PB_Profile

About Me

Born in Catania (CT) in 1994. Passionate about computer science and cybersecurity.
In 2014 I chose to enroll at the faculty of computer science at the University of Catania.
In 2017 I graduated with a Bachelor's degree in Computer Science.
In 2019 I graduated with a Master's Degree in Computer Science with Curriculum: "Network and Security Systems" 110/110 cum laude.
I have good knowledge of languages: Python, C, C++, Ruby, PHP, JavaScript, SQL, Java and HTML.

Education

Università di Catania

Ph.D (XXXV Cycle) Grant UNICT 31/10/2019-13/03/2023
Thesis: Automotive 2.0: Security, privacy and safety in today’s automotive domain
Supervisor: Prof. Giampaolo Bella

Università di Catania

Master's degree. Network and Security Systems - 110/110 cum laude 2018-26/07/2019

International Summer School on Forensics (IFOSS2022)

(IFOSS 2022) July 2022

CISPA Helmholtz Center for Information Security

"Security Convention for Young Researchers (SeCon)", (SECON 2020) August 2020

University Residential Center of Bertinoro

19th International School on Foundations of Security Analysis and Design (FOSAD 2019) August 2019

Sheffield Hallam University

Erasmus+ 2018-2019

University of Graz

European Summer School on Information Science (ESSIS 2018) July 2018

Università di Catania

Bachelor's degree. Computer science 2014 - 29/09/2017

Work

Ministero della Salute.

MdS February 2023 -

High school Professor.

MIUR September 2022 - June 2023

PON project external expert.

IISS "Ven. Ignazio Capizzi" Bronte May 2022 - June 2022

Course on: "Internet and safe surfing on the net".
Project: "Apprendimento e socialità" Module "Sperimentando" - 10.2.2A-FSEPON-SI-2021-403 Protagonisti..." CUP H93D21000720006

Internship Functional Safety.

Huawei - Evidence April 2021 - October 2021 - Smart working

Research and development: "Functional Safety".

Researcher Cybersecurity & Privacy.

National Research Council (IIT - CNR) February 2018 - November 2019 - Pisa, Italia

Research and development: "Automotive Security".
Project managers: Dr. Gianpiero Costantino (IIT - CNR) , Dott.ssa Ilaria Matteucci (IIT - CNR)

Cloud computing technician, cloud security

National Institute of Nuclear Physics (INFN) June 2017 - July 2017 - Catania, Italia

Internship: cloud computing (OpenStack), networking and security

Organizational secretariat

Google Developer Group Catania December 2016 - July 2017 - Catania, Italia

Mailing, contacts, and relationship with event service providers.

Publications

PETIoT: PEnetration Testing the Internet of Things

Giampaolo Bella, Pietro Biondi, Stefano Bognanni, Sergio Esposito
Elsevier Journal Internet of Things

(doi:10.1016/j.iot.2023.100707)

Designing and implementing an AUTOSAR-based Basic Software Module for enhanced security

Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci
Elsevier Journal Computer Networks

(doi:10.1016/j.comnet.2022.109377)

A double assessment of privacy risks aboard top-selling cars

Giampaolo Bella, Pietro Biondi, Giuseppe Tudisco
Springer Journal Automotive Innovation

(doi:10.1007/s42154-022-00203-2)

Multi-service threats: Attacking and protecting network printers and VoIP phones alike

Giampaolo Bella, Pietro Biondi, Stefano Bognanni
Elsevier Journal Internet of Things

(doi:10.1016/j.iot.2022.100507) --- BibTeX

Papyrus-Based Safety Analysis Automatization

Pietro Biondi, Fabrizio Tronci, Giampaolo Bella
In International Conference on System Reliability and Science (ICSRS 2022)

(doi:10.1109/ICSRS56243.2022.10067259)

Vulnerability Assessment and Penetration Testing on IP camera

Pietro Biondi, Stefano Bognanni, Giampaolo Bella
In International Conference on Internet of Things: Systems, Management and Security (IOTSMS 2021)

Pages 136-143 -- (doi:10.1109/IOTSMS53705.2021.9704890) --- BibTeX

Privacy and modern cars through a dual lens

Giampaolo Bella, Pietro Biondi, Marco De Vincenzi and Giuseppe Tudisco
In International Workshop on Safety, securiTy, and pRivacy In automotiVe systEms(STRIVE21)

Pages 136-143 -- (doi:10.1109/EuroSPW54576.2021.00022) --- BibTeX

Car drivers’ privacy concerns and trust perceptions

Giampaolo Bella, Pietro Biondi and Giuseppe Tudisco
In International Conference on Trust, Privacy and Security in Digital Business (TrustBUS 2021)

Pages 143-154 -- (doi:10.1007/978-3-030-86586-3_10) --- BibTeX

Towards the COSCA framework for "COnseptualing Secure CArs"

Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci and Mirco Marchetti
In Open Identity Summit 2021 (OID2021)

Pages 37-46 -- (doi:20.500.12116/36500) --- BibTeX

CINNAMON: A Module for AUTOSAR Secure Onboard Communication

Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci
In 16th European Dependable Computing Conference (EDCC2020)

Pages 103-110 -- (doi:10.1109/EDCC51268.2020.00026) --- BibTeX

VoIP Can Still Be Exploited-Badly

Pietro Biondi, Stefano Bognanni, Giampaolo Bella
In Fifth International Conference on Fog and Mobile Edge Computing (FMEC 2020)

Pages 237-243 -- (doi:10.1109/FMEC49853.2020.9144875) --- BibTeX

You overtrust your printer

Giampaolo Bella, Pietro Biondi
In 38th International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2019)

Lecture Notes in Computer Science book series (LNCS, volume 11699). Pages 264-274 -- (doi:10.1007/978-3-030-26250-1_21) --- BibTeX

TOUCAN A proTocol tO secUre Controller Area Network

Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci
In ACM Workshop on Automotive Cybersecurity (AutoSec 2019)

Pages 3-8 -- (doi:10.1145/3309171.3309175) --- BibTeX

...

Implementing CAN bus security by TOUCAN

Pietro Biondi, Giampaolo Bella, Gianpiero Costantino, Ilaria Matteucci
In ACM Conference on Mobile Ad Hoc Networking and Computing (MobiHoc 2019)

Pages 399-400 -- (doi:10.1145/3323679.3326614) --- BibTeX

Poster: Are you secure in your car?

Giampaolo Bella, Pietro Biondi, Gianpiero Costantino, Ilaria Matteucci
In ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2019)

Pages 308-309 -- (doi:10.1145/3317549.3326305) --- BibTeX

A MapReduce based tool for the analysis and discovery of novel therapeutic targets

Giuseppe Parasiliti, Marzio Pennisi, Pietro Biondi, Giuseppe Sgroi, Giulia Russo, Christian Napoli, Francesco Pappalardo
In 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2019)

Pages 323-328 -- (doi:10.1109/EMPDP.2019.8671609) --- BibTeX

Towards an Integrated Penetration Testing Environment for the CAN Protocol

Giampaolo Bella, Pietro Biondi
In 37th International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2018)

Lecture Notes in Computer Science, volume 11094 LNCS, pages 344-352 -- (doi:10.1007/978-3-319-99229-7_29) --- BibTeX



Projects

COnceptualising Secure CArs (COSCA)

H2020 N 825618 – NGI_TRUST 2nd Open Call – 2019002. European project relating to security, safety, privacy and trust in the automotive field.

CyberChallenge.IT 2020 & 2021 & 2022 (CCIT2020/21/22)

Organizer of CCIT2020/2021/2022, a cybersecurity training project for high school and university students.

Thesis: "Study, design and implementation of a security protocol on CAN bus"

Supervisor: Prof. Giampaolo Bella (UNICT)
Advisors: Dr. Gianpiero Costantino (IIT - CNR) , Dott.ssa Ilaria Matteucci (IIT - CNR)

Thesis: "HTTP Strict Transport Security attacks on modern browsers: a comparative analysis"

Study of HTTP Strict Transport Security (HSTS), a policy designed to counter attacks called SSLStrip.
Supervisor: Prof. Giampaolo Bella (UNICT)

CAN Flood post exploitation for CAN on Metasploit-Framework

CAN Flood is a post-exploitation module that floods a CAN interface for a number of rounds. Both the interface and the number of rounds are to be provided as inputs. An example list of frames also is part of the inputs, and sources the flooding at each round. The module therefore is general as it is parametric in the frame list.
Github-Metasploit

...

Crazy Tachymeter

Crazy-Tachymeter is an exploit that allows you to flood the CAN-Bus with frames of the ECU mapping file.
Github

Distributed dictionary attack

Java program that implements a vulnerable server with an incremental ban system. Within the project there are clients which communicate through the RabbitMQ middleware.
Github

Capture The Flag - UNICT 2017

Capture The Flag is a computer security competition (UNICT) where teams must attack enemy machines with exploits and defend their own by inserting patches.
Website - Github

Food-Classification

This Social Media Management project (UNICT) allow to classificate picture between food and non-food. Github

Linear Regression Tool

Linear regression tool with some statistics parameters. Github

Zeppelin-Slim-GDGCatania

The Slim Version of Project Zeppelin is a single page edited for GDGCatania. The website contains all information that we need in a small version. Website - Github



Talks

Hardening Six "The AvA event"

"Printjack and Phonejack attacks". (25 May 2022) Hardening

NGIoT e-workshop on ETSI IoT Standard

Security of modern vehicles in the IoT world. (24 May 2019) NGIoT

GNU/Linux Day 2019

An overview at Metasploit and its application: Automotive Crazy-Tachymeter. (23 Nov 2019) Linux Day

WSF19 - The 2019 Workshop on Security Frameworks

Metasploiting 4U. (4 Dec 2019) WSF19

Media

Hacker all'attacco di Alexa, la scoperta a Catania

Catania, il team che studia gli attacchi hacker e come difendersi

Mischievous hackers could use a simple trick to send printers berserk

...

Researchers warn of severe risks from "Printjack" printer attacks

"Printjack" Printer Attacks Pose a Serious Threat, Researchers Warn

Cybersecurity, a rischio la sicurezza dei dati veicolati tramite le stampanti

Cyberchallenge, l'8 giugno la finale locale per la scelta del team Unict che affronterà la fase finale della gara di sicurezza

Eyad Issa e Simone Benedetto conquistano l'edizione etnea della Cyberchallenge