Research

Awards

• 🏆 BEST PAPER AWARD @ SEAMS 2025 for the paper "SPARQ: A QoS-Aware Framework for Mitigating Cyber Risk in Self-Protecting IoT Systems"

• 🏆 BEST PAPER AWARD RUNNER-UP @ ESORICS 2024 for the paper "It Is Time To Steer: A Scalable Framework for Analysis-driven Attack Graph Generation"

• 🏆 BEST PAPER AWARD RUNNER-UP @ ARES 2024 for the paper "BenchIMP: A Benchmark for Quantitative Evaluation of the Incident Management Process Assessment"

• 🎓 LAUDE and recognition of DOCTOR EUROPEAUS for Ph.D Thesis "Lowering the boundaries of information security governance: a multi-perspective quantitative viewpoint"

Research Interests

• Self-protection and cybersecurity in autonomic computing
  Autonomic cybersecurity is a self-managing approach to cybersecurity where systems can automatically monitor, analyze, plan, and execute security strategies against threats with partial (or absent) manual intervention.  Autonomous systems typically apply architectural adaptations, and enabling autonomous security decision-making is still a challenge, as well as ensuring their trustworthiness and transparency. My research focuses on modeling autonomic systems and methodologies for self-protection and self-healing, as well as the design and development of strategies to ensure security during autonomous computations.

• Information Security Governance
  Information Security Governance (ISG) is the overall strategy for securing information in an organization. It comprises many different processes, including Incident Management and Cyber Risk Management. They are typically manually performed, causing possible cognitive bias during the processes. My research focuses on quantitative approaches to support the decisions of security experts during the ISG processes and improve the accuracy of security analyses. 

• Attack Graphs
  Among all the existing attack models, Attack Graphs represent a powerful abstraction to capture the notion of multi-step attack i.e., an attack toward a specific target executed by taking intermediate steps in the network. Current attack graph representations are poorly scalable and consider only vulnerabilities related to the underlying network infrastructure.  My research focuses on improving the scalability of the attack graph process and enabling threat intelligence in attack graph-based systems.