luca verderame

Office: Valletta Puggia (Office 320): Via Dodecaneso, 35, I-16146, Genoa, Italy.

Email: luca.verderame (A) dibris.unige.it

Linkedin: /lucaverderame


short Bio

  • Born in Finale Ligure, Liguria, the 17th of March 1987.

  • March 2009: B.Sc. in Computer Engineering at the University of Genova.

  • March 2011: M.Sc. cum laude in System, Platform and Networks Engineering at the University of Genova.

  • Apr. 2016: Ph.D. in Electronic and Computer Engineering, Robotics and Telecommunications at the University of Genova on Mobile Security.

  • From Mar. 2012 to Dec. 2012: Research Fellow at AI-Lab, DIBRIS, University of Genova.

  • From Feb. 2016 to Jan. 2017: PostDoc in Computer Security at CSecLab, DIBRIS, University of Genova.

  • From Jul. 2018 to Nov. 2018: Postdoctoral Researcher at CINI, Rome.

  • Nov. 2020: Habilitation as “Associate Professor” in Computer Engineering (S.C. 09/H1), according to the Italian National Scientific Habilitation Procedure (ASN 2018-2010).

current positions

  • Postdoctoral Research Fellow at CSecLab, DIBRIS, University of Genova (since Dec. 2018).

  • Founder and C.E.O. at Talos s.r.l.s (since Jan. 2016).

publications

International Journals

  • A. Merlo, A. Ruggia, L. Sciolla, L. Verderame. “You Shall not Repackage! Demystifying Anti-Repackaging on Android”. Computer & Security (2021) DOI:10.1016/j.cose.2021.102181

  • M. Guerar, L. Verderame, A. Merlo, F. Palmieri, M. Migliardi, L. Vallerini. “CirclePIN: A Novel Authentication Mechanism for Smartwatches to Prevent Unauthorized Access to IoT Devices” ACM Transaction on Cyberphysical Systems (2020) DOI: 10.1145/3365995.

  • D. Caputo, L. Verderame, A. Ranieri, A. Merlo, L. Caviglione. “Fine-hearing Google Home: why silence will not protect your privacy in Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) (2020) DOI: 10.22667/JOWUA.2020.03.31.035.

  • M. Guerar, A. Merlo, M. Migliardi, F. Palmieri, L. Verderame. “A Fraud-Resilient Blockchain-Based Solution for Invoice Financing” IEEE Transactions on Engineering Management (2020) DOI: 10.1109/TEM.2020.2971865.

  • S. Aonzo, G.C. Georgiu, L. Verderame, A. Merlo. “Obfuscapk: An open-source black-box obfuscation tool for Android apps” SoftwareX (2020) DOI: 10.1016/j.softx.2020.100403.

  • M. Guerar, M. Migliardi, F. Palmieri, L. Verderame, A. Merlo. “Securing PIN-based authentication in smartwatches with just two gestures” Concurrency Computation (2019) DOI: 10.1002/cpe.5549

  • L. Verderame, I. Merelli, L. Morganti, E. Corni, D. Cesini, D. D’Agostino, A. Merlo. “A secure cloud-edges computing architecture for metagenomics analysis” Future Generation Computer Systems (2019) DOI: 10.1016/j.future.2019.09.013.

  • G. Costa, A. Merlo, L. Verderame, A. Armando. “Automatic Security Verification of Mobile App Configurations”, Future Generation Computer Systems, Elsevier. DOI: 10.1016/j.future.2016.06.014.

  • A. Merlo, G. Costa, L. Verderame, A. Armando. “Android vs. SEAndroid: an Empirical Assessment”, Pervasive & Mobile Computing, Vol. 30, pp. 113-131, Elsevier. DOI: 10.1016/j.pmcj.2016.01.006.

  • A. Armando, G. Costa, A. Merlo, L. Verderame. “Formal modeling and automatic enforcement of Bring Your Own Device policies”, International Journal of Information Security, (2015) 14(2):123-140, Springer, DOI: 10.1007/s10207-014-0252-y.

  • A. Armando, A. Merlo, L. Verderame. “Security considerations related to the use of mobile devices in the operation of critical infrastructures”, International Journal of Critical Infrastructure Protection, (2015) 7(4):247-256, Elsevier, DOI: 10.1016/j.ijcip.2014.10.002.

  • A. Armando, G. Costa, A. Merlo, L. Verderame. “Securing the Bring Your Own Device Paradigm”, IEEE Computer, (2014) 47(6):26-34. DOI: 10.1109/MC.2014.164.

  • A. Armando, A. Merlo, M. Migliardi, L. Verderame. “Breaking and Fixing the Android Launching Flow”, Computer & Security, (2013) 39A:104-115, Elsevier, DOI: 10.1016/j.cose.2013.03.009.

  • A. Armando, G. Costa, A. Merlo, L. Verderame. “Securing the Bring Your Own Device Policy”, Journal of Internet Services and Information Security (2012), 2(3):3-16. Best Paper Award at MIST 2012.

International Conference Proceedings

  • L. Verderame, D. Caputo, A. Merlo. “MobHide: App-level runtime data anonymization on mobile”. In Proc. of the ACNS 2020: Applied Cryptography and Network Security Workshops (ACNS 2020), Rome, IT. DOI: 10.1007/978-3-030-61638-0_27

  • E. Russo, L. Verderame, A. Merlo. “Enabling Next-Generation Cyber Ranges with Mobile Security Components”. In Proc. of the IFIP International Conference on Testing Software and Systems (ICTSS 2020), Naples, IT. DOI: 10.1007/978-3-030-64881-7_10

  • L. Verderame, D. Caputo, A. Romdhana, A. Merlo. “APPregator: A Large-Scale Platform for Mobile Security Analysis”. In Proc. of the IFIP International Conference on Testing Software and Systems (ICTSS 2020), Naples, IT. DOI: 10.1007/978-3-030-64881-7_5

  • G. Gazzarata, E. Troiano, L. Verderame, M. Aiello, I. Vaccari, E. Cambiaso, A. Merlo. “FINSTIX: a Cyber-Physical Data Model for Financial Critical Infrastructures”. In Proc. of the 1st International Workshop on Cyber-Physical Security for Critical Infrastructures Protection Co-located(CPS4CIP), Guildford, UK. DOI: 10.1007/978-3-030-69781-5_4

  • L. Verderame, D. Caputo, A. Romdhana, A. Merlo. “On the reliability of privacy policies in Android”. In Proc. of the International Joint Conference on Neural Networks (IJCNN 2020), Glasgow, UK. DOI: 10.1109/IJCNN48605.2020.9206660

  • D. Caputo, L. Verderame, A. Merlo, A. Ranieri, L. Caviglione. “Are you (Google) home? Detecting users’ presence through traffic analysis of smart speakers”. In Proc. of the 4th Italian Conference on Cyber Security (ITASEC 2020), Ancona, Italy.

  • L. Verderame, D. Caputo, M. Migliardi and A. Merlo. “AppIoTTE: An Architecture for the Security Assessment of Mobile-IoT Ecosystems” in Web, Artificial Intelligence and Network Applications (WAINA 2020), Caserta, Italy. DOI:10.1007/978-3-030-44038-1_78

  • L. Verderame, D. Caputo, M. Migliardi and A. Merlo. “Towards a SIP-based DDoS Attack to the 4G Network” in Web, Artificial Intelligence and Network Applications (WAINA 2020), Caserta, Italy. DOI:10.1007/978-3-030-44038-1_79

  • N. Dejon, D. Caputo, L. Verderame, A. Armando and A. Merlo. “Automated Security Analysis of IoT Software Updates” in 13th WISTP International Conference on Information Security Theory and Practice (WISTP’ 2019), Paris, France.[DOI:10.1007/978-3-030-41702-4_14]

  • M. Guerar, L. Verderame, M. Migliardi, A. Merlo. “2GesturePIN: Securing PIN-based Authenticationon Smartwatches”, in Proc. of the 28th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2019), Capri, Italy. DOI:10.1109/WETICE.2019.00074

  • M. Guerar, L. Verderame, A. Merlo, M. Migliardi. “Blockchain-based risk mitigation for invoice financing”. In Proc. of the 23rd International Database Engineering \& Applications Symposium (IDEAS 2019), Athens, Greece. DOI:10.1145/3331076.3331093

  • E. Russo, L. Verderame, A. Merlo. “Towards Policy-driven Monitoring of Fog Applications”, in Proc. of the 28th IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2019), Capri, Italy. DOI:10.1109/WETICE.2019.00026

  • D. Caputo, L. Verderame, S. Aonzo, A. Merlo. “Droids in Disarray: Detecting Frame Confusion in Hybrid Android Apps” in Proc. of the 33rd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2019), Charleston, South Carolina, USA. DOI:10.1007/978-3-030-22479-0_7

  • A. Armando, G. Costa, A. Merlo, L. Verderame, K. Wrona. “Developing the NATO BYOD Security Policy”, in Proc. of the 15th International Conference on Military Communications and Information Systems (ICMCIS 2016), pp. 1-6, Brussels, Belgium. DOI: 10.1109/ICMCIS.2016.7496587.

  • A. Merlo, L. Lorrai, L. Verderame. Efficient Trusted Host-based Card Emulation on TEE-enabled Android Devices, in Proc. of the 11th International Conference on High Performance Computing Systems (HPCS 2016), pp. 454-459, Innsbruck, Austria. DOI: 10.1109/HPCSim.2016.7568370.

  • A. Armando, A. Merlo, L. Verderame. “Trusted Host-Based Card Emulation”, in Proc. of the 10th International Conference on High Performance Computing Systems (HPCS 2015), IEEE. DOI: 10.1109/HPCSim.2015.7237043.

  • A. Armando, G. Costa, A. Merlo, L. Verderame. “Enabling BYOD through Secure Meta-Market”, in Proc. of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2014), pp. 219-230, ACM NY, DOI: 10.1145/2627393.2627410.

  • A. Armando, G. Costa, A. Merlo, L. Verderame. “Bring Your Own Device, Securely”, in Proc. of the 28th ACM Symposium on Applied Computing (SAC 2013), Vol. 2, pp. 1852-1858, ACM, DOI: 10.1145/2480362.2480707.

  • A. Armando, A. Merlo, L. Verderame. “An Empirical Evaluation of the Android Security Framework”, in Proc. of the 28th International Conference on ICT Systems Security and Privacy Protection (IFIP-SEC 2013), LNCS, Vol. 405, pp. 176-189, Springer, DOI: 10.1007/978-3-642-39218-4_14.

  • A. Armando, A. Castiglione, G. Costa, U. Fiore, A. Merlo, L. Verderame, I. You. “Trustworthy Opportunistic Access to the Internet of Services”, in Proc. of the 1st Information and Communication Technology Eurasia Conference (EurAsia 2013), LNCS, Vol. 7804, 2013, pp. 469-478, Springer, DOI: 10.1007/978-3-642-36818-9_52.

  • A. Armando, A. Merlo, A. Migliardi, L. Verderame. “Would you mind forking this process? A Denial-of-Service attack on Android (and some countermeasures)”, in Proc. of the 27th International Conference on ICT Systems Security and Privacy Protection (IFIP-SEC 2012), LNCS IFIP AICT n.376, pp. 13-24, Springer, DOI: 10.1007/978-3-642-30436-1_2. Best Paper Award.

Book Chapters

  • D. Caputo, L. Verderame, A. Merlo, L. Caviglione. “Investigating Traffic of Smart Speakers and IoT Devices: Security Issues and Privacy Threats.”, Internet of Things and Secure Smart Environments: Success and Pitfalls, CRC press DOI:10.1201/9780367276706

  • G. Costa, A. Armando, L. Verderame, D. Biondo, G. Bocci, R. Mammoliti, A. Toma. “Effective Security Assessment of Mobile Apps with MAVeriC: Design, Implementation, and Integration of a Unified Analysis Environment for Mobile Apps. Design, Implementation, and Integration of a Unified Analysis Environment for Mobile Apps.” (2017) Adaptive Mobile Computing: Advances in Processing Mobile Data Sets DOI: 10.1016/B978-0-12-804603-6.00011-5.

research interests

  • My research interests mainly cover the many aspects of security and privacy for software and systems, specifically on emerging computing platforms and the complex environments in which they operate. A special focus is devoted to mobile and IoT environments.

  • Keywords: Trustworthy Software Ecosystems, IoT Security, Mobile Security.