About Me

I am a Security Researcher at F-Secure in London (UK) working on cloud security.

I completed my PhD in 2019 in the S2Lab at the ISG department of Royal Holloway, University of London. My research was supervised by Prof Lorenzo Cavallaro, Professor of Computer Science at University College London.

LinkedIn Profile Curriculum Vitae

Interests

My interests are broad ranging lying in the area of applied machine learning and system security.

Machine Learning Adversarial Learning Blockchain Network Security

Exploitation Reverse Engineering Web Security Systems Security Cloud Security



Education

I did my undergraduate degree in Engineering in Computer Science (BSc) at the Polytechnic of Turin (Italy). During my undergrad, I won a scholarship to attend an academic year in Shanghai (China) with the Politong Project. I continued to study in Polytechnic of Turin for the Master’s degree and won another scholarship to attend EURECOM for a double degree program. This institution is a branch of Télécom ParisTech University and a research centre, located in Sophia Antipolis (France).

Work Experience

I started to work at SAP Labs France as Junion Researcher for a year. During the first 6 months, I worked for an internal project that aimed to provide security during the early stages of the application development lifecycle, identifying potential security violations and providing mitigations. Later on, I worked for the European project PoSecCo that aimed to establish and maintain a link between high-level requirements and low-level technical configuration settings.

Following SAP, I went back to Italy where I worked for few months for Reply SPA, a consultancy company that provided services for the Italian automotive firm FIAT. The project involved the technological upgrade of FIAT environment regarding the management of its sensitive data. My role in this project was to study and test the impact of the newly introduced technologies in Turin’s headquarters (1,200 people affected).

After that, I went to UK to start my PhD studies. I completed my PhD in 2018 while working as Post-Doc Researcher Assistant in the European project FgurueTMP. The goal of the project was to develop the next generation of Trusted Platform Module (TPM) that incorporates quantum resistant cryptographic primitives. I was in charge to develop a module that enables virtualized environment to benefit from TPM functionalities.

Concluded my PhD, I joined HP Labs in Bristol (UK) as Research Engineer working on security solutions that take advantages of the blockchain technology. The goal of the project was to build a common blockchain-based infrastructure to support the development of new applications. This infrastructure lead to save money and development time.

Now, I am working for F-Secure in London (UK) as Security Researcher.

PhD Research

My PhD research focused on applying statistical learning methods in the field of systems security to understand and detect malicious threats.

Of particular interest, I studied concept drift, i.e., the change in the statistical properties of a certain phenomenon over a period of time and I focused on how to identify it on pre-existing models.

Core of my work led to the development of a novel framework to evaluate machine learning tasks with statistical confidence and identify concept drift. Such evaluation represents a first step forward in providing a more scientific understanding of machine learning and in providing insights to help the design of new and better machine learning models.

Miscellaneous

Capture The Flag. In my spare time, I like to play CTFs. With some friends at my University we created the University Team to play online and onsite. I won the Responsible Disclosure Award at Sasakawa USA CTF 2018 for reporting a vulnerability in the platform (article). I acted as Assessor for Cyber Security Challenge UK 2018 where I judged contestants during a 3 days CTF event. With my university team, we won the 2nd place at the London Metropolitan University CTF 2017 and the 3rd place at the Deloitte CTF 2016.

System Administrator. When I was studying at the Royal Holloway, University of London, I acted as System Administrator for the virtual environment of the System Security Research Lab (S2Lab), including website, research/production VMs and networks. The system, comprised of 4 hosts with 64 cores each, hosted more than 50 VMs for PhD students and staff and more than 300 VMs for Bachelor’s and Master’s students.

Hackathons & Summer Schools. I participated in the Data Study Group (DSG) at Alan Turing Institute in 2018, Cyber Hack in 2015, Build the News in 2015, UbiCrypt in 2015 (that focused on systems security and code-reuse attacks) and Advanced Statistics and Data Mining Summer School in 2016 (that focused on theory of various machine learning models such as SVM, decision trees and neural networks).

Languages. My mother tongue is Italian. I have professional working knowledge of English and French and basic knowledge of Chinese and German.

Publications

  1. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. Pendlebury F, Pierazzi F, Jordaney R, Kinder J, Cavallaro L. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. To appear in 28th USENIX Security Symposium (USENIX Security 19), USENIX Association.

  2. Transcend: Detecting Concept Drift in Malware Classification Models. Jordaney R, Sharad K, Dash K S, Wang Z, Papini D, Nouretdinov I, and Cavallaro L. Transcend: Detecting concept drift in malware classification models. In 26th USENIX Security Symposium (USENIX Security 17), pages 625-642, USENIX Association.

  3. Conformal Clustering and its Application to Botnet Traffic. Cherubin G, Nouretdinov I, Gammerman A, Jordaney R, Wang Z, Papini D, Cavallaro L. Conformal clustering and its application to botnet traffic. In International Symposium on Statistical Learning and Data Sciences 2015, pages 313-322, Springer, Cham.

  4. POSTER: Misleading Metrics: On Evaluating ML for Malware with Confidence. Jordaney R, Wang Z, Papini D, Nouretdinov I, Sharad K, Cavallaro L. Enabling Fair ML Evaluations for Security. In IEEE Symposium on Security and Privacy (IEEE S&P) 2016.

  5. POSTER: Enabling Fair ML Evaluations for Security. Pendlebury F, Pierazzi F, Jordaney R, Kinder J, Cavallaro L. POSTER: Enabling Fair ML Evaluations for Security. In Proceedings _ACM SIGSAC Conference on Computer and Communications Security 2018.