I'm a full professor and the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

I'm a father of two boys and spend my (limited) spare time taking photographs.

My favorite saying is "done is better than perfect".

I don't have Twitter, Facebook, Instagram, TikTok, you name it...

Contact info

You are welcome to visit me at the:

Institute of Software Security
Hamburg University of Technology (TUHH)
Blohmstraße 15
21079 Hamburg

My email is:

ric***do . sca***to @ tuhh . de

Research interests

My work focuses on the design of secure and privacy-friendly applications, particularly in the realms of μ-services, IoT ecosystems, and cyber-physical systems (e.g., automotive). My research goal is to build round-trip security & privacy engineering methods, which are based on lightweight design models and connect the design models with the implementation code. In this research agenda, an important role is played by the use of ML/AI, as well as the adoption security-oriented intelligent agents. My work is also characterized by the systematic use of empirical methods for security, including controlled experiments and mining software repositories.

Very condensed CV

I received my PhD in Computer Science in 2004 from Politecnico di Torino, Italy. In my academic career I had the opportunity to work in several countries, including the United States (University of Virginia, 2003), Italy (Politecnico di Torino, 2004-2005), Belgium (KU Leuven, 2006-2014) and Sweden (University of Gothenburg, 2014-2020). Since late 2020, I'm the head of the Institute of Software Security at the Hamburg University of Technology (TUHH), in Germany.

H-index: Google Scholar page


Working with young researchers is one the perks of being a professor. It's something I truly enjoy and dedicate time to. In Germany, I have the pleasure of supervising the following research associates:

  • Catherine Tony, working on innovative dev-bots assisting software developers in the creation of secure and privacy-friendly applications
  • Cuong Bui Quang, working on automated security and privacy repairs at both model and code level
  • Komal Kashish, working on the design and implementation of secure and privacy friendly applications in the domain of Internet of Things (IoT)

In Sweden, I have the privilege of collaborating with these brilliant researchers:

  • Mazen Mohamad, (PhD student) working on security assurance cases for automotive
  • Tomasz Kosinski, (PhD student, co-supervisor) working on privacy of IoT

In the past, I also worked with these bright individuals:

  • Dr. Rodi Jolak, (University of Gothenburg, PostDoc) working on resilience of automotive systems
  • Dr. Katja Tuma, graduated in January 2021 (University of Gothenburg) with a PhD thesis titled Efficiency and Automation in Threat Analysis of Software Systems
  • Dr. Alexander van den Berghe, graduated in March 2020 (KU Leuven) with a PhD thesis titled SMILE: A Security-Centric, Formally-Founded Modelling Language for Humans
  • Dr. Kim Wuyts, graduated in January 2014 (KU Leuven) with a PhD thesis titled Privacy Threats in Software Architectures
  • Dr. Thomas Heyman, graduated in March 2013 (KU Leuven) with a PhD thesis titled A formal analysis technique for secure software architectures
  • Dr. Koen Yskout, graduated in April 2013 (KU Leuven) with a PhD thesis titled Connecting security requirements and software architecture with patterns
  • Dr. Koen Buyens, graduated in January 2012 (KU Leuven, co-supervisor) with a PhD thesis titled Analyzing software architectures for least privilege violations