Photo

Ivan Pashchenko

DISI Security Research Group Department of Information Engineering and Computer Science

  • EIT Digital Doctoral Student at the Trento Doctoral Training Centre

Contacts

E-mail: ivan.pashchenko[at]unitn.it

Skype: ivanpashchenko

My LinkedIn page: LinkedIn

Bio

I received Diploma in Information Security from Ufa State Aviation Technical University (Ufa, Russia) in 2013. I graduated with honours, and my thesis received Best Thesis Award on the All-Russian Cyber Security Thesis Competition. Hence, I was awarded a scholarship of the Bashkortostan Republic President (Russia). During my university education I published 3 papers in the top Russian scientific journals (HAC journals) and performed 10+ conference talks on state, All-Russian and international conferences. I was invited as a speaker to the annual conference on cyber security of critical infrastructures conference (IBKVO-2015).

Until September 2015 I was a Leading Engineer in the Technological Security Department at the JSOC "Bashneft" (Russia), where I was responsible for protecting corporate infrastructure from cyber threats and viruses with the help of solutions developed by Cisco and Trend Micro. Besides the routine activities implying system administration, I deployed the system for web traffic analysis; configured antivirus system to work on such unstable objects as remote gas stations and deployed it to all the gas stations of the company; developed and applied a strategy for preventing RansomeWare attacks (the strategy included early ransomeware discovery in emails and network traffic, behavioral detection on workstations and servers, and recovering sensible data from back-ups).

Now I'm a PhD candidate at the University of Trento (Italy) in Security Research Group under the supervision of Prof. Fabio Massacci, working on the security of the Software Engineering process. Also I'm following the European entrepreneurship education program as an EIT Digital Doctoral student at the Trento Doctoral Training Centre. These days I am working as a Machine Learning Intern in Security Research Group at SAP Labs France under the supervision of H.Plate, A.Sabetta, and S.Ponta.

Academic research interests

My research interests include Natural Language Processing, Machine Learning, Data Mining, Static Analysis, and Software Security.

Currently I am working on the following topics:

  • Automatic classification of security and regular fixes using Deep Learning techniques;
  • Differential benchmark for comparing Static Analysis Security Testing tools ( Fortify SCA, Coverity, SonarQube , etc.) , using historical fixes in real-world software as a ground-truth vulnerability source.

Awards

  • 2017 - 2nd place in the ESEC/FSE 2017 Graduate Student Research Competition
  • 2016 - Best Entrepreneurial Team Award (EIT Digital Summer School Privacy, Security & Trust, 2016)
  • 2014 – 2015 Scholarship of Bashkortostan Republic President
  • 2013 - Best Thesis Award (All-Russian Cyber Security Thesis Competition)
  • 2013 - Diploma of Information Security Specialist - Diploma with honours
  • 2013 – Best paper award. University Science week (USATU)
  • 2012 – Erasmus Mundus Action 2 Multic scholarship
  • 2011 – Best paper award. University Science week (USATU)

Featured talks:

ESSOS-2017 (Bonn, Germany) - poster

We don't WannaCry (Trento, Italy) - slides

ICT Days 2017 (Trento, Italy) - poster

ESSOS-2016 Doctoral Symposium (London, United Kingdom) - slides

EIT Digital Security Symposium / European Cyber Week 2016 (Rennes, France) - poster

IBKVO-2015 Annual conference on cyber security of critical infrastructures (Moscow, Russia) - slides

Publications

  • Delta-Bench: Differential Benchmark for Static Analysis Security Testing Tools . In Proceedings of International Symposium on Empirical Software Engineering and Measurement (ESEM2017), 2017. - paper
  • FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools. In Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’17), 2017. - paper
  • "Development of the Smart Grid security ontology" (HAC publication). Science education, Moscow, 2015.
  • "Information security of Smart Grids based on intelligent technologies: rule base design" (HAC publication), YUFU tidings. Technical sciences. Thematic edition "Information security". – Taganrog: ITA YUFU, 2015
  • "Smart Grid security requirements design based on ISO/IEC 27001 and 27005" (HAC publication), YUFU tidings. Technical sciences. Thematic edition "Information security". – Taganrog: ITA YUFU, 2013

Projects

Jan 2016 – Jan 2017 - Vulnerability Analysis and Management for Open-Source Software (VAMOSS).

  • WP main contact from the University of Trento;
  • responsible for risk assessment design;
  • development of Java RESTful plug-in.

Certifications

  • Enterprise Machine Learning in a Nutshell (certified by SAP) - certificate
  • Enterprise Deep Learning with TensorFlow (certified by SAP) - certificate
  • Developing Software Using Design Thinking (certified by SAP) - certificate

Summer and Winter Schools:

  • NECS PhD Winter School, 2017
  • SECENTIS Winter School, University of Trento, 2016
  • Empirical Research Methods in Software Engineering and Informatics (ERMSEI) summer school, Danmarks Tekniske Universitet, 2016
  • EIT Digital Summer School Privacy, Security & Trust, 2016

Education

Nov 2015 Present PhD Candidate in Information and Communication Technology, University of Trento, Italy

Mar 2016 – Present EIT Digital Academy, EIT Digital Doctoral student, Innovation and Entrepreneurship

Sep 2008 Jun 2013 Diploma of Information Security Specialist, Ufa State Aviation Technical University, Title: "Smart Grid Security Design"

Work Experience

Sep 2017 - Present Machine Learning Intern in Security Research Group, SAP, Sophia-Antipolis, France

• ongoing project – Deep Learning (TensorFlow) based tool for automatic commit classification on its relation to security;

• developed Machine Learning service, which automatically determines program language and project type of a CVE, based on information available from NVD – currently deployed in production at SAP.

Programming language used: Python


Nov 2013 - Sep 2015 Leading Security engineer, Bashneft-Inform, Ufa, Russia

Security administrator in charge of antivirus protection of Windows and UNIX/Linux based environments, and local network.

Main achievements:

  • developed and applied a ransomware preventing policy, which lead to absence of data losses from ransomware attacks during the period, when the policy was active;
  • deployed the system for web traffic analysis;
  • configured antivirus system to work on such unstable objects as remote gas stations and deployed it to all the gas stations of the company.

Real-world interests

Semi-professional volleyball player, snowboarding, hiking.