Print
PDF
avatar

Ciao! I'm Luca (Invernizzi)

Need more details, such as my phone number? Press the ¬ TL;DR button to show more less

About Me

My passion is information security, and my expertise is malware. I am keen on building large-scale systems that discover hidden (malicious, usually) patterns in a sea of data. In my free time, I love to challenge myself by competing (or, sometimes, by running) hacking competitions.

I am a Ph.D. Candidate at the University of California, Santa Barbara. My main research focus is finding novel, robust ways to detect and prevent the spreading of malware. I am currently also researching in securing Android devices, and in maintaining (and breaking) one's privacy through traces left online.

In the past, I've been an active member of the GNOME open-source community, and I've had some fun in underwater robotics research.

Education

  • 2010 - 2014

    Ph.D. Candidate in Information Security at U.C. Santa Barbara

    During my Ph.D. studies, I have been having fun researching on:

    • Leveraging big-data analysis to discover malware being distributed online (with papers in the top infosec conferences: S&P, NDSS, CSS)
    • How to better secure Android mobile devices (3 papers under submission, secured $1.1M grant)
    • How to maintain some privacy online, and novel ways to invade it again (one paper under submission, and one ACSAC paper)
    • How to teach information security with the help of hacking competitions

  • 2010 - 2014

    Master's Student in Computer Science at U.C. Santa Barbara

    GPA 4.0

  • 2009 - 2010

    Visiting Researcher at the University of Hawaii

    Besides snorkeling and hiking, at UH I've worked on a novel mathematical model to drive autonomous underwater vehicles. This work has been presented at the IEEE Conference on Decision and Control (CDC).

  • 2007 - 2010

    "Diploma di Licenza" at the Sant'Anna School of Advanced Studies, Italy

    Summa cum laude, full scholarship awarded as a winner of a nation-wide competition.

  • 2007 - 2010

    Master's Degree in Control Engineering at the University of Pisa, Italy

    Summa cum laude.

  • 2008

    Visiting Researcher at U.C. Santa Barbara

    In UCSB's mechanical engineering department, I've worked on a distributed algorithm to drive autonomous land vehicles to patrol an area. We have implemented this algorithm to make a group of (real) robotic vehicles collaborate with virtual ones. Part of this work is now part of the Player/Stage open-source framework.

  • 2004-2007

    Bachelor's Degree in Computer Engineering at the University of Pisa, Italy

    Summa cum laude, completed the Path of Excellence honors program.

Professional Experience

The Activity Exchange
2012 - 2014
Project Lead
At ActivityX, I've been in charge of designing and running a scalable service that collects, normalizes, and distributes sensitive health data (such as workouts and blood pressure readings) coming from 20+ sources (such as Fitbit and AppleHealth) and 200k+ users. This system is currently powering Achievemint.com, and Humana Vitality.
Narus
2013
Research Intern
At Narus, I've designed Nazca, a system capable of discovering and tracking malicious downloads in the network traffic of ISPs. This work resulted in a NDSS'13 paper, a patent, and has sparked the interest of the press.
Appfolio
2011
Engineering Intern, Pentester
At Appfolio, I've pentested the various RoR web apps developed there, including a payment-processing system handling the financial information of 100k+ users. I've fixed tens of vulnerabilities, ranging from logic flaws, XSSs, CSRFs, and authentication/authorization flaws. I left the company with a set of tools (integrated in their CI system) that perform static and dynamic analysis on the various products to alert the developers of possible security vulnerabilities before they go live.
Google Summer of Code
2010
Engineering Intern
During my summer, I've extended Getting Things GNOME!, a task manager for the Linux desktop, to support multiple synchronization services (such as Bugzilla, Evolution, RememberTheMilk,...). People liked the new GTG :)
Biorobotics Institute, Sant'Anna
2009
Web Designer
I've created and maintained the website for ANGELS , an European project in underwater robotics.

Open Source contributions

The GNOME foundation
2010-2012
Core Developer & Mentor
I like participating in the open-source world, whenever I have time. In this period, I've been a core developer of "Getting Things GNOME", and I've become a member of the GNOME Foundation. I've also mentored five nice international students for several editions of the Google Summer of Code and the Gnome's Outreach Program for Women.
Open Source :)
2009-now
Over time, like any well-behaved developer I've shared online a few niche projects that other people are using (such as Scapy's support for HTTP, which a few companies, such a Lastline and Google, are currently using in some of their projects, and Chrisper, a style-checker for academic papers). I've also made many contributions, big and small, to popular open-source projects (PLAYER robotic framework, Flask-Security, Eucalyptus...). Check out my Github page for a collection of a few of those.

Competitions

Hacking Competitions
2010-now
Hacker
I've played in tens of hacking competitions, including the DEFCON CTF in Las Vegas, with my team Shellphish. With the team, I've also designed and organized for four years the iCTF, the biggest academic hacking competition, with more than 1k players from all over the globe.
European Space Agency Robotic Challenge
2008
Robot Hacker
In this competition, ESA challenged university students to design and build a robotic vehicle capable of retrieving samples in a steep lunar crater. With my team from the SSSUP university, we build an hexapod that managed to be selected up to the final in Tenerife. Unfortunately, while our robot was in the crater it started raining (in a very lunar fashion), which shorted our robot's circuits :)

Ciao!

I'm Luca Invernizzi.

Contact

+1 (805) 699 XXXX
Twitter
Linkedin
Github
StackOverflow

Skills

Pentesting & hacking
Agile web design (mostly backend)
Creating large-scale scalable systems
Data mining
Robotics
Beginner
Proficient
Advanced
Expert

Publications

I have published papers in the fields of computer security and robotics. Also on Google Scholar
  • Eyes of a Human, Eyes of a Program: Leveraging different views of the web for analysis and detection J. Corbetta, L. Invernizzi, C. Kruegel, G. Vigna Proceedings of the Research in Attacks, Intrusions and Defenses Symposium (RAID Symposium 2014)
  • Ten Years of iCTF: The Good, The Bad, and The Ugly G. Vigna, K. Borgolte, J. Corbetta, A. Doupé, Y. Fratantonio, L. Invernizzi, D. Kirat, Y. Shoshitaishvili Proceedings of the USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE 2014)
  • Do You Feel Lucky? A Large-Scale Analysis of Risk-Rewards Trade-Offs in Cyber Security Y. Shoshitaishvili, L. Invernizzi, A. Doupé, G. Vigna Proceedings of the ACM Symposium on Applied Computing (SAC 2014)
  • Nazca: Detecting Malware Distribution in Large-Scale Networks L. Invernizzi, S. Miskovic, R. Torres, S. Saha, S. Lee, M. Mellia, C. Kruegel, G. Vigna Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2014)
  • Message In A Bottle: Sailing Past Censorship L. Invernizzi, C. Kruegel, G. Vigna Proceedings of the Annual Computer Security Applications Conference (ACSAC 2013)
  • You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. Van Acker, W. Joosen , C. Kruegel, F. Piessens, G. Vigna Proceedings of the ACM Conference on Computer and Communications Security (CCS 2012)
  • EVILSEED: A Guided Approach to Finding Malicious Web Pages L. Invernizzi, S. Benvenuti, P. Milani Comparetti, M. Cova, C. Kruegel, G. Vigna Proceedings of the IEEE Symposium on Security and Privacy (SSP 2012) (AT&T NYU CSAW best security paper '12 finalist)
  • Geometric control for autonomous underwater vehicles: overcoming a thruster failure M. Andonian, D. Cazzaro, L. Invernizzi, M. Chyba, S. Grammatico Proceedings of the IEEE Conference on Decision and Control (CDC 2010)
  • Trajectory Design for Autonomous Underwater Vehicles for Basin Exploration M. Chyba, D. Cazzaro, L. Invernizzi, M. Andonian Proceedings of the International Conference on Computer and IT Applications in the Maritime Industries (COMPIT 2010)
  • A Geometric Approach to Trajectory Design for an Autonomous Underwater Vehicle: Surveying the Bulbous Bow of a Ship R. N Smith, D. Cazzaro, L. Invernizzi, G. Marani, S. K Choi, M. Chyba Acta applicandae mathematicae, 2010

Patents

  • (Pending approval) Detecting Malware Infestations in Large-Scale Networks, L. Invernizzi, S. Miskovic, R. Torres, S. Saha, S. Lee, M. Mellia, C. Kruegel, G. Vigna

BUZZWORDS

Technology I've worked with (the bigger the font ⇒ the more confident I am using it):

Languages

Italian
English
French
Spanish

Hobbies

Hiking
Tinkering with things to see how they work
Breaking websites
Growing plants in custom hydroponics contraptions
Proposing tons of startup ideas to my annoyed wife