---

 

 

About me

---

Short CV

EDUCATION & TRAINING

• BSc in Computer Engineering(February 2014)
  • Title: “Life cycle assessment in industrial refrigeration. Comparative impact analysis and mitigation
    proposals for a high-performance freezer”
• MSc in Computer Engineering(October 2016)
  • Title: “Design and implementation of a text summarizer for CVE”.

 

WORK EXPERIENCE

 

• Research Fellow at University of Sannio in Benevento(from 02/2017 to 11/2017)
  • Title: “Identification and analysis of vulnerabilities on banking information systems”.
• Collaboration: eMaze Networks S.p.A. (from 10/2016 to 11/2017)
  • Purpose: Categorization and writing of scripts for identifying publicly known vulnerabilities (CVE)
    on banking systems.

 

PUBLICATIONS

• Gerardo Canfora, Giovanni Cappabianca, Pasquale Carangelo, Fabio Martinelli, Francesco Mercaldo,
  Ernesto Rosario Russo, and Corrado Aaron Visaggio. Mobile silent and continuous authentication
  using apps sequence. In Proceedings of the 14th International Joint Conference on e-Business and
  Telecommunications – Volume 6: SECRYPT, (ICETE 2017), pages 79–91. INSTICC, SciTePress, 2017.

---

Objective of the Thesis

DESIGN AND IMPLEMENTATION OF A TEXT SUMMARIZER FOR CVE

 

• The objective pursued in the thesis work concerns the creation of a text-mining tool on the
  descriptions of known vulnerabilities (CVE), using Natural Language Processing (NLP). The
  second part of the thesis concerned the categorization of the vulnerabilities mentioned above,
  following both the Machine Learning approach and the Association Rules approach, to highlight
  both the performance and the strengths and weaknesses of the proposed categorization
  techniques on different categories.

 

 

---

Employment

Exprivia S.p.A.

• AISMAS – Area Application & Infrastructure Service Management

• The projects in which I am involved mainly deal with the following topics:

• Blockchain
• Software Engineering
• ICT security
• Big Data

 

---

Subject of the Thesis

CYBER SECURITY IN COMPLEX SYSTEMS

• It is important to introduce an integrated approach to security management, which goes
  from the organization, understood as an organizational structure and ICT infrastructure to
  support complex systems, human resources and devices. There is also an urgent need to
  develop methodological and technological solutions that allow to collect, normalize and make
  all the information useful for the activities of “threat intelligence”, or those activities that aim
  to extract information on emerging threats available.

 

GOAL

• Define a security model for complex software systems, analyzing aspects related to data
  protection by design and by default (GDPR), at three distinct levels: Organizational, Process
  and Tools.
  • At an organizational level, the objective is to define an organizational structure or function and
    a proper ICT infrastructure for addressing security.
  • For what concerns the process level, an important aspect to address is how software is designed and
    implemented for addressing data privacy and security.
  • Finally, with respect to the tools and techniques for supporting a safe development, there are
    tools for static analysis of software code that provide support in identifying possible weaknesses,
    which can be exploited to their advantage by attackers whether local or remote if not properly
    managed.

 

---

Expected results

 

 

• The result we hope to obtain is the
  • definition and experimentation of a comprehensive security framework, based on the use of
    Blockchain Technology.
• The framework will be experimented in some relevant domain such as Health.