Luca Allodi
Department
Group
RESEARCH PROFILE
Luca Allodi is an Assistant Professor in the Security Group of the Eindhoven University of Technology (TU/e). His research focuses on vulnerability laws, with a strong accent on attackers’ behavior and strategies, seeking quantitative answers to the economics of vulnerability exploitation and the management of cyber risk. His research looks for technical, economic, and strategic factors that drive vulnerability exploitation ‘in the wild’. To this aim, he investigates the dynamic optimization problems the attacker solves when engineering a new attack, the underground markets in which the attackers operate, the technology they employ, and the rates at which attacks are delivered to the final users. This research draws from several field, including computer security, economics, risk analysis, and criminology. Luca is currently working on new ways to integrate security metrics with cyber attacks economics; in particular, he is interested in understanding if analysis of new trends in cybercrime attacks (APTs, black markets, botnet rentals...) can be exploited to improve current metrics for security.
The real voyage of discovery consists not in seeking new landscapes but in having new eyes.” - Marcel Proust
ACADEMIC BACKGROUND
Luca Allodi obtained his PhD in 2015 from the University of Trento, Italy, with a thesis entitled: "Risk-based Vulnerability Management. Exploiting the economic nature of the attacker to build sound and measurable vulnerability mitigation strategies". Whilst studying for his MSc, he became interested in Social Network Dynamics, the diffusion of information within networks, and the different roles of nodes. He is also an acknowledged authoring member of the First.org SIG Team for the upcoming CVSS v3 framework (the worldwide standard-de-facto for vulnerability assessment)
Recent Publications
-
Luca Morgese Zangrandi,Thijs Van Ede,Tim Booij,Savio Sciancalepore,Luca Allodi,Andrea Continella
Stepping out of the MUD - Contextual threat information for IoT devices with manufacturer-provided behavior profiles
38th Annual Computer Security Applications Conference, ACSAC 2022 (2022) -
Luca Allodi,Fabio Massacci,Julian Williams
The Work-Averse Cyberattacker Model
Risk Analysis (2022) -
Martin Rosso,Emmanuele Zambon,Luca Allodi,Jerry den Hartog
Characterizing Building Automation System Attacks and Attackers
4th Workshop on Attackers and Cyber-Crime Operations (2022) -
Martin Rosso,Michele Campobasso,Ganduulga Gankhuyag,Luca Allodi
SAIBERSOC: A Methodology and Tool for Experimenting with Security Operation Centers
Digital Threats: Research and Practice (2022) -
Laura Genga,Luca Allodi,Nicola Zannone
Association Rule Mining Meets Regression Analysis: An Automated Approach to Unveil Systematic Biases in Decision-Making Processes
Journal of Cybersecurity and Privacy (2022)
- Networks and security
- Lab on offensive computer security
- Cyberattacks Crime and Defenses
Ancillary Activities
No ancillary activities