Search this site

Riccardo Scandariato's homepage

KU Leuven
Departement of Computer Science
Celestijnenlaan 200A
3001 Heverlee
Belgium
Room: 200A.04.151
Phone: +32 16 327062
Fax: +32 16 327996

In a nutshell

I am a lecturer in Secure Software and I am a member of the DistriNet Research Group at the Department of Computer Science of KU Leuven. I lead a team of researchers in the area of Secure Software Engineering and my main research interests are:
  • Empirical methods in security (experimental studies, security metrics)
  • Security in software architectures (principles, patterns and methods)
I spend my spare time learning the German culture, playing tennis (weather permitting, and in Belgium that is a big disclaimer), pretending to jog 5k (same story), dreaming about motorcycles, and reading (not necessarily in this order).

Publications

[more information]

Empirical work

I've been / am involved in the following controlled experiments:
  1. Aspect-Oriented Modeling with ThemeUML (10 subjects, PhD students). Status: published at AOSD'10. More info
  2. Aspect-Oriented Modeling with Domain Specific Models (16 subjects, PhD students). Status: published at ESEM'11.  More info
  3. Change Patterns for Evolving Trust (12 subjects, 5th year master students -- industrial case study with 2 subjects). Status: published in SoSyM journal in 2012. More info
  4. Annotations in Security Patterns (90 subjects, 4th yeas master students). Status: published at ICSE'12. More info
  5. Threat modeling with Microsoft STRIDE (57 subjects, 5th year master students). Status: submitted to ESEM'12
  6. Threat modeling for Privacy (100 students + 7 professionals). Status: executing
Concerning security metrics, I'm currently working on mining the applications in the Google Market (a.k.a. Play Store). 

PhD students

I've had / am having the privilege of (co)supervising the following PhD students:
  • Koen Buyens, graduated January 2012. Analyzing software architectures for least privilege violations
  • Thomas Heyman, working on formal methods for the security analysis of software architecture
  • Aram Hovsepyan, graduated July 2011. An empirical assessment of the maintenance cost in model-driven software development
  • Kim Wuyts, working on security and privacy in e-health
  • Koen Yskout, working on security patterns and evolution of security

Teaching

I lecture a course on Software Architecture, with focus on security as a quality (in collaboration with Wouter Joosen and an amazing team of TAs).

Short bio (for copy & paste)

Dr. Riccardo Scandariato received his PhD in Computer Science from Politecnico di Torino, Italy, in 2004. During year 2003, he was a visiting research associate at the University of Virginia, USA with the Dependability Research Group of Prof. John Knight. In 2004-2005, he was a post-doctoral researcher at Politecnico di Torino, with the Software Engineering Research Group of Prof. Maurizio Morisio. Since January 2006, he joined the Distributed Systems and Computer Networks Research Group (DistriNet) at KU Leuven, Belgium, where he collaborates with Prof. Wouter Joosen. After an initial period as a PostDoc, in June 2009 he became a permanent member of the staff (Research Expert, equivalent to a lecturer) and he currently leads a team of security researchers in the area of secure software.

Riccardo's main research activities are in the area of secure software engineering, with a particular focus on security in software architecture (principles, patterns and methods) and empirical methods in security (experimental studies, security metrics). 

Scientific activities

I am an Associate Editor of the International Journal of Secure Software Engineering (IJSSE). I am a member of the Steering Committee of the International Workshop on Security Measurements and Metrics (MetriSec). I am also involved in the following events:
  • Chair of the Workshop on Secure Software Engineering (SecSE 2012)
  • PC Member of the IFIP Conference on Communications and Multimedia Security (CMS 2012)
  • PC Member of the ACM SIGSOFT Symposium on Architecting Critical Systems (ISARCS'12)
  • PC Member of the International Workshop on Security Measurements and Metrics (MetriSec 2012)
  • PC Member of the International Workshop on Quantitative Aspects in Security Assurance (QASA 2012)
  • PC Member of the Joint workshops on Intelligent Methods for Software System Engineering (JIMSE 2012)
  • Publication Chair of the International Symposium on Engineering Secure Software and Systems (ESSoS 2013)
In the past, I was involved in the following events:
  • Publication Chair of the International Symposium on Engineering Secure Software and Systems (ESSoS 2012)
  • Chair of the Workshop on Secure Software Engineering (SecSE 2011)
  • Chair of the International Workshop on Eternal Systems (EternalS 2011)
  • Co-organizer of the Workshop on Security Predictions (PREDICT 2011)
  • PC Member of the IFIP Conference on Communications and Multimedia Security (CMS 2011)
  • PC Member of the International Workshop on Security Measurements and Metrics (MetriSec 2011)
  • PC Member of the International Workshop on Software Engineering for Secure Systems (SESS 2011)
  • PC Member of the International Workshop on Machine Learning for Software Construction (ISoLA 2011)
  • Poster Session Chair of the ACM Symposium on Access Control Models and Technologies (SACMAT 2011)
  • Chair of the International Workshop on Security Measurements and Metrics (MetriSec 2010)
  • PC Member of the European Workshop on Public Key Services, Applications and Infrastructures (EUROPKI 2010)
  • PC Member and Panelist of the International Workshop on Measurability of Security in Software Architectures(MeSSa 2010)
  • PC Member of the IFIP Conference on Communications and Multimedia Security (CMS 2010)
  • PC Member of the ICST Conference on Security and Privacy in Mobile Information and Communication Systems (Mobisec 2010)
  • PC Member of the International Symposium on Engineering Secure Software and Systems (ESSoS 2010)
  • PC Member of the International Workshop on Software Engineering for Secure Systems (SESS 2010)
  • PC Member of the International Workshop on Secure Software Engineering (SecSE 2010)
  • Chair of the International Workshop on Security Measurements and Metrics (MetriSec 2009)
  • PC Member and Tutorial Chair of the International Symposium on Engineering Secure Software and Systems (ESSoS 2009)
  • PC Member and Publicity Chair of the International Middleware Conference (Middleware 2009)
  • PC Member of the Workshop on Middleware for Service Oriented Computing (MW4SOC 2009)
  • PC Member of the Workshop on Secure Software Engineering (SecSE 2009)
  • PC Member of the European Workshop on Public Key Services, Applications and Infrastructures (EUROPKI 2009)
  • Chair of the International Workshop on Middleware Security (MidSec 2008)
  • PC Member, Organization Chair, and Panel Chair of the Workshop on Quality of Protection (QoP 2008)
  • Panelist of the EU-sponsored Topical Seminar on ICT Trust & Security (CISTRANA 2008)
  • Panelist of the Visionary Workshop on Information Security (CALIT 2007)