Giorgio Di Tizio

Giorgio Di Tizio

PhD student

University of Trento

About me

Hi! I am a Ph.D. student in the DISI Security Group at the University of Trento under the supervision of Prof. Fabio Massacci. Prior to that, I was a research fellow at the DISI. During my master’s degree, I joined the Information Security and Cryptography Group at CISPA Helmholtz Center for Information Security under the supervision of Dr. Robert Künnemann. I received my M.Sc. in computer science from the University of Trento in 2018 with a thesis on Drive-by Download attacks.

My research interests lie in the broad area of network and web security with a focus on risk analysis of Advanced Persistent Threats. The gist of my research is to understand factors that drive their behaviors, to model these adversaries, and to identify appropriate mitigations. I am collecting and analyzing data of targeted campaigns to build a structured and public database of APT campaigns that can be used to study:

  • TTPs and adversaries skills
  • evolution of preferred targets
  • effectiveness of countermeasures (software patching, IDS, etc.)
Interests
  • Cybercrime
  • Threat Intelligence
  • Cyber-risk
Education
  • M.Sc. Computer Science, 2018

    University of Trento

  • B.Sc. Information Engineering, 2016

    University of Brescia

Services & Presentations

Services

  • Reviewer for Computer&Security (2021), TDSC, DTRAP, SSCR (2020).
  • PC member for IEEE WACCO, IEEE CRST (2021)
  • Publicity Chair for IEEE WACCO (2020,2019).

Presentations

  • Estimating cyber risk from experiments with cyber ranges and CTFs. SRA Annual Meeting 2019.

  • Cyber Security Risk as an Experimental Discipline: a Proposal Building upon Capture the Flags. Poster Session Usenix Security’19, 28th USENIX Security Symposium.

  • Cyber Security Risk as an Experimental Discipline: a Proposal Building upon Capture the Flags. Poster Session EuroS&P’19, 4th IEEE European Symposium on Security and Privacy.

Teaching & Projects

Offensive Technologies (2020-2021, 2019-2020)

The course aims at advancing students’ concrete knowledge of attacks on operating systems, networks, and applications with a significant spur of creativity. Security notices (and even proof of concept exploits) are a little more than research ideas. They tells that something may be possible but do not explain the details (for obvious security reasons). The students must use their creativity to understand what can possibly work and transforms the gaps and holes in the description into a workable product.

Course website: Offensive Technologies (19/20)

Duties: Teaching assistant

Course type: M.Sc.

Location: University of Trento

CyberChallenge.IT (2020-2021, 2019-2020)

The CyberChallenge.IT is a national Capture The Flags training program for young talents. The training focuses on the technical, scientific, and ethical introduction to issues related to cybersecurity, alternating theoretical lessons and exercises on various topics such as cryptography, malware analysis, and web security.

Course website: CyberChallenge.IT

Duties: Local organizer

Location: University of Trento

Research Projects

If you are interested in a research project or a master thesis fell free to drop me an email. Possible topics of interest are related (but not limited) to:

  • Cyber range and CTFs: e.g. implementation of realistic scenarios in a simulated environment to reproduce attacker’s strategies and exploits
  • Threat Intelligence: e.g. analysis of threat intelligence data to determine behaviors and characteristics of cyber-criminals

Resume

Positions

  • 2019/Nov → current - Ph.D. student, University of Trento (IT)
  • 2018/Nov → 2019/Nov - Research Fellow, University of Trento (IT)
  • 2018/Mar → 2018/Jun - Research Intern, CISPA (DE)

Contact

  • giorgio.ditizio@unitn.it
  • Via Sommarive 9, Trento (TN), Italy
    Department of Information Engineering and Computer Science
    Building Povo-2, Office 129