Photo

Ivan Pashchenko

Department of Information Engineering and Computer Science, University of Trento

  • EIT Digital Doctoral Student at the Trento Doctoral Training Centre

Contacts

E-mail: ivan.pashchenko[at]unitn.it

Skype: ivanpashchenko

My LinkedIn page: LinkedIn

Bio

I received Diploma in Information Security from Ufa State Aviation Technical University (Ufa, Russia) in 2013. I graduated with honours, and my thesis received Best Thesis Award on the All-Russian Cyber Security Thesis Competition. Hence, I was awarded a scholarship of the Bashkortostan Republic President. During my university education I published 3 papers in the top Russian scientific journals (HAC journals) and performed 10+ conference talks on state, All-Russian and international conferences. I was invited as a speaker to the annual conference on cyber security of critical infrastructures conference (IBKVO-2015).

Until September 2015 I was a Leading Engineer in the Technological Security Department at the JSOC "Bashneft" (Russia), where I was responsible for protecting corporate infrastructure from cyber threats and viruses with the help of solutions developed by Cisco and Trend Micro. Besides the routine activities implying system administration, I deployed the system for web traffic analysis; configured antivirus system to work on such unstable objects as remote gas stations and deployed it to all the gas stations of the company; developed and applied a strategy for preventing RansomeWare attacks (the strategy included early ransomeware discovery in emails and network traffic, behavioral detection on workstations and servers, and recovering sensible data from back-ups).

Now I'm a PhD candidate at the University of Trento (Italy) in Security Research Group under the supervision of Prof. Fabio Massacci, working on the security of the Software Engineering process. Also I'm following the European entrepreneurship education program as an EIT Digital Doctoral student at the Trento Doctoral Training Centre.

Academic research interests

My research focus is in mechanisms enhancing security of the Software Engineering process. In particular, my research goal is to design a methodology for automatic benchmark construction for software testing tools using real-world software as a source of ground truth vulnerability set. Currently, I am working with software testing tools like Fortify SCA, Coverity, SonarQube, and others.

Awards

  • 2016 - Best Entrepreneurial Team Award (EIT Digital Summer School Privacy, Security & Trust, 2016)
  • 2014 – 2015 Scholarship of Bashkortostan Republic President
  • 2013 - Best Thesis Award (All-Russian Cyber Security Thesis Competition)
  • 2013 - Diploma of Information Security Specialist - Diploma with honours
  • 2013 – Best paper award. University Science week (USATU)
  • 2012 – Erasmus Mundus Action 2 Multic scholarship
  • 2011 – Best paper award. University Science week (USATU)

Featured talks:

We don't WannaCry (Trento, Italy) - slides

ICT Days 2017 (Trento, Italy) - poster

ESSOS-2016 Doctoral Symposium (London, United Kingdom) - slides

EIT Digital Security Symposium / European Cyber Week 2016 (Rennes, France) - poster

IBKVO-2015 Annual conference on cyber security of critical infrastructures (Moscow, Russia) - slides

Publications

  • Delta-Bench: Differential Benchmark for Static Analysis Security Testing Tools . To appear in International Symposium on Empirical Software Engineering and Measurement (ESEM2017), 2017. - paper
  • FOSS Version Differentiation as a Benchmark for Static Analysis Security Testing Tools. In Proceedings of 2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’17), 2017. - paper
  • "Development of the Smart Grid security ontology" (HAC publication). Science education, Moscow, 2015.
  • "Information security of Smart Grids based on intelligent technologies: rule base design" (HAC publication), YUFU tidings. Technical sciences. Thematic edition "Information security". – Taganrog: ITA YUFU, 2015
  • "Smart Grid security requirements design based on ISO/IEC 27001 and 27005" (HAC publication), YUFU tidings. Technical sciences. Thematic edition "Information security". – Taganrog: ITA YUFU, 2013

Projects

Jan 2016 – Jan 2017 - Vulnerability Analysis and Management for Open-Source Software (VAMOSS).

  • WP main contact from the University of Trento;
  • responsible for risk assessment design;
  • development of Java RESTful plug-in.

Summer and Winter Schools:

  • NECS PhD Winter School, 2017
  • SECENTIS Winter School, University of Trento, 2016
  • Empirical Research Methods in Software Engineering and Informatics (ERMSEI) summer school, Danmarks Tekniske Universitet, 2016
  • EIT Digital Summer School Privacy, Security & Trust, 2016

Education

Nov 2015 Present PhD Candidate in Information and Communication Technology, University of Trento, Italy

Mar 2016 – Present EIT Digital Academy, EIT Digital Doctoral student, Innovation and Entrepreneurship

Sep 2008 Jun 2013 Diploma of Information Security Specialist, Ufa State Aviation Technical University, Title: "Smart Grid Security Design"

Work Experience

Nov 2013 - Sep 2015 Leading Security engineer, Bashneft-Inform, Ufa, Russia

Security administrator in charge of antivirus protection of users (workstations and e-mails), servers (physical, virtual), and local network.

Main achievements:

  • developed and applied a strategy for preventing RansomeWare attacks (the strategy included early ransomeware discovery in emails and network traffic, behavioural detection on workstations and servers, and recovering sensible data from back-ups);
  • deployed the system for web traffic analysis;
  • configured antivirus system to work on such unstable objects as remote gas stations and deployed it to all the gas stations of the company.

Real-world interests

Volleyball, Snowboarding, Hiking, Collecting coins