---

I am a visiting Assistant Professor at Stanford University and Research Group Leader at CISPA (Center for IT Security, Privacy, and Accountability). Before that I was postdoc in the System Security group at CISPA and during my doctoral studies I was member of the S3 group at EURECOM in Sophia-Antipolis (France) under the supervision of Davide Balzarotti. Until August 2013, I worked as researcher associate in the Security and Trust group at the SAP research labs.

---

Research

I research on multiple aspects of the security of modern application software, in particular on web-based application. While my core research goal is to advance the state of the art of automated vulnerability detection and analysis, I also study the security properties of emerging technologies/trends in application software.

Current interests:

• Vulnerability Detection and Analysis:
  • Cross-site request forgery (Deemon [CSS'17])
  • Web application scanners and dynamic JavaScript analysis (jAEk [RAID'15])
  • Logic vulnerabilities [NDSS'14]
  • Server-side requests [RAID '16]
  • Web API security (Data leak in ride-hailing services [NDSS'19])
• Web Platform Security:
  • Web enclaves and trusted user I/O path (Fidelius [IEEESSP'19])
  • Internet core services security (Who controls the Internet [WWW'17], the great cannon [WOOT'15])
• Deep Learning Systems Security:
  • Attacking perceptual ad-blocking [Arxiv'18]
  • Detection of adversarial physical attacks [Arxiv'18]

---

Services

• PC member at Usenix Security (2020, 2019), ACSAC (2019, 2018, 2017), ASIA CCS (2019), EuroSec (2019), ISC (2019), CARDS (2019), ACM CCS (2018), Usenix WOOT (2018), ACM CCS Poster (2016), IWCC (2016, 2015), DEPEND (2016, 2015), WTMC (2016), STAST (2014), NBiS (2014)
• Usenix Security Invited Talks Committee (2019), Publicity chair for ACM CCS (2017),
• PC (co-)chair at SECTEST2015
• Reviewer for ACM Computing Surveys, IEEE Transactions on Cloud Computing (TCC), and Transactions on Dependable and Secure Computing (TDSC)