Welcome!

I'm a full professor and the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

I'm a father of two boys and spend my (limited) spare time taking photographs.

My favorite saying is "done is better than perfect".

I don't have Twitter, Facebook, Instagram, TikTok, you name it...

Contact info

You are welcome to visit me at the:

Institute of Software Security
Hamburg University of Technology (TUHH)
Blohmstraße 15
21079 Hamburg
Germany

My email is:

ric***do . sca***to @ tuhh . de

Research interests

Together with my team, I apply an inter-disciplinary approach to create innovative tools and techniques to design and implement secure and privacy-friendly applications. My target application domains are micro-services, Internet-of-Things ecosystems, and cyber-physical systems. While my main interest is in the technical aspects of software security, I also investigate how security techniques can be made more effective and usable for the developers. My core research topics are:

• Model-based security
• Program repair for software security
• Benchmarking of security features in application software
• Prediction of software vulnerabilities
• Threat and risk analysis
• Usable security and privacy

In this research agenda, an important role is played by the use of ML/AI to solve cybersecurity challenges. My work is also characterized by the systematic use of empirical methods for security, including controlled experiments and mining software repositories.

Very condensed CV

I received my PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In my academic career I had the opportunity to work in several countries, including the United States (University of Virginia, 2003), Italy (Politecnico di Torino, 2004-2005), Belgium (KU Leuven, 2006-2014) and Sweden (University of Gothenburg, 2014-2020). Since late 2020, I'm the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

H-index: Google Scholar page

Supervision

Working with young researchers is one the perks of being a professor. It's something I truly enjoy and dedicate time to. I have the privilege of supervising the following research associates:

• Anusha Bambhore Tukaram, working on security analysis of microservice application software
• Catherine Tony, working on innovative dev-bots assisting software developers in the creation of secure and privacy-friendly applications
• Cuong Bui Quang, working on automated program repair techniques for security vulnerabilities
• Komal Kashish, working on the design and implementation of secure applications in the domain of Internet of Things (IoT)
• Simon Schneider, working on lightweight techniques to identify security features in application code (e.g., microservices)
• Torge Hinrichs, working on predicting software vulnerabilities via machine learning, co-supervised with Prof. Bettina Buth of HAW Hamburg

I have also the pleasure of co-supervising these brilliant researchers:

• Mazen Mohamad, PhD student working on security assurance cases for automotive at the University of Gothenburg, under the main supervision of Prof. Jan-Philipp Steghöfer

Alumni

In the past, I worked with these very bright individuals:

• Dr. Katja Tuma, graduated in January 2021 (University of Gothenburg) with a PhD thesis titled Efficiency and Automation in Threat Analysis of Software Systems
• Dr. Rodi Jolak, PostDoc (University of Gothenburg) working on resilience of automotive systems in 2020-2021
• Dr. Tomasz Kosinski, graduated in September 2021 (University of Gothenburg, co-supervisor) with a PhD thesis titled Privacy expectations and challenges of smart home ecosystems
• Dr. Alexander van den Berghe, graduated in March 2020 (KU Leuven) with a PhD thesis titled SMILE: A Security-Centric, Formally-Founded Modelling Language for Humans
• Dr. Kim Wuyts, graduated in January 2014 (KU Leuven) with a PhD thesis titled Privacy Threats in Software Architectures
• Dr. Thomas Heyman, graduated in March 2013 (KU Leuven) with a PhD thesis titled A formal analysis technique for secure software architectures
• Dr. Koen Yskout, graduated in April 2013 (KU Leuven) with a PhD thesis titled Connecting security requirements and software architecture with patterns
• Dr. Koen Buyens, graduated in January 2012 (KU Leuven, co-supervisor) with a PhD thesis titled Analyzing software architectures for least privilege violations