Giorgio Di Tizio

Giorgio Di Tizio

Postdoctoral researcher

University of Trento

About me

Hi! I am a Postdoctoral researcher working with Prof. Fabio Massacci in the DISI Security Group at the University of Trento. I earned a Ph.D at the University of Trento with a thesis entitled “Leveraging Security Data for a Quantitative Evaluation of Security Mitigation Strategies”. During my Ph.D. I spent 6 months at the Cambridge Cybercrime Centre at the University of Cambridge, supervised by Prof. Alice Hutchings.

Prior to that, I was a research fellow at the DISI. During my master’s degree, I joined the Information Security and Cryptography Group at CISPA Helmholtz Center for Information Security under the supervision of Dr. Robert Künnemann. I received my M.Sc. in computer science from the University of Trento in 2018 with a thesis on Drive-by Download attacks.

My research interests lie in the broad area of cybercrime and cyber-security with a focus on risk analysis of Advanced Persistent Threats. The gist of my research is to collect data about their behaviors and to identify appropriate mitigations. I collect and analyze targeted campaigns to build a structured and public database of APT campaigns that can be used to study TTPs and adversaries characteristics, their evolution, and the effectiveness of countermeasures (software patching, IDS, etc.).

I am an acknowledged authoring member of the First.org CVSS SIG Team for the upcoming CVSS v4.0 framework.

Interests
  • Cyber Threat Intelligence
  • Cybercrime
  • Cyber-risk
Education

  • Ph.D. Information and Communication Technology, 2023

    University of Trento

  • M.Sc. Computer Science, 2018

    University of Trento

  • B.Sc. Information Engineering, 2016

    University of Brescia

Publications

Giorgio Di Tizio, Gilberto Atondo Siu, Alice Hutchings, Fabio Massacci (2023). A Graph-based Stratified Sampling Methodology for the Analysis of (Underground) Forums. In IEEE TIFS, 2023.

PDF Dataset

Fabio Massacci, Giorgio Di Tizio (2022). Are Software Updates Useless against Advanced Persistent Threats?. In CACM, 2023.

PDF Video

Giorgio Di Tizio, Patrick Speicher, Milivoj Simeonovski, Michael Backes, Ben Stock, Robert Künnemann (2022). Pareto-Optimal Defenses for the Web Infrastructure: Theory and Practice. In ACM TOPS, 2022.

PDF Project

Giorgio Di Tizio, Michele Armellini, Fabio Massacci (2022). Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats. In IEEE TSE, 2022.

PDF Code Dataset

Giorgio Di Tizio, Fabio Massacci (2021). A Calculus of Tracking: Theory and Practice. In PETS, 2021.

PDF Code Dataset Slides Video

Giorgio Di Tizio, Fabio Massacci, Luca Allodi, Stanislav Dashevskyi, Jelena Mirkovic (2020). An Experimental Approach for Estimating Cyber Risk: a Proposal Building upon Cyber Ranges and Capture the Flags. In EuroS&PW, 2020.

PDF Slides

Giorgio Di Tizio, Chan Nam Ngo (2020). Are You a Favorite Target For Cryptojacking? A Case-Control Study On The Cryptojacking Ecosystem. In EuroS&PW, 2020.

PDF Code Slides

Services & Presentations

Services

  • Reviewer for ACSAC Artifacts Evaluation (2023), Computer&Security (2021-2022), TDSC, DTRAP, SSCR (2020).
  • PC member for IEEE WACCO (2021-2023), IEEE CRST (2021)
  • Publicity Chair for IEEE WACCO (2019-2020).

Presentations

  • La threat intelligence e il contrasto agli Advanced Persistent Threats. Seminario Confindustria Trento 2023.

  • Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats. ICSE Journal-First 2023, 45th International Conference on Software Engineering.

  • Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats. Huawei AI4SEC Research Seminar 2023.

  • Why are you not updating? The effectiveness of Software Updates against Advanced Persistent Threats Campaigns. SFScon 2022.

  • Estimating cyber risk from experiments with cyber ranges and CTFs. SRA Annual Meeting 2019.

  • Cyber Security Risk as an Experimental Discipline: a Proposal Building upon Capture the Flags. Poster Session Usenix Security 2019, 28th USENIX Security Symposium.

  • Cyber Security Risk as an Experimental Discipline: a Proposal Building upon Capture the Flags. Poster Session EuroS&P 2019, 4th IEEE European Symposium on Security and Privacy.

Teaching & Projects

Offensive Technologies (2019-2022)

The course aims at advancing students’ concrete knowledge of attacks on operating systems, networks, and applications with a significant spur of creativity. Security notices (and even proof of concept exploits) are a little more than research ideas. They tells that something may be possible but do not explain the details (for obvious security reasons). The students must use their creativity to understand what can possibly work and transforms the gaps and holes in the description into a workable product.

Duties: Teaching assistant

Course type: M.Sc.

Location: University of Trento

CyberChallenge.IT (2020-2021)

The CyberChallenge.IT is a national Capture The Flags training program for young talents. The training focuses on the technical, scientific, and ethical introduction to issues related to cybersecurity, alternating theoretical lessons and exercises on various topics such as cryptography, malware analysis, and web security.

Duties: Local organizer

Location: University of Trento

Research Projects

If you are interested in a research project or a master thesis fell free to drop me an email. Possible topics of interest are related (but not limited) to:

  • Cyber range: e.g. implementation of realistic scenarios in a simulated environment to reproduce attacker’s strategies and exploits
  • Threat Intelligence: e.g. analysis of threat intelligence data to determine behaviors and characteristics of cyber-criminals

Resume

Positions

  • 2023/May → current - Postdoc researcher, University of Trento (IT)
  • 2019/Nov → 2023/Apr - Ph.D. student, University of Trento (IT)
  • 2022/Jan → 2022/Jul - Visiting Researcher, University of Cambridge (UK)
  • 2018/Nov → 2019/Nov - Research Fellow, University of Trento (IT)
  • 2018/Mar → 2018/Jun - Research Intern, CISPA Helmholtz Center for Information Security (DE)

Contact

  • giorgio.ditizio@unitn.it
  • Via Sommarive 9, Trento (TN), Italy
    Department of Information Engineering and Computer Science
    Building Povo-2, Office 129