I'm a full professor
and the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.
I'm a father of two boys and spend my (limited) spare time taking photographs.
My favorite saying is "done is better than perfect".
I don't have Twitter, Facebook, Instagram, TikTok, you name it...
You are welcome to visit me at the:
Institute of Software Security
Hamburg University of Technology (TUHH)
My email is:
Together with my team, I apply an inter-disciplinary approach to create innovative tools and techniques to design and implement secure and privacy-friendly applications.
My target application domains are micro-services, Internet-of-Things ecosystems, and cyber-physical systems.
While my main interest is in the technical aspects of software security, I also investigate how security techniques can be made more effective and usable for the developers.
My core research topics are:
- Model-based security
- Program repair for software security
- Benchmarking of security features in application software
- Prediction of software vulnerabilities
- Threat and risk analysis
- Usable security and privacy
In this research agenda, an important role is played by the use of ML/AI to solve cybersecurity challenges.
My work is also characterized by the systematic use of empirical methods for security, including controlled experiments and mining software repositories.
Very condensed CV
I received my PhD in Computer Science in 2004 from Politecnico di Torino, Italy.
In my academic career I had the opportunity to work in several countries, including the United States (University of Virginia, 2003), Italy (Politecnico di Torino, 2004-2005), Belgium (KU Leuven, 2006-2014) and Sweden (University of Gothenburg, 2014-2020).
Since late 2020, I'm the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.
H-index: Google Scholar page
Working with young researchers is one the perks of being a professor. It's something I truly enjoy and dedicate time to. I have the privilege of supervising the following research associates:
- Anusha Bambhore Tukaram, working on security analysis of microservice application software
- Catherine Tony, working on innovative dev-bots assisting software developers in the creation of secure and privacy-friendly applications
- Cuong Bui Quang, working on automated program repair techniques for security vulnerabilities
- Komal Kashish, working on the design and implementation of secure applications in the domain of Internet of Things (IoT)
- Simon Schneider, working on lightweight techniques to identify security features in application code (e.g., microservices)
- Torge Hinrichs, working on predicting software vulnerabilities via machine learning, co-supervised with Prof. Bettina Buth of HAW Hamburg
I have also the pleasure of co-supervising these brilliant researchers:
In the past, I worked with these very bright individuals:
- Dr. Katja Tuma, graduated in January 2021 (University of Gothenburg) with a PhD thesis titled Efficiency and Automation in Threat Analysis of Software Systems
- Dr. Rodi Jolak, PostDoc (University of Gothenburg) working on resilience of automotive systems in 2020-2021
- Dr. Tomasz Kosinski, graduated in September 2021 (University of Gothenburg, co-supervisor) with a PhD thesis titled Privacy expectations and challenges of smart home ecosystems
- Dr. Alexander van den Berghe, graduated in March 2020 (KU Leuven) with a PhD thesis titled SMILE: A Security-Centric, Formally-Founded Modelling Language for Humans
- Dr. Kim Wuyts, graduated in January 2014 (KU Leuven) with a PhD thesis titled Privacy Threats in Software Architectures
- Dr. Thomas Heyman, graduated in March 2013 (KU Leuven) with a PhD thesis titled A formal analysis technique for secure software architectures
- Dr. Koen Yskout, graduated in April 2013 (KU Leuven) with a PhD thesis titled Connecting security requirements and software architecture with patterns
- Dr. Koen Buyens, graduated in January 2012 (KU Leuven, co-supervisor) with a PhD thesis titled Analyzing software architectures for least privilege violations