Alessandro Palma
I have a Master Degree in Engineering in Computer Science with a thesis on the design of context-aware methodology to review cyber risk assessment based on attack graphs.
Currently, I am a Ph.D. student in the Department of Computer, Control, and Management Engineering (DIAG) in Engineering in Computer Science.
My research interests are approaches to support security governance, particularly based on attack graphs.
-
Attack Graphs:
Among all the existing attack models, Attack Graphs represent a nice abstraction to capture the notion of multi-step attack i.e., an attack toward a specific target executed taking intermediate steps in which the attacker compromises several entireties and exploits their vulnerability to reach the target. Several attack graph representations exist in literature but they suffer the same limitation: they are poorly scalable and consider only vulnerability related to the underlying network infrastructure.
In my research, I study how to improve the scalability of the attack graph generation process and how to enrich the attack graph with other types of information (e.g., application vulnerabilities, human vulnerabilities, etc.).
-
Information Security Governance (ISG)
Information governance is the overall strategy for information at an organization. It balances the risk that information presents with the value that information provides and helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery. ISG is composed of many different processes, Incident Management and Cyber Risk Management among the others. They are typically manually performed, causing possible bias and misinterpration due to the different expertise tha security experts may have.
In my research, I study data-driven and automated approaches to support security experts during the ISG processes with the aim to improve accuracy of security analyses.