Ernesto Rosario
Ernesto Rosario Russo
Contact Information
Dipartimento di Informatica-Università degli Studi di Bari
Via Orabona, 4 – 70125 – Bari
Tel:+39.080.5443270 | Fax:+39.080.5442536
Serlab.di.uniba.it
About me
PhD Student – XXXIII Cycle
Computer Science and Mathematics
University of Bari
Tutor: Prof. Danilo Caivano
Co-Tutor: Dott. Felice Vitulano
Short CV
EDUCATION & TRAINING
- BSc in Computer Engineering(February 2014)
- Title: “Life cycle assessment in industrial refrigeration. Comparative impact analysis and mitigation
proposals for a high-performance freezer”
- Title: “Life cycle assessment in industrial refrigeration. Comparative impact analysis and mitigation
- MSc in Computer Engineering(October 2016)
- Title: “Design and implementation of a text summarizer for CVE”.
WORK EXPERIENCE
- Research Fellow at University of Sannio in Benevento(from 02/2017 to 11/2017)
- Title: “Identification and analysis of vulnerabilities on banking information systems”.
- Collaboration: eMaze Networks S.p.A. (from 10/2016 to 11/2017)
- Purpose: Categorization and writing of scripts for identifying publicly known vulnerabilities (CVE)
on banking systems.
- Purpose: Categorization and writing of scripts for identifying publicly known vulnerabilities (CVE)
PUBLICATIONS
- Gerardo Canfora, Giovanni Cappabianca, Pasquale Carangelo, Fabio Martinelli, Francesco Mercaldo,
Ernesto Rosario Russo, and Corrado Aaron Visaggio. Mobile silent and continuous authentication
using apps sequence. In Proceedings of the 14th International Joint Conference on e-Business and
Telecommunications – Volume 6: SECRYPT, (ICETE 2017), pages 79–91. INSTICC, SciTePress, 2017.
Objective of the Thesis
DESIGN AND IMPLEMENTATION OF A TEXT SUMMARIZER FOR CVE
- The objective pursued in the thesis work concerns the creation of a text-mining tool on the
descriptions of known vulnerabilities (CVE), using Natural Language Processing (NLP). The
second part of the thesis concerned the categorization of the vulnerabilities mentioned above,
following both the Machine Learning approach and the Association Rules approach, to highlight
both the performance and the strengths and weaknesses of the proposed categorization
techniques on different categories.
Employment
Exprivia S.p.A.
- AISMAS – Area Application & Infrastructure Service Management
- The projects in which I am involved mainly deal with the following topics:
- Blockchain
- Software Engineering
- ICT security
- Big Data
Subject of the Thesis
CYBER SECURITY IN COMPLEX SYSTEMS
- It is important to introduce an integrated approach to security management, which goes
from the organization, understood as an organizational structure and ICT infrastructure to
support complex systems, human resources and devices. There is also an urgent need to
develop methodological and technological solutions that allow to collect, normalize and make
all the information useful for the activities of “threat intelligence”, or those activities that aim
to extract information on emerging threats available.
GOAL
- Define a security model for complex software systems, analyzing aspects related to data
protection by design and by default (GDPR), at three distinct levels: Organizational, Process
and Tools.- At an organizational level, the objective is to define an organizational structure or function and
a proper ICT infrastructure for addressing security. - For what concerns the process level, an important aspect to address is how software is designed and
implemented for addressing data privacy and security. - Finally, with respect to the tools and techniques for supporting a safe development, there are
tools for static analysis of software code that provide support in identifying possible weaknesses,
which can be exploited to their advantage by attackers whether local or remote if not properly
managed.
- At an organizational level, the objective is to define an organizational structure or function and
Expected results
- The result we hope to obtain is the
- definition and experimentation of a comprehensive security framework, based on the use of
Blockchain Technology.
- definition and experimentation of a comprehensive security framework, based on the use of
- The framework will be experimented in some relevant domain such as Health.