Alessandro Palma

Postdoctoral Researcher

SAPIENZA University of Rome

I am a postdoctoral researcher at Sapienza University of Rome, Italy. My research focuses on automated and quantifiable cyber risk assessment, both from a technical perspective --researching attack modeling, attack graphs, and probabilistic methods-- and from an operational perspective by providing decision support for security operations and their integration into autonomic cybersecurity, such as self-protecting systems.

I am interested in how interactive visualization and visual analytics can help analysts understand complex attack surfaces, evolving risks, and remediation priorities more intuitively. To this aim, my work also investigates progressive data analysis for real-time exploration of security data to make cyber risk assessment more adaptive, explainable, and actionable for both human operators and automated defense mechanisms.

I earned a Ph.D. in Engineering in Computer Science with Laude at Sapienza University of Rome, Italy, where I also earned an MSc in Engineering in Computer Science. In 2022, I worked as a research fellow with CINI Cyber Security National Laboratory on Open Source INTelligence (OSINT).

During my Ph.D., I was a visiting scholar at Télécom SudParis - Institut Polytechnique de Paris.
More recently, I've been a visiting researcher at University of Patras.

CONTACTS

Email: palma@diag.uniroma1.it

Dipartimento di Ingegneria Informatica, Automatica e Gestionale "Antonio Ruberti" (DIAG)

Sapienza Università di Roma

Via Ariosto 25, 00185, Roma (Italy)

Room: B112

NEWS

During my visiting stay at the University of Patras, I delivered an invited talk entitled "From Security-by-design to Self-Protecting Systems". More information here.
The paper "Progressive attack graph: a technique for scalable and adaptive attack graph generation" has just been published in the International Journal of Information Security
The track "Applications and Systems for Healthcare" will be at SAC 2026. Full program available here.
The paper "Behind the scenes of attack graphs: Vulnerable network generator for in-depth experimental evaluation of attack graph scalability " has just been published in Elsevier Computers & Security
The paper "IMPAVID: Enhancing incident management process compliance assessment with visual analytics " has just been published in Elsevier Computers & Graphics
🏆 We won the Best Paper Award from SEAMS 2025 with the paper "SPARQ: A QoS-Aware Framework for Mitigating Cyber Risk in Self-Protecting IoT Systems"
🏆 We won the best paper runner-up award from ESORICS 2024 with the paper "It is Time To Steer: A Scalable Framework for Analysis-Driven Attack Graph Generation"

Report abuse