gained a strong experience in the area of cyber-crime and unconventional security. He is actually working as a member of the CEFRIEL's security research team, which is continuing the innovation mission of the centre in the security area (bridge the research to the enterprises to help their innovation needs).

He actually contributes with his research on Secure Code Development, hacking/cracking techniques (Reverse Code Engineering and Code Hardening) and social engineering evolutions. Thanks to his collaboration with the Milan dept. of Cognitive Science lately he studied the area of Social Engineering and the problems tied to the definition of identity in the web era. He's member of the Task-Force #1 of the Talk-in-the-tower initiative, which aims to re-define the role of machines in the future society and of cyber-crime related task forces (DCC, EECTF). He's author of over 50 scientific papers, articles or books.

Lecture: The age of human hacking


Marco Morana

Marco Morana is Head of cyber-security strategy goals, activity planning globally for Citi ICG.

Experience: Risk manager focused in analysis of threats and promotion of new technical and process measures to reduce risks to the corporate bank clients. Author of various technical standards and processes in the application security space. Keynote speaker on various topics of cyber-threats against the financial sector. Author of several articles and two (2) books on various cyber-security topics. Involved with start-ups as outside director and as advisor. Mentor of start-ups acceleration programs.

Specialties: cyber-security strategy, secure architecture reviews and cyber-threat risk analysis processes. Documentation of application security architecture guidelines, creation, management and reporting of secure architecture review processes, engineering of secure cloud architecture, cyber-attack resilience and web fraud detection.

Significant contributions: Threat modelled mobile applications for corporate payments handling $ 1 trillion worth of transactions. Secured on-line banking application with 40 million customers in 2009. Pioneered the Security in the SDLC program and helped to expand globally. Authored secure coding standards and architecture standards used corporate wide. Advised on secure design of Google Wallet and the FIDO standard. Managed project and consulting engagements and created new consulting services. Mentored cyber-security start-ups and helped establish their businesses. Patented secure e-mail plug-in technology (NASA 1996). Worked with the R&D team that develop the first IDS (Intrusion Detection System) technology (ISS 1998).

Lecture: Attack simulation, Countermeasure Design and Security Testing Using Threat Modelling


Matteo Meucci

Matteo Meucci has more than 13 years of specializing in Application Security and collaborates from 2002 with the OWASP project: he founded the OWASP-Italy Chapter in 2005 and leads the OWASP Testing Guide from 2006. Matteo is invited as speaker at many events all around the world talking about Web Application Security. Matteo has undergraduate degrees in Computer Science Engineering from the University of Bologna.

Matteo Meucci is the CEO and a cofounder of Minded Security from 2007, where he is responsible for strategic direction and business development for the Company. Prior to founding Minded Security, Matteo had several consultancy experiences from BT Global Services, INS, Business-e and CryptoNet.

Lecture: The OWASP testing guide v4


Battista Biggio

Battista Biggio received the M.Sc. degree (with honors) in Electronic Engineering (2006) and the Ph.D. degree in Electronic Engineering and Computer Science (2010) from the University of Cagliari (Italy). Since 2007, he has been with the Department of Electrical and Electronic Engineering of the University of Cagliari, where he is currently a post-doctoral researcher. In 2011, he visited the University of Tuebingen (Germany), and worked on the security of learning algorithms to training data contamination.

His research interests include secure machine learning, multiple classifier systems, kernel methods, computer security and biometrics. On these topics, he has published more than 50 papers on international conferences and journals, collaborating with several research groups from academia and companies throughout the world. Dr. Biggio has also recently co-founded a company named Pluribus One, where he is responsible of leveraging machine-learning algorithms to drive product innovation. He regularly serves as a reviewer and program committee member for several international conferences and journals on the aforementioned research topics. Dr. Biggio is a member of the IEEE and of the IAPR.

Lecture: Machine Learning under Attack: Vulnerability Exploitation and Security Measures