I am a highly motivated developer passionate about tackling impactful projects. Currently a researcher at Università degli Studi di Bergamo, I investigate integrating security features across mobile, web, and cloud systems. As a lifelong learner who thrives in collaborative environments, I enjoy exchanging ideas with inspiring colleagues.
Researcher
As a member of the computer security group at Università degli Studi di Bergamo I research computer systems security across heterogeneous technological environments. From cloud systems (e.g., Kubernetes), to web technologies (e.g., JavaScript runtimes, WebAssembly), and even mobile systems (e.g., Android).
Teaching Assistant
Teaching assistant for the bachelor's courses: "Informatica (modulo di programmazione)" and "Basi di dati" (formerly "Basi di dati e Web"), and the master's courses: "Advanced Data Management" and "Sicurezza dei sistemi informatici". Lectures of these courses are about:
Software Engineering
Software Engineering
Software Engineering
Technical High School
Grenoble INP - Esisar | Engineering school in cybersecure intelligent systems
This competition assesses the top scholarly security research of the year by focusing on research that has a practical impact. The paper NatiSand: Native Code Sandboxing for JavaScript Runtimes, of which I am one of the authors, was selected as one of the top 10 finalists. In short, it presents a mechanism to isolate binary programs and shared libraries in JavaScript runtimes (e.g., Node.js, Deno, and Bun).
Grenoble INP - Esisar | Engineering school in cybersecure intelligent systems
This competition assesses the top scholarly security research of the year by focusing on research that has a practical impact. The paper SEApp: Bringing Mandatory Access Control to Android Apps, of which I am the first author, was selected as one of the top 10 finalists. In short, it presents a natural evolution of the Android security model with the goal of improving the security of applications and the privacy of their users.
IEEE International Conference on Pervasive Computing and Communications (PerCom)
The software artifact of the paper Scalable Distributed Data Anonymization was awarded as the best of the entire conference. It protects respondents of a dataset by obfuscating information that can disclose their identities and sensitive information. By leveraging Apache Spark, the algorithm scales to a cluster of worker nodes to guarantee performance even when working on large datasets.
GitOps repository for the automated deployment of the Kubernetes platform for green and privacy preserving data operations with the use of ArgoCD. The project is part of the results produced by the consortium of the GLACIATION project. I have been in charge of the deployment of OPA Gatekeeper (with the Gatekeeper Policy Manager), MinIO server-side encryption with HashiCorp Vault, and the Apache Spark operator with our ad hoc data sanitization application.
Documentation, design and implementation of the Kubernetes platform for green and privacy preserving data operations. The project is part of the results produced by the consortium of the GLACIATION project. I have been in charge of the design and implementation of the admission control, data wrapping, and data sanitization services.
Apache Spark application implementing an efficient and effective approach to protect user privacy by obfuscating their identities or sensitive information. Three kind of transformations are supported: k-anonymity, l-diversity, and the use of both of them. Sanitization jobs are configured by the requesting application with numerous parameters with the goal of tailoring the sanitization process according to the specific requirements of the user. The application can run in Kubernetes clusters.
A flexible and intuitive tool that relies on instrumentation to collect, merge, and audit the activity traces generated by any application component. This information is then used to create fine-grained access policies, and introduce sandboxing using recent Kernel security modules, strengthening the security boundary of entire cloud applications.
Index enabling query execution over encrypted datasets without leaking frequency information. The tool preprocesses the dataset to construct client-side mappings and encrypt the dataset. Then, it shows their runtime use, by automating the upload of the encrypted dataset to PostgresSQL and Redis, and querying them.
Patch to the Deno JavaScript runtime to provide strong isolation guarantees against the execution of native code. It allows developers to control access to filesystem, Inter-Process Communication, and network, effectively reducing the risks coming from the execution of binary programs and shared libraries. Despite the use of advanced security mechanisms, the solution features a simple interface that requires no application changes nor security expertise from developers.
Patch to the Deno JavaScript runtime to enable the creation of fine-grained sandboxes for the execution of subprocesses. The sandbox is mainly built using Landlock, with policy exceptions being supported thanks to eBPF. The primary goal of the proposed protection mechanism is to preserve the integrity of the filesystem, and prevent access to confidential resources.
Patch to the Android Open Source Project (AOSP) to improve the security of Android applications by allowing developers to define ad hoc policies for their app components. This is a natural evolution of the Android security model, and can help guarantee user privacy even in the presence of third-party components (e.g., advertisement libraries). It supports multiple Android versions and has been tested on virtual and physical devices.
Novel way of implementing time-locked secrets based on smart contracts. It relies on the blockchain to measure the elapse of time, and it combines threshold cryptography with economic incentives and penalties to replace cryptographic puzzles. The prototype is implemented on top of the Ethereum blockchain.
Encrypted virtual filesystem implemented on top of Filesystem in Userspace (FUSE) that persists data using the Mix&Slice all-or-nothing transform.
RDF-based policy engine to evaluate access requests according to the MOSAICrOWN policy language. It includes SQL integrations to identify the set of resources target of a query, make a policy decision, and, when possible, rewrite the query to guarantee the enforcement of the policy.
A recommender system to suggest songs a user would likely add to one of her playlists based on: other tracks in the same playlist, other playlists created by the same user and other playlists created by other users.
A simplified implementation of a rule-based expert system in the medical field, with the goal to filter diseases a patient may be suffering based on the symptoms they presents. A chatbot interacts with the patient by generating questions and parsing their answers with regular expressions.
An implementation of Snake for the Windows Command Prompt.
I am passionate about code challenges since high school, when I took part at Olimpiadi Italiane di Informatica, a national event on problem solving with focus on algorithm time and space complexity. More recently I have participated to Google's Code Jam, Hash Code and Kick Start, and Reply Code Challenge.
IEEE International Conference on Communications (ICC)
Decentralized storage architectures are emerging as valid complementary solutions to cloud-based storage services. InterPlanetary File System (IPFS) is one of the most well-known distributed file storage protocols with wide adoption, good performance, and a variety of applications built over it. However, IPFS does not natively support data privacy and its decentralized nature limits the ability of data owners to maintain control over their resources and force their deletion. In this paper, we propose Mix-IPFS, an approach that addresses these shortcomings while exhibiting negligible overhead.
IEEE International Conference on Cloud Computing Technology and Science (CLOUDCOM)
Modern cloud applications can quickly grow to an elaborate and intricate tangle of services. In this scenario, paying attention to security aspects is important to mitigate the impact of incidents. In this paper, we address the problem proposing an approach that restricts application access to file system resources with a resource-based granularity. To this end, we develop a flexible and intuitive tool that relies on instrumentation to collect, merge, and audit the activity traces generated by any application component. We then demonstrate how this information can be used to introduce fine-grained sandboxes with minimal performance footprint.
International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
JavaScript runtimes (e.g., Node.js, Deno, and Bun) render code in a secure and isolated environment, but when they execute binary programs and shared libraries, no isolation guarantees are provided. In this paper we propose NatiSand, a component for JavaScript runtimes that leverages Landlock, eBPF, and Seccomp to control the filesystem, Inter-Process Communication (IPC), and network resources available to binary programs and shared libraries. The approach requires no changes to the application code and offers the user a simple interface. To demonstrate the effectiveness and efficiency of NatiSand we reproduced a number of vulnerabilities affecting third-party code, showing their mitigation and exhibiting competitive peformance with state of the art code sandboxing solutions.
ACM ASIA Conference on Computer and Communications Security (ASIACCS)
WebAssembly is a binary instruction format with strong security guarantees by design. While originally designed to run inside web browsers, there are now numerous runtimes that bring WebAssembly outside of it. The need to access system resources in these environments has led to the definition of the WebAssembly System Interface (WASI). With specific regard to the file system, WASI requires runtimes to implement security checks to only permit access to a predefined list of directories. While this is a step in the right direction, the approach not only suffers from poor granularity, but is also error-prone and has led to security issues. In this paper we replace the built-in security checks with eBPF programs, enabling the introduction of fine-grained per-module policies. Preliminary experiments confirm the efficiency of the solution.
ACM ASIA Conference on Computer and Communications Security (ASIACCS)
Deno is a runtime for JavaScript and TypeScript that is receiving great interest by developers, and is increasingly used for the construction of back-ends of web applications. A primary goal of Deno is to provide a secure and isolated environment for the execution of JavaScript programs. However this protection does not extend to the execution of subprocesses. In this paper we propose Cage4Deno, a set of modifications to Deno enabling the creation of fine-grained sandboxes for the execution of subprocesses by using Landlock and eBPF. Experiments showcase the sandbox effectiveness against a number of exploits and prove the efficiency of the proposal.
Transactions on Big Data (Early Access)
k-Anonymity and ℓ-diversity are two well-known privacy metrics that guarantee protection of the respondents of a dataset by obfuscating information that can disclose their identities and sensitive information. Existing solutions assume to operate in a centralized scenario, and therefore cannot scale. In this paper, we propose a solution enforcing both k-anonymity and ℓ-diversity in a distributed manner with the use of Apache Spark. The experimental evaluation shows that our solution provides scalability without affecting the quality of the resulting anonymization.
IEEE Global Communications Conference (GLOBECOM)
An approach for indexing encrypted data stored at external providers to enable provider-side evaluation of queries. The approach supports the evaluation of point and range conditions on multiple attributes, and protects data against static frequency-based inferences by clustering tuples in fixed-size groups that are mapped to the same index values. The experiments evaluate query performance and client-storage requirements, and confirm the efficiency of our solution.
International Conference on Availability, Reliability and Security (ARES)
Time-Locks enable the release of a secret at a future point in time. Many approaches implement Time-Locks as cryptographic puzzles, binding the time span for the recovery of the secret to the time to solve the puzzle. To overcome this limitation, we propose I Told You Tomorrow (ITYT), a novel way of implementing time-locked secrets based on smart contracts. ITYT relies on the blockchain to measure the elapse of time, and it combines threshold cryptography with economic incentives and penalties to replace cryptographic puzzles. We analyze its resiliency to attacks with the help of economic game theory and demonstrate the low cost and limited resource consumption of the approach with our experiments.
USENIX Security Symposium (USENIX Security)
The Android security model focuses on to the protection of system components and secure the interactions between apps. However, app developers have no way to isolate internal components of their applications. Our solution overcomes this limitation, giving developers the power to define ad-hoc Mandatory Access Control (MAC) policies for their apps. This is a natural evolution of the security mechanisms already available in Android, and can help guarantee user privacy even in the presence of third-party components.
IEEE International Conference on Pervasive Computing and Communications (PerCom)
An approach for enabling distributed anonymization of sensor data using an arbitrary number of workers with Apache Spark. The experimental evaluation shows that the proposed approach is scalable and does not affect the quality of the anonymized dataset.
IEEE International Conference on Pervasive Computing and Communications (PerCom)
The paper describes the prototype of Scalable Distributed Data Anonymization, and how to reproduce its experiments.
available upon request