PB_Profile

About Me

Born in Catania (CT) in 1994. Passionate about computer science and cybersecurity.
In 2014 I chose to enroll at the faculty of computer science at the University of Catania.
In 2017 I graduated with a Bachelor's degree in Computer Science.
In 2019 I graduated with a Master's Degree in Computer Science with Curriculum: "Network and Security Systems" 110/110 cum laude.
At the moment, I am a junior research collaborator at the Institute of Informatics and Telematics (IIT) of the National Research Council (CNR) of Pisa and a Ph.D. student at the University of Catania.
I have good knowledge of languages: Python, C, C++, Ruby, PHP, JavaScript, SQL, Java and HTML.

Education

Università di Catania

Master's degree. Network and Security Systems - 110/110 cum laude 2018-2019

University Residential Center of Bertinoro

19th International School on Foundations of Security Analysis and Design (FOSAD 2019) August 2019

Sheffield Hallam University

Erasmus+ 2018-2019

University of Graz

European Summer School on Information Science (ESSIS 2018) July 2018

Università di Catania

Bachelor's degree. Computer science 2014 - 2017

Work

Researcher Cybersecurity & Privacy.

National Research Council (IIT - CNR) February 2018 - November 2019 - Pisa, Italia

Research and development: "Automotive Security".
Project managers: Dr Gianpiero Costantino (IIT - CNR) , Dott.ssa Ilaria Matteucci (IIT - CNR)

Cloud computing technician, cloud security

National Institute of Nuclear Physics (INFN) June 2017 - July 2017 - Catania, Italia

Internship: cloud computing (OpenStack), networking and security

Organizational secretariat

Google Developer Group Catania December 2016 - July 2017 - Catania, Italia

Mailing, contacts, and relationship with event service providers.

Publications

You overtrust your printer

Giampaolo Bella, Pietro Biondi
In 38th International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2019)

Lecture Notes in Computer Science book series (LNCS, volume 11699). Pages 264-274 -- (doi:10.1007/978-3-030-26250-1_21) --- BibTeX

Implementing CAN bus security by TOUCAN

Pietro Biondi, Giampaolo Bella, Gianpiero Costantino, Ilaria Matteucci
In ACM Conference on Mobile Ad Hoc Networking and Computing (MobiHoc 2019)

Pages 399-400 -- (doi:10.1145/3323679.3326614) --- BibTeX

Poster: Are you secure in your car?

Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci
In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2019)

Pages 308-309 -- (doi:10.1145/3317549.3326305) --- BibTeX

TOUCAN A proTocol tO secUre Controller Area Network

Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci
In ACM Workshop on Automotive Cybersecurity (AutoSec 2019)

Pages 3-8 -- (doi:10.1145/3309171.3309175) --- BibTeX

A MapReduce based tool for the analysis and discovery of novel therapeutic targets

Giuseppe Parasiliti, Marzio Pennisi, Pietro Biondi, Giuseppe Sgroi, Giulia Russo, Christian Napoli, Francesco Pappalardo
In 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2019)

Pages 323-328 -- (doi:10.1109/EMPDP.2019.8671609) --- BibTeX

Towards an Integrated Penetration Testing Environment for the CAN Protocol

Giampaolo Bella, Pietro Biondi
In 37th International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2018)

Lecture Notes in Computer Science, volume 11094 LNCS, pages 344-352 -- (doi:10.1007/978-3-319-99229-7_29) --- BibTeX

Projects

Thesis: "Study, design and implementation of a security protocol on CAN bus"

Supervisor: Prof. Giampaolo Bella (UNICT)
Advisors: Dr Gianpiero Costantino (IIT - CNR) , Dott.ssa Ilaria Matteucci (IIT - CNR)

Thesis: "HTTP Strict Transport Security attacks on modern browsers: a comparative analysis"

Study of HTTP Strict Transport Security (HSTS), a policy designed to counter attacks called SSLStrip.
Supervisor: Prof. Giampaolo Bella (UNICT)

CAN Flood post exploitation for CAN on Metasploit-Framework

CAN Flood is a post-exploitation module that floods a CAN interface for a number of rounds. Both the interface and the number of rounds are to be provided as inputs. An example list of frames also is part of the inputs, and sources the flooding at each round. The module therefore is general as it is parametric in the frame list.
Github-Metasploit

...

Crazy Tachymeter

Crazy-Tachymeter is an exploit that allows you to flood the CAN-Bus with frames of the ECU mapping file.
Github

Distributed dictionary attack

Java program that implements a vulnerable server with an incremental ban system. Within the project there are clients which communicate through the RabbitMQ middleware.
Github

Visibility on the Etsy platform

Study of applicability of techniques to increase visibility on Etsy.

Capture The Flag - UNICT 2017

Capture The Flag is a computer security competition (UNICT) where teams must attack enemy machines with exploits and defend their own by inserting patches.
Website - Github

Food-Classification

This Social Media Management project (UNICT) allow to classificate picture between food and non-food. Github

Linear Regression Tool

Linear regression tool with some statistics parameters. Github

Zeppelin-Slim-GDGCatania

The Slim Version of Project Zeppelin is a single page edited for GDGCatania. The website contains all information that we need in a small version. Website - Github


Talk

NGIoT e-workshop on ETSI IoT Standard

Security of modern vehicles in the IoT world. (24 May 2019) Event-NGIoT

GNU/Linux Day 2019

An overview at Metasploit and its application: Automotive Crazy-Tachymeter. (23 Nov 2019) Event-Linux Day

WSF19 - The 2019 Workshop on Security Frameworks

Metasploiting 4U. (4 Dec 2019) Event-WSF19