Riccardo Scandariato

Welcome!

I'm a full professor and the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

I'm also the coordinator of the International Master in Information and Communication Systems.

I'm a father to two boys, a husband, and an amateur photographer.

My favorite saying is "done is better than perfect".

My favorite citation is "Wer eine Vision hat, der soll zum Arzt gehen" (anyone who has a vision should go to the doctor) from Helmut Schmidt.

I don't have LinkedIn, X, Instagram, TikTok, you name it...

Contact info

My email is:

scanda***to @ tuhh.de

You are welcome to visit me [Google Maps] at the:

Institute of Software Security
Hamburg University of Technology (TUHH)
Blohmstraße 15
21079 Hamburg
Germany

Very condensed CV

I received my PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In my academic career I had the opportunity to work in several countries, including the United States (University of Virginia, 2003), Italy (Politecnico di Torino, 2004-2005), Belgium (KU Leuven, 2006-2014) and Sweden (University of Gothenburg, 2014-2020). Since late 2020, I'm the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

Academic identifiers

Research interests

Together with my team, I apply an inter-disciplinary approach to create innovative tools and techniques to design and implement secure and privacy-friendly applications. My target application domains are micro-services, Internet-of-Things ecosystems, and cyber-physical systems. While my main interest is in the technical aspects of software security, I also investigate how security techniques can be made more effective and usable for the developers. My core research topics are:

  • Software vulnerability repair
  • Localization and prediction of software vulnerabilities
  • Automated generation of secure code
  • Localization of security features in application software
  • Model-based security and threat analysis
  • Usable security and privacy

In this research agenda, an important role is played by the use of ML/AI to solve cybersecurity challenges. My work is also characterized by the systematic use of empirical methods for security, including controlled experiments and mining software repositories.

Research team

Working with young researchers is one the perks of being a professor. It's something I truly enjoy and dedicate time to. I have the privilege of collaborating with the following research associates:

  • Dr. Nicolas Diaz Ferreyra, senior researcher and lecturer (Oberingenieur) working on developer-centred security and privacy
  • Dr. Emanuele Iannone, post-doctoral researcher working on automated vulnerability repair and security testing
  • Catherine Tony, PhD student working on AI-based automatic generation of secure code by means of prompt engineering
  • Cuong Bui Quang, PhD student working on automated vulnerability repair techniques for Java
  • Simon Schneider, PhD student working on lightweight techniques to localize and analyze security features in microservice applications
  • Torge Hinrichs, PhD student working on predicting and localizing software vulnerabilities via machine learning

Alumni

In the past, I worked with these very bright individuals:

  • Dr. Mazen Mohamad, graduated in June 2023 (University of Gothenburg, co-supervisor) with a PhD thesis titled Understanding, Implementing, and Supporting Security Assurance Cases in Safety-Critical Domains
  • Mrs. Komal Kashish, collaboration on security of IoT edge frameworks in 2021-2022
  • Mrs. Anusha Bambhore Tukaram, collaboration on security of microservice applications in 2021-2022
  • Prof. Dr. Katja Tuma, graduated in January 2021 (University of Gothenburg) with a PhD thesis titled Efficiency and Automation in Threat Analysis of Software Systems
  • Dr. Rodi Jolak, PostDoc (University of Gothenburg) working on resilience of automotive systems in 2020-2021
  • Dr. Tomasz Kosinski, graduated in September 2021 (University of Gothenburg, co-supervisor) with a PhD thesis titled Privacy expectations and challenges of smart home ecosystems
  • Dr. Alexander van den Berghe, graduated in March 2020 (KU Leuven) with a PhD thesis titled SMILE: A Security-Centric, Formally-Founded Modelling Language for Humans
  • Dr. Kim Wuyts, graduated in January 2014 (KU Leuven) with a PhD thesis titled Privacy Threats in Software Architectures
  • Dr. Thomas Heyman, graduated in March 2013 (KU Leuven) with a PhD thesis titled A formal analysis technique for secure software architectures
  • Prof. Dr. Koen Yskout, graduated in April 2013 (KU Leuven) with a PhD thesis titled Connecting security requirements and software architecture with patterns
  • Dr. Koen Buyens, graduated in January 2012 (KU Leuven, co-supervisor) with a PhD thesis titled Analyzing software architectures for least privilege violations