CINXE.COM

Luca Invernizzi

<!DOCTYPE html><html class=no-js lang=en><head><meta charset=UTF-8 /><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible /><meta content="width=device-width" name=viewport /><meta content="index,follow" name=robots /><title>Luca Invernizzi</title><meta content="Luca Invernizzi's personal web site." name=description /><link href="http://www.lucainvernizzi.net/" rel=canonical /><link href="css/main-f8669ee4.css" rel=stylesheet /></head><body><div class=bars id=header></div> <div class=container> <div class=letter> <div class='row hidden-print'> <div class=col-xs-12> <div class='pull-right not-frontpage'> <div class=row> </div> <div class=row> <a class='hidden-print btn btn-link' href='/files/luca_invernizzi_resume.pdf'> <span class='fa fa-download fa-fw'></span> PDF </a> </div> </div> <div class=text-center id=photo-header> <div id=photo> <img alt=avatar id=avatar itemprop=photo src='img/avatar-small-52bee538.jpg'> </div> <div class=hidden-print id=text-header> <h1><span class=hi>Ciao!</span> I'm <span id=full-name itemprop=name> <span class=name>Luca</span> <span data-placement=top data-toggle=tooltip title="Sorry for that, that's hard to pronounce :)">Invernizzi</span> </span> </h1> </div> </div> </div> </div> <div class=row> <div class='col-xs-12 col-sm-7 column-left'> <div class='box frontpage' id=about> <h2>About Me</h2> <div itemref=full-name itemscope='' itemtype='http://data-vocabulary.org/Person'> <p>My passion is information security, and my expertise is malware. I am keen on building large-scale systems that discover miscreants in a sea of data. In my free time, I love to challenge myself by competing in (or, sometimes, by running) hacking competitions.</p> <p> Since October '15, I am a <span itemprop=role>Research Scientist</span> at <span itemprop=affiliation>Google</span>. My main research focus is finding novel, robust ways to detect and prevent the spreading of malicious and abusive content. </p> <p>In the past, I have done research in censorship resistance and Android security, I've been an active member of the GNOME open-source community, and I've had some fun in underwater robotics research.</p> </div> </div> <div class=box id=work> <h2>Professional Experience</h2> <div class='job clearfix'> <div class=col-xs-3> <div class=where>Google, Inc.</div> <div class=year> 2015 </div> </div> <div class=col-xs-9> <div class=profession>Research Scientist</div> <div class=description></div> </div> </div> <div class='job clearfix'> <div class=col-xs-3> <div class=where>Google, Inc.</div> <div class=year> 2015 </div> </div> <div class=col-xs-9> <div class=profession>Software Engineering Intern (research)</div> <div class=description> At Google, I've joined the anti-abuse team to better understand and detect sophisticated cloaking sites. </div> </div> </div> <div class='job clearfix'> <div class=col-xs-3> <div class=where>The Activity Exchange</div> <div class=year> 2012 <span class=hidden-print>-</span> 2015 </div> </div> <div class=col-xs-9> <div class=profession>Project Lead</div> <div class=description> At ActivityX, I've been in charge of designing and running a scalable <a href='http://www.theactivityexchange.com/flow.html'>service</a> that collects, normalizes, and distributes sensitive health data (such as workouts and blood pressure readings) coming from 20+ sources (such as Fitbit and AppleHealth) and 200k+ users. This system is currently powering <a href='http://www.achievemint.com'>Achievemint.com</a>, and Humana <a href='https://www.humana.com/vitality/'>Vitality</a>. </div> </div> </div> <div class='job clearfix'> <div class=col-xs-3> <div class=where>Narus</div> <div class=year>2013</div> </div> <div class=col-xs-9> <div class=profession>Research Intern</div> <div class=description> At Narus, I've designed Nazca, a system capable of discovering and tracking malicious downloads in the network traffic of ISPs. This work resulted in a NDSS'14 paper, a patent, and has sparked the interest of the <a href='http://www.theregister.co.uk/2014/02/18/zoom_out_for_a_view_of_malware_say_boffins/'>press</a>. </div> </div> </div> <div class='job clearfix'> <div class=col-xs-3> <div class=where>Appfolio</div> <div class=year>2011</div> </div> <div class=col-xs-9> <div class=profession>Engineering Intern, Pentester</div> <div class=description> At Appfolio, I've pentested the various RoR web apps developed there, including a payment-processing system handling the financial information of 100k+ users. I've fixed tens of vulnerabilities, ranging from logic flaws, XSSs, CSRFs, and authentication/authorization flaws. I left the company with a set of tools (integrated in their CI system) that perform static and dynamic analysis on the various products to alert the developers of possible security vulnerabilities before they go live. </div> </div> </div> <div class='job clearfix'> <div class=col-xs-3> <div class=where>Google Summer of Code</div> <div class=year>2010</div> </div> <div class=col-xs-9> <div class=profession>Engineering Intern</div> <div class=description> During my summer, I've extended <a href='http://gtgnome.net/'>Getting Things GNOME!</a>, a task manager for the Linux desktop, to support multiple synchronization services (such as Bugzilla, Evolution, RememberTheMilk,...). <a href='http://www.omgubuntu.co.uk/2009/12/getting-things-gnome-gets-rtm-sync-geolocation-ui-tweaks-much-love-from-me'>People liked the new GTG :)</a> </div> </div> </div> <div class='job clearfix obnoxious'> <div class=col-xs-3> <div class=where>Biorobotics Institute, Sant'Anna</div> <div class=year>2009</div> </div> <div class=col-xs-9> <div class=profession>Web Designer</div> <div class=description> I've created and maintained the website for <a href='http://sssa.bioroboticsinstitute.it/projects/ANGELS'> ANGELS </a>, an European project in underwater robotics. </div> </div> </div> </div> <div class=box> <h2>Education</h2> <ul class=clearfix id=education> <li> <div class='year pull-left'> '10<span class=hidden-print>-</span>'15 </div> <div class='description pull-right'> <h3> Ph.D. in Computer Science, Information Security at <a href='https://seclab.cs.ucsb.edu/'>U.C. Santa Barbara</a> </h3> <p> During my Ph.D. studies, I have been having fun researching on: <ul> <li>Leveraging big-data analysis to discover malware being distributed online (with papers in the top infosec conferences: S&amp;P, NDSS, CSS. Publications include a CSAW best security paper '12 finalist, and UCSB Computer Science Outstanding Publication Award '15)</li> <li>How to better secure Android mobile devices (one S&amp;P paper, 1 ACSAC paper, secured $1.1M <a href='http://campustechnology.com/articles/2014/09/18/ucsb-security-researchers-to-help-too-trusting-smartphone-app-users.aspx?admgarea=news'>grant</a>)</li> <li>How to maintain some privacy online, and novel ways to invade it again.</li> <li>How to teach information security with the help of hacking competitions.</li> </ul> </p> <p class=obnoxious>GPA 4.0</p> </div> </li> <li> <div class='year pull-left'> '10<span class=hidden-print>-</span>'15 </div> <div class='description pull-right'> <h3> Master's in Computer Science at <a href='https://seclab.cs.ucsb.edu/'>U.C. Santa Barbara</a> </h3> <p class=obnoxious>GPA 4.0</p> </div> </li> <li> <div class='year pull-left'> '09<span class=hidden-print>-</span>'10 </div> <div class='description pull-right'> <h3> Visiting Researcher at the <a href='http://www.uhm.hawaii.edu'>University of Hawaii</a> </h3> <p>At UH I've worked on a novel mathematical model to drive autonomous underwater vehicles. This work has been presented at the IEEE Conference on Decision and Control (CDC).</p> </div> </li> <li> <div class='year pull-left'> '07<span class=hidden-print>-</span>'10 </div> <div class='description pull-right'> <h3> <i>"Diploma di Licenza"</i> at the <a href='http://www.sssup.it'>Sant'Anna School of Advanced Studies University,</a>, Italy </h3> <p class=obnoxious><i>Summa cum laude</i>, full scholarship awarded as a winner of a nation-wide competition. </p> </div> </li> <li> <div class='year pull-left'> '07<span class=hidden-print>-</span>'10 </div> <div class='description pull-right'> <h3> Master's Degree in Control Engineering at the <a href='http://www.unipi.it'>University of Pisa</a>, Italy </h3> <p class=obnoxious> <i>Summa cum laude.</i> </p> </div> </li> <li> <div class='year pull-left'>'08</div> <div class='description pull-right'> <h3> Visiting Researcher at <a href='https://seclab.cs.ucsb.edu/'>U.C. Santa Barbara</a> </h3> <p>In UCSB's mechanical engineering department, I've worked on a distributed algorithm to drive autonomous land vehicles to patrol an area. We have implemented this algorithm to make a group of (real) robotic vehicles collaborate with virtual ones. Part of this work is now part of the Player/Stage open-source framework.</p> </div> </li> <li> <div class='year pull-left'> '04<span class=hidden-print>-</span>'07 </div> <div class='description pull-right'> <h3> Bachelor's Degree in Computer Engineering at the <a href='http://www.unipi.it'>University of Pisa</a>, Italy </h3> <p class=obnoxious><i>Summa cum laude</i>, completed the <i>Path of Excellence</i> honors program. </p> </div> </li> </ul> </div> <div class=box id=opensource> <h2>Open Source contributions</h2> <div class='job clearfix'> <div class=col-xs-3> <div class=where>The GNOME foundation</div> <div class=year>2010-2012</div> </div> <div class=col-xs-9> <div class=profession>Core Developer &amp; Mentor</div> <div class=description> I like participating in the open-source world, whenever I have time. In this period, I've been a core developer of <a href='http://gtgnome.net/'>"Getting Things GNOME"</a>, and I've become a member of the <a href='http://www.gnome.org/'>GNOME Foundation</a>. I've also mentored five nice international students for several editions of the <a href='https://developers.google.com/open-source/soc/?csw=1'>Google Summer of Code</a> and the <a href='https://wiki.gnome.org/OutreachProgramForWomen'></a> Gnome's Outreach Program for Women. </div> </div> </div> <div class='job clearfix'> <div class=col-xs-3> <div class=where>Open Source</div> <div class=year>2009-now</div> </div> <div class=col-xs-9> <div class=profession></div> <div class=description> Over time, like any well-behaved developer I've shared online a few niche projects that other people are using (such as <a href='https://github.com/invernizzi/scapy-http'>Scapy's support for HTTP</a>, which a few companies, such a Lastline and Google, are currently using in some of their projects, and <a href='https://github.com/invernizzi/Chrisper'>Chrisper</a>, a style-checker for academic papers). I've also made many contributions, big and small, to popular open-source projects (PLAYER robotic framework, Flask-Security, Eucalyptus...). Check out my <a href='https://github.com/invernizzi/'>Github</a> page for a collection of a few of those. </div> </div> </div> </div> <div class=box id=competitions> <h2>Competitions</h2> <div class='job clearfix'> <div class=col-xs-3> <div class=where>Hacking Competitions</div> <div class=year>2010-now</div> </div> <div class=col-xs-9> <div class=profession>Hacker</div> <div class=description> I've played in tens of hacking competitions, including the DEFCON CTF in Las Vegas, with my team <a href='https://ctftime.org/team/285'>Shellphish</a>. With the team, I've also designed and organized for four years the <a href='http://itf.cs.ucsb.edu'>iCTF</a>, the biggest academic hacking competition, with more than 1k players from all over the globe. </div> </div> </div> <div class='job clearfix'> <div class=col-xs-3> <div class=where>European Space Agency Robotic Challenge</div> <div class=year>2008</div> </div> <div class=col-xs-9> <div class=profession>Robot Hacker</div> <div class=description> In this competition, ESA challenged university students to design and build a robotic vehicle capable of retrieving samples in a steep lunar crater. After winning a &#8364;40k grant, my team from the SSSUP university built an <a href='http://4.bp.blogspot.com/_PZedSw-39RQ/SSqXB53sdSI/AAAAAAAAAAc/WuE0kscIj_4/s1600/pESApod_moon.jpg'>hexapod</a> that managed to be selected up to the final in Tenerife. Unfortunately, while our robot was in the crater it started raining (in a very lunar fashion), which shorted our robot's circuits :) </div> </div> </div> </div> <div class='text-center hidden-print'> <a href='/blog'> <button class='hidden-print btn btn-success popbutton' id=show-blog-button> <span class='fa fa-fw fa-rss'> Blog </span> </button> </a> </div> <div class=text-center> <button class='hidden-print btn btn-success popbutton' id=show-resume-button> <span class='fa fa-fw fa-user'></span> Résumé </button> </div> </div> <div class='col-xs-12 col-sm-5 column-right'> <div class='box clearfix visible-print' id=hello> <h2>Ciao!</h2> <h3> I'm <b>Luca</b> Invernizzi. </h3> </div> <div class='box clearfix frontpage' id=contact> <h2>Contacts</h2> <div class='contact-item obnoxious'> <div class='icon pull-left text-center'> <span class='fa fa-phone fa-fw'></span> </div> <div class='title only' data-last=5096 id=phone_number> +1 (805) 699 <span>XXXX</span> </div> </div> <div class=contact-item> <div class='icon pull-left text-center'> <span class='fa fa-envelope fa-fw'></span> </div> <div class='title only'> <a class=no-href-in-print href='mailto:luca@lucainvernizzi.net'>luca@lucainvernizzi.net</a> </div> </div> <div class=contact-item> <div class='icon pull-left text-center'> <span class='fa fa-twitter fa-fw'></span> </div> <div class='title only'> <a class=no-href-in-print href='https://twitter.com/invernizzi'>@invernizzi</a> </div> </div> <div class='contact-item hidden-print'> <div class='icon pull-left text-center'> <span class='fa fa-linkedin fa-fw'></span> </div> <div class='title only'> <a class=no-href-in-print href='http://www.linkedin.com/in/lucainvernizzi'>lucainvernizzi</a> </div> </div> <div class=contact-item> <div class='icon pull-left text-center'> <span class='fa fa-github fa-fw'></span> </div> <div class='title only'> <a class=no-href-in-print href='https://github.com/invernizzi'>invernizzi</a> </div> </div> <div class=contact-item> <div class='icon pull-left text-center'> <span class='fa fa-stack-overflow fa-fw'></span> </div> <div class='title only'> <a class=no-href-in-print href='https://stackoverflow.com/users/633403/luca-invernizzi'>invernizzi</a> </div> </div> </div> <div class='box not-academia' id=skills> <h2>Skills</h2> <div class=skills> <div class=item-skills data-percent='1.00'>Infosec Research</div> <div class=item-skills data-percent='1.00'>Fighting online abuse</div> <div class='item-skills not-academia' data-percent='0.95'>Full-stack web design</div> <div class=item-skills data-percent='0.90'>Creating large-scale scalable systems</div> <div class=item-skills data-percent='0.70'>Data mining</div> <div class=item-skills data-percent='0.55'>Robotics</div> <div class='skills-legend hidden-print clearfix'> <div class='legend-left legend'>Beginner</div> <div class='legend-left legend'> <span>Proficient</span> </div> <div class='legend-right legend'> <span>Advanced</span> </div> <div class='legend-right legend'>Expert</div> </div> </div> </div> <div class=box id=publications> <h2>Publications</h2> I have published papers in the fields of information security and robotics. <span class=hidden-print> Also on <a href='http://scholar.google.com/citations?user=4CEVnEMAAAAJ&amp;hl=en'>Google Scholar</a> </span> <ul> <li> <span class=title>BareDroid: Large-Scale Analysis of Android Apps on Real Devices</span> <span class=authors>S. Mutti, Y. Fratantonio, A. Bianchi, J. Corbetta, L. Invernizzi, D. Kirat, C. Kruegel, G. Vigna</span> <span class=conference>Proceedings of the Annual Computer Security Applications Conference (ACSAC 2015)</span> </li> <li> <span class=title>What the App is That? Deception and Countermeasures in the Android User Interface</span> <span class=authors>A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, G. Vigna</span> <span class=conference>Proceedings of the IEEE Symposium on Security and Privacy (S&amp;P 2015)</span> </li> <li> <span class=title>Eyes of a Human, Eyes of a Program: Leveraging different views of the web for analysis and detection</span> <span class=authors>J. Corbetta, L. Invernizzi, C. Kruegel, G. Vigna</span> <span class=conference>Proceedings of the Research in Attacks, Intrusions and Defenses Symposium (RAID Symposium 2014)</span> </li> <li> <span class=title>Ten Years of iCTF: The Good, The Bad, and The Ugly</span> <span class=authors>G. Vigna, K. Borgolte, J. Corbetta, A. Doupé, Y. Fratantonio, L. Invernizzi, D. Kirat, Y. Shoshitaishvili</span> <span class=conference>Proceedings of the USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE 2014)</span> </li> <li> <span class=title>Do You Feel Lucky? A Large-Scale Analysis of Risk-Rewards Trade-Offs in Cyber Security</span> <span class=authors>Y. Shoshitaishvili, L. Invernizzi, A. Doupé, G. Vigna</span> <span class=conference>Proceedings of the ACM Symposium on Applied Computing (SAC 2014)</span> </li> <li> <span class=title>Nazca: Detecting Malware Distribution in Large-Scale Networks</span> <span class=authors>L. Invernizzi, S. Miskovic, R. Torres, S. Saha, S. Lee, M. Mellia, C. Kruegel, G. Vigna</span> <span class=conference>Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2014)</span> (UCSB Computer Science Outstanding Publication Award 2015) </li> <li> <span class=title>Message In A Bottle: Sailing Past Censorship</span> <span class=authors>L. Invernizzi, C. Kruegel, G. Vigna</span> <span class=conference>Proceedings of the Annual Computer Security Applications Conference (ACSAC 2013)</span> </li> <li> <span class=title>You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions</span> <span class=authors>N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. Van Acker, W. Joosen , C. Kruegel, F. Piessens, G. Vigna</span> <span class=conference>Proceedings of the ACM Conference on Computer and Communications Security (CCS 2012)</span> </li> <li> <span class=title>EVILSEED: A Guided Approach to Finding Malicious Web Pages</span> <span class=authors>L. Invernizzi, S. Benvenuti, P. Milani Comparetti, M. Cova, C. Kruegel, G. Vigna</span> <span class=conference>Proceedings of the IEEE Symposium on Security and Privacy (S&amp;P 2012)</span> (AT&amp;T NYU CSAW best security paper '12 finalist) </li> <li> <span class=title>Geometric control for autonomous underwater vehicles: overcoming a thruster failure</span> <span class=authors>M. Andonian, D. Cazzaro, L. Invernizzi, M. Chyba, S. Grammatico</span> <span class=conference>Proceedings of the IEEE Conference on Decision and Control (CDC 2010)</span> </li> <li> <span class=title>Trajectory Design for Autonomous Underwater Vehicles for Basin Exploration</span> <span class=authors>M. Chyba, D. Cazzaro, L. Invernizzi, M. Andonian</span> <span class=conference>Proceedings of the International Conference on Computer and IT Applications in the Maritime Industries (COMPIT 2010)</span> </li> <li> <span class=title>A Geometric Approach to Trajectory Design for an Autonomous Underwater Vehicle: Surveying the Bulbous Bow of a Ship</span> <span class=authors>R. N Smith, D. Cazzaro, L. Invernizzi, G. Marani, S. K Choi, M. Chyba</span> <span class=conference>Acta applicandae mathematicae, 2010</span> </li> </ul> </div> <div class=box id=patents> <h2>Patents</h2> <ul> <li> <a href='http://patents.justia.com/patent/8959643'></a> Detecting Malware Infestations in Large-Scale Networks, L. Invernizzi, S. Miskovic, R. Torres, S. Saha, S. Lee, M. Mellia, C. Kruegel, G. Vigna (United States Patent 8959643) </li> </ul> </div> <div class='box wrap' id=press> <h2>In the press</h2> In the past years I have been lucky enough that people have taken interest in my work and wrote articles about it. Here's a collection of the ones I am most proud of: <ul> <li> <a href='http://www.net-security.org/malware_news.php?id=2712'>New detection system spots zero-day malware</a> </li> <li> <a href='http://www.theregister.co.uk/2014/02/18/zoom_out_for_a_view_of_malware_say_boffins/'>Zoom out for a view of malware, say boffins</a> </li> <li> <a href='http://www.crn.com.au/News/372515,enterprising-research-ids-zero-day-malware.aspx)'>Enterprising research IDs zero day malware</a> </li> <li> <a href='http://campustechnology.com/articles/2014/09/18/ucsb-security-researchers-to-help-too-trusting-smartphone-app-users.aspx?admgarea=news'>UCSB Security Researchers To Help Too-Trusting Smartphone App Users</a> </li> <li> <a href='http://www.keyt.com/news/worlds-largest-computer-hacking-contest-happening-at-ucsb/23363462'>World's Largest Computer Hacking Contest Happening at UCSB</a> </li> <li> <a href='http://www.cnbc.com/id/101179977'>Cyberteams duke it out in the World Series of hacking</a> </li> <li class=not-academia> <a href='http://arstechnica.com/information-technology/2009/07/getting-things-done-with-linux-todo-list-programs/'>Getting things done with Linux to-do list programs</a> </li> <li> <a href='http://www.esa.int/Education/Germany_s_CESAR_crowned_king_of_rovers_in_ESA_s_Robotics_Challenge2'>Germany's CESAR crowned king of rovers in ESA’s Robotics Challenge</a> </li> </ul> </div> <div class='box hidden-print'> <h2>BUZZWORDS</h2> <p>Technology I've worked with (the bigger the font ⇒ the more confident I am using it):</p> <div class=text-center id=buzzwords></div> </div> <div class='box hidden-print'> <h2>Languages</h2> <div id=language-skills> <div class=skill> Italian <div class='icons pull-right'> <div class=icons-red style='width: 100%;'></div> </div> </div> <div class=skill> English <div class='icons pull-right'> <div class=icons-red style='width: 90%;'></div> </div> </div> <div class=skill> French <div class='icons pull-right'> <div class=icons-red style='width: 20%;'></div> </div> </div> <div class=skill> Spanish <div class='icons pull-right'> <div class=icons-red style='width: 20%;'></div> </div> </div> </div> </div> <div class='box hidden-print'> <h2>Hobbies</h2> <div class=hobby>Hiking</div> <div class=hobby>Tinkering with things to see how they work</div> <div class=hobby>Breaking websites</div> <div class=hobby>Growing plants in custom hydroponics contraptions</div> <div class=hobby>Proposing tons of startup ideas to my annoyed wife</div> </div> </div> </div> <div class='row pull-right hidden-print not-frontpage' style='margin-right:20px'> <span class='obnoxious defaulton'></span> <a class=btn-xs id=obnoxiousbtn> <span class='obnoxious defaulton'> Show more details... </span> <span class=obnoxious>Show less details</span> </a> </div> </div> </div> <div class=bars id=footer></div> <div class=page-break></div> <div class='box visible-print' id=links> <h2>Links</h2> <p class=visible-print>To avoid having to type in these links, You can visit www.lucainvernizzi.net for an online version of this CV.</p> </div> <link href="css/resume-bd5d3f41.css" rel=stylesheet /> <script src="js/main.js"></script><script>!function(t,e,n,i,o,r,s){t.GoogleAnalyticsObject=o,t[o]=t[o]||function(){(t[o].q=t[o].q||[]).push(arguments)},t[o].l=1*new Date,r=e.createElement(n),s=e.getElementsByTagName(n)[0],r.async=1,r.src=i,s.parentNode.insertBefore(r,s)}(window,document,"script","//www.google-analytics.com/analytics.js","ga"),ga("create","UA-651614-13","auto"),ga("send","pageview");</script></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10