DECA SABRINA DE CAPITANI DI VIMERCATI
Contact Information | Short Biography | Publications | Curriculum (Pdf) | Teaching | Other Links


CURRICULUM


SABRINA DE CAPITANI DI VIMERCATI
Full Professor
Information Technology Department
Università degli Studi di Milano, Italy

1 Education and employment history

She received the Laurea and PhD degrees both in Computer Science from the Università degli Studi di Milano, Italy, in 1996 and 2001, respectively. She has subsequently acquired the following positions:

  • Full professor, Information Technology Department, Università degli Studi di Milano, Italy. [March 2007-present].
  • Associate professor, Information Technology Department, Università degli Studi di Milano, Italy. [January 2003-February 2007].
  • Assistant professor, University of Brescia, Italy. [November 1999-December 2002].

She has spent several visits at SRI International and George Mason University. In particular:

  • International Fellow, SRI International, CA, USA. [March 1998-September 1998, May 1999, July 1999-September 1999].
  • Visiting researcher, Center for Secure Information Systems, George Mason University, VA (USA) [summers 2002-2011]

2 Awards

  • ACM PODS’99 Best Newcomer Paper Award for the paper “Minimal Data Upgrading to Prevent Inference and Association Attacks,” by S. Dawson, S. De Capitani di Vimercati, P. Lincoln, P. Samarati.

3 Research Interests and Projects

Sabrina De Capitani di Vimercati’s research interests are in the area of security and privacy, database, and information systems. In particular, she has investigated different security and privacy issues among which: protection of network infrastructure, P2P reputation, models and languages for privacy protection, access control policies composition, protection of information from inference attacks, protection of information in open environments, information flow control in object-oriented systems, protection of outsourced data. Her work is reported in more than 160 refereed technical papers in international journal, conferences, workshops, and book chapters.

Principal investigator of the following project:

  • Privacy-aware environmental data publishing, funded by Università degli Studi di Milano under the program “UNIMI per il Futuro 5 per Mille” [March 2010 - February 2012].

She has participated/participates in several projects funded by the EU and by the Italian Research Ministry such as the following.

  • “Privacy and Protection of Personal Data” project, a project funded by the Italian Ministry of Research (MIUR) [March 2010-September 2012].
  • PrimeLife (Privacy and Identity Management in Europe for Life) project, a large-scale Integrating Project funded by the European Union under the VII Framework Program targeted to the development of privacy-aware solutions.
  • PRIME (Privacy and Identity Management for Europe) project, an Integrating Project funded by the European Union under the VI Framework Program targeted to the development of privacy-aware solutions for enforcing security.
  • RAPID (Roadmap for Advanced Research in Privacy and Identity Management), a Roadmap funded by the European Union under the V Framework Program targeted to the identification of R&D challenges in privacy technology and identity management.
  • FASTER (Flexible Access to Statistics, Tables, and Electronic Resources), a project funded by the European Union under the V Framework Program targeted to the secure publication of data on the Web.

4 Professional Activities

4.1 Participation in editorial boards of international journals

  • Associate Editor, ACM Transactions on Database Systems [January 2012-present]
  • Editorial Board Member, IET Information Security journal [January 2010 – present]
  • Editorial Board Member, ICST Transactions on Security and Safety [March 2009 – present]
  • Editorial Board Member, Computers & Security Journal, Elsevier [October 2008 – July 2010]

4.2 Conference and Workshop Organization

Member of Steering Committees:

  • IFIP Working Group 11.3 on Data and Application Security and Privacy, vice-chair [2008 – present]
  • European Symposium on Research in Computer Security (ESORICS) [2007 – present]
  • ACM Workshop on Privacy in the Electronic Society [2004 – present]

General Chair:

  • 5th International Conference on Network and System Security (NSS 2011), Milan, Italy, September 6-8, 2011.
  • 23rd International Information Security Conference (SEC 2008) (co-chair with Giulio Occhini), September 2008, Milan, Italy.

Program Chair:

  • 9th European PKI Workshop: Research and Applications (EuroPKI 2012), September 13-14, 2012, Pisa, Italy (co-chair with Chris Mitchell).
  • 4th International Workshop on Autonomous and Spontaneous Security (SETOP 2011) (co-chair with Joaquin Garcia-Alfaro).
  • 5th International Workshop on Security and Trust Management (STM 2009) (co-chair with Ralf Küsters), September 2009, Saint Malo, France.
  • 14th ACM Conference on Computer and Communications Security (co-chair with Paul Syverson), October 2007, Alexandria, VA, USA.
  • 13th ACM Conference on Computer and Communications Security (co-chair with Rebecca Wright), October 2006, Alexandria, VA, USA.
  • 10th European Symposium on Research in Computer Security (co-chair with Paul Syverson), September 2005, Milan, Italy.
  • Workshop on Privacy in the Electronic Society (co-chair with Roger Dingledine), November 2005, Alexandria, VA, USA.
  • Workshop on Privacy in the Electronic Society (co-chair with Paul Syverson), October 2004, Washington, DC, USA.
  • 17th Annual IFIP WG 11.3 Working Conference on Data and Application Security (co-chair with Indrakshi Ray), August 2003, Colorado, USA.

Workshop Chair:

  • 6th International Conference on Future Information Technology (FutureTech 2011), Crete, Greece, June 28-30, 2011.

Publicity Chair:

  • Workshop on Privacy in the Electronic Society, October 30 2003, Washington, DC, USA.
  • 8th European Symposium on Research in Computer Security, October 13-15, 2003, Gjøvik, Norvegia.
  • Workshop on Privacy in the Electronic Society, November 21, 2002, Washington, DC, USA.

Program Committee Member:

  • 7th International Workshop on Security (IWSEC 2012), Nishijin, Japan, November 7-9, 2012.
  • 4th International Conference on Management of Emergent Digital EcoSystems (MEDES 2012), Addis Ababa, Ethiopia, October 28-31, 2012.
  • 5th International Workshop on Autonomous and Spontaneous Security (SETOP 2012), Pisa, Italy, September 13-14, 2012.
  • 9th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2012), Vienna, Austria, September 3-7, 2012.
  • 13th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2012), Canterbury, UK, September 2-5, 2012.
  • 9th VLDB Workshop on Secure Data Management (SDM 2012), Istanbul, Turkey, August 27, 2012.
  • 7th International Conference on Security and Cryptography (SECRYPT 2012), Rome, Italy, July 24-27, 2012.
  • 26th Annual WG11.3 Conference on Data and Applications Security and Privacy (DBSec 2012), Paris, France, July 11-13, 2012.
  • 12th Privacy Enhancing Technologies Symposium (PETS 2012), Vigo, Spain, July 11-13, 2012.
  • 9th Workshop on Security in Information Systems (WOSIS 2012), Wrocław, Poland, June 28, 2012.
  • 10th International Conference on Applied Cryptography and Network Security (ACNS 2012), Singapore, June 26-29, 2012.
  • 1st IEEE International Workshop on Security and Forensics in Communication Systems (SFCS 2012), Ottawa, Canada, June 10-15, 2012.
  • 27th IFIP International Information Security and Privacy Conference (SEC 2012), Heraklion, Crete, Greece, June 4-6, 2012.
  • 2nd International Conference on Cloud Computing and Services Science (CLOSER 2012), Porto, Portugal, April 18-21, 2012.
  • 5th European Workshop on Systems Security (EuroSec 2012), Bern, Switzerland, April 10, 2012.
  • 7th International Conference on Information Systems Security (ICISS 2011), Kolkata, India, December 15-18, 2011.
  • International Conference on Management of Emergent Digital EcoSystems (MEDES 2011), San Francisco, USA, November 21-23, 2011.
  • 6th International Workshop on Security (IWSEC 2011), Tokyo, Japan, November 8-10, 2011.
  • 12th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2011), Ghent, Belgium, October 19-21, 2011.
  • 10th Workshop on Privacy in the Electronic Society (WPES 2011), Chicago, IL, USA, October 17, 2011.
  • 8th European Workshop on PKI, Services and Applications (EUROPKI 2011), Leuven, Belgium, September 15-16, 2011.
  • 16th European Symposium On Research In Computer Security (ESORICS 2011), Leuven, Belgium, September 12-14, 2011.
  • 8th VLDB Workshop on Secure Data Management (SDM 2011), Seattle, US, September 2, 2011.
  • 8th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2011), Toulouse, France, 29 August - 2 September, 2011.
  • 11th Privacy Enhancing Technologies Symposium (PETS 2011), Waterloo, ON, Canada, July 27-29, 2011.
  • International Workshop on Model-Based and Policy-Based Engineering in Information Security (MPEIS 2011), Seville, Spain, July 18-21, 2011.
  • 6th International Conference on Security and Cryptography (SECRYPT 2011), Seville, Spain, July 18-21, 2011
  • 25th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2011), Richmond, Virginia USA, July 11-13, 2011.
  • 8th IEEE/FTRA International Conference on Secure and Trust Computing, data management, and Applications (STA 2011), Crete, Greece, June 28-30, 2011.
  • 7th International Workshop on Security and Trust Management (STM 2011), Copenhagen, Denmark, June 27-28, 2011.
  • 1st International Workshop on Information Systems Security Engineering (WISSE 1011), London, UK, June 21, 2011.
  • International Workshop on Intelligent Transportation Systems and Applications (ITSA 2011), Crete, Greece, June 28-30, 2011.
  • 1st International Workshop on Security and Privacy in e-Societies (SeceS 2011), Lebanon, June 9-10, 2011.
  • 8th Workshop on Security in Information Systems (WOSIS 2011), Beijing, China, June 8-11, 2011.
  • 4th International Workshop on Information Security Theory and Practices (WISTP 2011), Heraklion, Greece, June 8-11, 2011.
  • 26th IFIP International Information Security Conference (SEC 2011), Lucerne, Switzerland, June 7-9, 2011.
  • 5th International Workshop on Security (IWSEC 2010), Kobe, Japan, November 22-24, 2010.
  • Workshop on Specification and Implementation of Dynamic Security Policies (DYSP 2010), Bangkok, Thailand, October 29, 2010.
  • 9th Workshop on Privacy in the Electronic Society (WPES 2010), Chicago, IL, USA, October 4, 2010.
  • 6th International Workshop on Security and Trust Management (STM 2010), Athens, Greece, September 23-24, 2010.
  • 7th European Workshop on Public Key Services, Applications and Infrastructures (EuroPKI 2010), Athens, Greece, September 23-24, 2010.
  • 25th International Information Security Conference (SEC 2010), Brisbane, Australia, September 20-23, 2010.
  • 15th European Symposium on Research in Computer Security (ESORICS 2010), Athens, Greece, September 20-22, 2010.
  • 7th VLDB Workshop on Secure Data Management (SDM 2010), Singapore, September 17, 2010.
  • 6th International Conference on Security and Privacy in Communication Networks (SecureComm 2010), Singapore, September 7-10, 2010.
  • 4th International Conference on Network and System Security (NSS 2010), Melbourne, Australia, September 1-3, 2010.
  • 7th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2010), Bilbao, Spain, August 30 - September 3, 2010.
  • 2nd IEEE International Conference on Privacy, Security, Risk, Trust (PASSAT 2010), Minneapolis, USA, August 20-22, 2010.
  • 5th International Conference on Security and Cryptography (SECRYPT 2010), Athens, Grecee, July 26-28, 2010.
  • 10th Privacy Enhancing Technologies Symposium (PETS 2010), Berlin, Germany, July 2123, 2010.
  • 8th International Conference on Applied Cryptography and Network Security (ACNS 2010), Beijing, China, June 22-25, 2010.
  • 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2010), Rome, Italy, June 21-23, 2010.
  • ACM Internationa SIGMOD Conference on Management of Data (SIGMOD 2010), Indianapolis, Indiana, USA, June 6-11, 2010.
  • 11th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2010), Linz, Austria, May 31 - June 2, 2010.
  • 19th International World Wide Web Conference (WWW 2010), Raleigh, NC, USA, April 26-30, 2010.
  • 4th Workshop on Information Security Theory and Practice (WISTP 2010), Passau, Germany, April 12-14, 2010.
  • 14th International Conference on Financial Cryptography and Data Security (FC 2010), Tenerife, Spain, January 25-28, 2010.
  • 8th Workshop on Privacy in the Electronic Society (WPES 2009), Chicago, IL, USA, November 9, 2009.
  • 12th Information Security Conference (ISC 2009), Pisa, Italy, September 7-9, 2009.
  • 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2009), Linz, Austria, August 31 - September 4, 2009.
  • 6th VLDB Workshop on Secure Data Management (SDM 2009), Lione, France, August 24, 2009.
  • 9th Privacy Enhancing Technologies Symposium (PET 2009), Seattle, WA, USA, August 5-7, 2009.
  • 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2009), Montreal, Canada, July 12-15, 2009.
  • 4th International Conference on Security and Cryptography (SECRYPT 2009), Milan, Italy, July 7-10, 2009.
  • 14th Australasian Conference on Information Security and Privacy (ACISP 2009), Brisbane, Australia, July 1-3, 2009.
  • 7th International Workshop on Security In Information Systems (WOSIS 2009), Milan, Italy, May 6-10, 2009.
  • 2nd International Conference on Future Generation Communication and Networking (FGCN 2008), Hainan Island, China, December 13-15, 2008,
  • The Third International Conference on Risks and Security of Internet and Systems, Tozeur, Tunisia, October 28-30, 2008.
  • 15th ACM Conference on Computer and Communication Security (CCS), Alexandria, VA, USA, October 27-October 31, 2008.
  • Workshop on Privacy in the Electronic Society, Alexandria, Virginia, USA, October 27, 2008.
  • 13th European Symposium on Research in Computer Security, Malaga, Spain, October 6-8, 2008.
  • 5th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’08), Turin, Italy, September 1-5, 2008.
  • 4th workshop on Secure Data Management, Auckland, New Zealand, August 23-28, 2008.
  • 13th International Conference on Security and Cryptography, Porto, Portugal, July 26-29, 2008.
  • 13th Australasian Conference on Information Security and Privacy (ACISP 2008), Wollongong, Australia, July 14-16, 2008.
  • 22th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, London, U.K., July 13-16, 2008.
  • 4th International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, Sorrento, Italy, July 11, 2008.
  • Fifth European PKI Workshop, Trondheim, Norway, June 16-17, 2008.
  • 4th Information Security Practice and Experience Conference (ISPEC 2008), Sydney, Australia, April 21-23, 2008.
  • The 13th International Conference on Database Systems for Advanced Applications (DASFAA 2008), New Delhi, India, March 19-22, 2008.
  • 23rd Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, Florida, USA, December 10-14, 2007.
  • International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2007), Valencia, Spain, October 14-20, 2007,
  • The 2007 International Conference on Intelligent Pervasive Computing (IPC 2007), Jeju Island, Korea, October 12-13, 2007.
  • 12th European Symposium on Research in Computer Security (ESORICS 2007), Dresden, Germany, September 24-26, 2007,
  • 4th VLDB Workshop on Secure Data Management (SDM 2007), Vienna, Austria, September 23-24, 2007.
  • 4th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2007), Regensburg, Germany, September 3-7, 2007.
  • International Workshop on P2P Data Management, Security and Trust (PDMST 2007), Regensburg, Germany, September 3-7, 2007.
  • International Conference on Security and Cryptography, Barcelona, Spain, July 28-31, 2007.
  • 3rd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, Istanbul, Turkey, July 20, 2007.
  • 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Redondo Beach, CA, USA, July 8-11, 2007.
  • Conference on Risk and Security of Internet and Systems, Marrakech, Morocco, July 2-5, 2007.
  • The 4th European PKI Workshop: Theory and Practice (EuroPKI 2007), Palma de Mallorca, Balearic Islands, Spain, June 28-30, 2007.
  • 5th Workshop on Security in Information Systems, Madeira, Portugal, June 12-13, 2007.
  • ACM Symposium on Information, Computer and Communications Security, 2007 (AsiaCCS 2007), Singapore, March 20-22, 2007.
  • Eighth International Conference on Information and Communications Security (ICICS 2006), Raleigh, North Carolina, USA, December 4-7, 2006.
  • 11th European Symposium On Research In Computer Security Hamburg, Hamburg, Germany, September 18-20, 2006.
  • 2nd Workshop on Security and Trust Management (STM 2006), Hamburg, Germany, September 20, 2006.
  • 3rd VLDB Workshop on Secure Data Management (SDM 2006), Seoul, Korea, September 10-11, 2006.
  • 3rd International Workshop on ”P2P Data Management, Security and Trust (PDMST 2006), Krakow, Poland, September 4-8, 2006.
  • 9th Information Security Conference, Samos, Greece, August 30 - September 2, 2006.
  • International Conference on Security and Cryptography, Setubal, Portugal, August 7-10, 2006.
  • 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31 - August 2, 2006.
  • Program Analysis for Security and Safety Workshop Discussion (PASSWORD 2006), Nantes, France, July 3-4, 2006.
  • 2nd International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing, Lione, France, June 29, 2006.
  • The Fourth International Workshop on Security In Information Systems, Paphos, Cypros, May 23-24, 2006.
  • The Security, Privacy and Ethics track of the 15th World Wide Web Conference (WWW 2006), Edimburgh, Scotland, May 22-26, 2006.
  • Security and Trust in Decentralized/Distributed Data Structures (STD3S), Atlanta, GA, USA, April 3-7, 2006.
  • The 3rd International Workshop on Security in Information Systems (WOSIS 2005), Miami, USA, May 24-25, 2005.
  • 2nd VLDB Workshop on Secure Data Management (SDM 2005), Trondheim, Norvey, September 2-3, 2005.
  • 2nd International Workshop on P2P Data Management, Security and Trust (PDMST 2005), Copenhagen, Denmark, August 23-26, 2005.
  • 2nd International Conference on Distributed Computing & Internet Technology (ICDCIT 2005), Bhubaneswar, India, December 22-24, 2005.
  • 19th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Storrs, CT, USA, August 7-10, 2005.
  • Foundations of Computer Security (FCS 2005), Chicago, IL, USA, June 30 - July 1, 2005.
  • Web Technologies and Applications - Special Track of the 20th ACM Symposium on Applied Computing (SAC 2005), Santa Fe, New Mexico, March 13-17, 2005.
  • 2005 Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (SecPerU 2005), Santorini Island, Greece, July 14, 2005,
  • 2nd European PKI Workshop, Canterbury, England, June 30 - July 1, 2005.
  • VLDB 2004 Workshop on Secure Data Management in a Connected World, Toronto, Canada, August 30, 2004.
  • Eighth IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems, Fairfax, Virginia, USA, November 18-19, 2004.
  • 11th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 25-29, 2004.
  • 9th European Symposium on Research in Computer Security, Sophia Antipolis, France, September 13-15, 2004.
  • Workshop on Foundations of Computer Security, Turku, Finland, July 12-13, 2004.
  • 1st European PKI Workshop: Research and Applications, Samos, Greece, June 25, 2004,
  • 18th Annual IFIP WG 11.3 Working Conference on Data and Application Security, Sitges, Spain, July, 25-28, 2004.
  • Workshop on Network and Distributed Systems Security (I-NetSec 2004), France, August 23-26, 2004.
  • Second International Workshop on Security In Information Systems (WOSIS 2004), Porto, Portogal, April 13, 2004.
  • IASTED International Conference on Databases and Applications, Innsbruck, Austria, February 17-19, 2004.
  • Sixth IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems, Losanna, Switzerland, November, 13-14, 2003.
  • Workshop on Metadata for Security, Sicilia, Italy, November 3-7, 2003.
  • 8th European Symposium on Research in Computer Security, Gjøvik, Norwey, October 13-15, 2003.
  • 10th ACM Conference on Computer and Communications Security, Washington, DC, USA, October 27-30, 2003.
  • 18th IFIP TC-11 International Conference on Information Security (SEC 2003), Athens, Greece, May 26-28, 2003.
  • Workshop on Network and Distributed Systems Security (I-NetSec 2003), Athens, Greece, May 26-28, 2003
  • 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, USA, November 17-21, 2002.
  • 8th ACM Conference on Computer and Communications Security (CCS 2001), Philadelphia, Pennsylvania, USA, November 5-8, 2001.
  • Settimo Convegno Nazionale su Sistemi Evoluti per Basi di Dati (SEBD 1999), Como, Italy, June 23-25, 1999.

4.3 Participation in panels of conferences and workshops

  • “New Research Directions of Security and Privacy in Cloud Computing,” in Proc. of the 1st International Workshop on Security and Privacy in Cloud Computing (SPCC 2010), Genoa, Italy, June 25, 2010.
  • “Information Hiding: State-of-the-Art and Emerging Trends,” in 5th International Workshop on Security Issues in Concurrency (SecCo 2007), Lisbona, Portugal, September 3, 2007.

4.4 Invited Talks

  • “Data Protection,” in 3rd International Workshop on Autonomous and Spontaneous Security (SETOP 2010), Athens, Greece, September 23, 2010.
  • “Privacy of Data,” in PrimeLife Summer School, Nizza, France, September 7-11, 2009.
  • “Data Privacy: Problems and Solutions,” in 7th International Workshop on Security In Information Systems (WOSIS 2009), Milan, Italy, May 6-10, 2009.
  • “Data Privacy: Problems and Solutions,” in 3rd International Conference on Information Systems Security (ICISS 2007), Delhi, India, December 16-20, 2007.
  • “Towards Privacy-Enhanced Authorization Policies and Languages,” in Advanced Research Workshop “Secure Telematic Applications in National Scale Projects,” Minsk, November 22-25, 2006.
  • “Protecting Privacy in the Global Infrastructure,” in 1st International Conference on Information Security and Computer Forensics (ISCF 2006), Chennai, India, December 6-8, 2006.

5 Publications

See publications page