Ernesto Rosario

Ernesto Rosario Russo



Contact Information




Dipartimento di Informatica-Università degli Studi di Bari
Via Orabona, 4 – 70125 – Bari
Tel:+39.080.5443270 | Fax:+39.080.5442536




About me


PhD Student – XXXIII Cycle

Computer Science and Mathematics
University of Bari
Tutor: Prof. Danilo Caivano
Co-Tutor: Dott. Felice Vitulano


Short CV


  • BSc in Computer Engineering(February 2014)
    • Title: “Life cycle assessment in industrial refrigeration. Comparative impact analysis and mitigation
      proposals for a high-performance freezer”
  • MSc in Computer Engineering(October 2016)
    • Title: “Design and implementation of a text summarizer for CVE”.




  • Research Fellow at University of Sannio in Benevento(from 02/2017 to 11/2017)
    • Title: “Identification and analysis of vulnerabilities on banking information systems”.
  • Collaboration: eMaze Networks S.p.A. (from 10/2016 to 11/2017)
    • Purpose: Categorization and writing of scripts for identifying publicly known vulnerabilities (CVE)
      on banking systems.



  • Gerardo Canfora, Giovanni Cappabianca, Pasquale Carangelo, Fabio Martinelli, Francesco Mercaldo,
    Ernesto Rosario Russo, and Corrado Aaron Visaggio. Mobile silent and continuous authentication
    using apps sequence. In Proceedings of the 14th International Joint Conference on e-Business and
    Telecommunications – Volume 6: SECRYPT, (ICETE 2017), pages 79–91. INSTICC, SciTePress, 2017.

Objective of the Thesis



  • The objective pursued in the thesis work concerns the creation of a text-mining tool on the
    descriptions of known vulnerabilities (CVE), using Natural Language Processing (NLP). The
    second part of the thesis concerned the categorization of the vulnerabilities mentioned above,
    following both the Machine Learning approach and the Association Rules approach, to highlight
    both the performance and the strengths and weaknesses of the proposed categorization
    techniques on different categories.




Exprivia S.p.A.

  • AISMAS – Area Application & Infrastructure Service Management
  • The projects in which I am involved mainly deal with the following topics:
  • Blockchain
  • Software Engineering
  • ICT security
  • Big Data


Subject of the Thesis


  • It is important to introduce an integrated approach to security management, which goes
    from the organization, understood as an organizational structure and ICT infrastructure to
    support complex systems, human resources and devices. There is also an urgent need to
    develop methodological and technological solutions that allow to collect, normalize and make
    all the information useful for the activities of “threat intelligence”, or those activities that aim
    to extract information on emerging threats available.



  • Define a security model for complex software systems, analyzing aspects related to data
    protection by design and by default (GDPR), at three distinct levels: Organizational, Process
    and Tools.

    • At an organizational level, the objective is to define an organizational structure or function and
      a proper ICT infrastructure for addressing security.
    • For what concerns the process level, an important aspect to address is how software is designed and
      implemented for addressing data privacy and security.
    • Finally, with respect to the tools and techniques for supporting a safe development, there are
      tools for static analysis of software code that provide support in identifying possible weaknesses,
      which can be exploited to their advantage by attackers whether local or remote if not properly


Expected results



  • The result we hope to obtain is the
    • definition and experimentation of a comprehensive security framework, based on the use of
      Blockchain Technology.
  • The framework will be experimented in some relevant domain such as Health.

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *