I'm a PhD candidate in Computer Science at University of California, Santa Barbara. I work in the Computer Security Lab with Christopher Kruegel and Giovanni Vigna.

I'm on the job market for faculty positions!
I'm going to soon join EURECOM as an Assistant Professor! (yes, I'm looking for students!)

My research work focuses on mobile security, mainly on Android. Recent projects I was involved with include Cloak & Dagger (Android UI attacks), ultrasound cross-device tracking, and Drammer (see full list of publications). I was also involved with the development of Andrubis and Wepawet. In my free time, I develop hacking tools (ShellNoob, toolkit to develop shellcodes, now on part of Kali Linux!), and play and organize Capture The Flag competitions with the Shellphish team! I also play the piano and the guitar (currently not at the same time), and I enjoy playing poker and wasting my time solving puzzles (especially if pointless). If there were any doubt, I'm 100% Italian.

More Information and Links
PDF (please email me for full version)
Google Scholar
Public profile
Public Key
PGP key
More Links
Recent News
  • 05/25/2017 - Cloak & Dagger hits the news!
  • 05/23/2017 - Cloak & Dagger wins Distinguished Practical Paper Award at IEEE S&P!
  • 05/22/2017 - Our Cloak & Dagger work goes public at cloak-and-dagger.org
  • 05/11/2017 - Our paper on the security of mobile bootloaders got accepted at USENIX Security!
  • 04/27/2017 - Our Cloak & Dagger work on Android UI attacks was accepted at BH USA 2017!
  • 03/29/2017 - I am extremely happy to announce that, starting from September 2017, I will join EURECOM as an Assistant Professor!
  • 02/12/2017 - My paper "Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop" got accepted at IEEE S&P 2017!
  • 10/31/2016 - Our paper on the privacy and security of the ultrasound ecosystem got accepted at PETS'17!
  • 10/30/2016 - Our works on Drammer and Ultrasound tracking are in the news!
  • 10/23/2016 - Our paper on a new technique to perform privacy leak detection got (conditionally) accepted at NDSS'17!
  • 08/24/2016 - Our work on ultrasonic cross-device tracking got accepted at Black Hat EU!
  • 08/18/2016 - I am honored to serve on the USENIX Enigma'17 Program Committee!
  • 07/23/2016 - Our paper "Drammer: Deterministic Rowhammer Attacks on Mobile Platforms" was accepted at CCS'16!
  • 03/04/2016 - My paper "CLAPP: Characterizing Loops in Android Applications" received the Best Paper Award at GSWC'16!
  • 02/08/2016 - My paper "TriggerScope: Towards Detecting Logic Bombs in Android Apps" got accepted at IEEE S&P 2016!
  • 12/16/2015 - The paper I contributed when working at Microsoft Research was accepted at ICSE'16!
  • 08/11/2015 - Two of our papers on Android security got accepted at ACSAC'15!
  • 05/29/2015 - I received the "2015 Outstanding Student Award" from the CS dept. at UCSB!