Curriculum Vitae

PIERANGELA SAMARATI
Professor, Information Technology Department, Università degli Studi di Milano, Italy.
http://www.dti.unimi.it/samarati      pierangela.samarati@unimi.it      +39 02 503.30061

1 Education and employment history

She graduated in Computer Science at Università degli Studi di Milano in 1988.
At the same University she has subsequently acquired the following positions:

  • Full Professor, Information Technology Department, Università degli Studi di Milano, Italy [Oct 2000-present]
  • Associate Professor, Computer Science Department, Università degli Studi di Milano, Italy [Nov 1998-Sep 2000]
  • Assistant Professor, Computer Science Department, Università degli Studi di Milano, Italy [Nov 1990-Oct 1998]

She has spent several periods of time in the USA, invited to perform research and collaborate with other groups. She spent more than one year as:

  • Computer Scientist, SRI International, CA (USA) [Oct 1997-Oct 1998, Jul 1999-Sep 1999] (On leave from Università degli Studi di Milano)

At SRI, she was called to acquire responsibility, as Co-Principal Investigator, for a DARPA-funded project and lead the research in the field of data protection.
In addition, she has spent several visits at Stanford University and at George Mason University. In particular:

  • Visiting researcher, Center for Secure Information Systems, George Mason University, VA (USA) [summers 1992-1996, 2002-2011]
  • Visiting researcher, Computer Science Department, Stanford University, CA (USA) [Mar-Dec 1991, Jun-Jul 1992, Aug-Sep 1997]

2 Research interests and projects

Pierangela Samarati’s research interests are in the main area of security and privacy. In particular, she is interested in information privacy, data protection, access control policies, models and systems, information system security, inference control, and information protection in general. Her work is reported in more than 200 peer-reviewed articles in international journals, conference proceedings, and book chapters.

She has participated in several projects involving different aspects of privacy and information protection.

She is currently involved as Principal Investigator for the Università degli Studi di Milano on the “Privacy and Protection of Personal Data” project, a project funded by the Italian Ministry of Research (MIUR) targeted to the development of new technologies and tools with which users can protect their privacy, thus putting privacy-enhancing technology directly into users’ hands [March 2010-March 2012].

She is currently involved as Principal Investigator for the Università degli Studi di Milano on the PrimeLife (Privacy and Identity Management in Europe for Life) project, a large-scale Integrating Project funded by the European Union under the VII Framework program targeted to the development of privacy-aware solutions supporting privacy throughout users’ lives [March 2008-June 2011].

She has served as principal Investigator for the Università degli Studi di Milano on the “Confidentiality and Selective Access in the Database as a Service Scenario” project, a project funded by the Italian Ministry of Research (MIUR) targeted to the development of solutions for data security, allowing to protect sensitive data stored and managed by entities different from the data owner [February 2007-February 2009].

She has served as Principal Investigator for the Università degli Studi di Milano on the PRIME (Privacy and Identity Management for Europe) project, an Integrated Project funded by the European Union under the VI Framework program targeted to the development of privacy-aware solutions for enforcing security [March 2004-February 2008]. In 2008, the PRIME project has received the HP-IAPP (HP-International Association of Privacy Professionals) Privacy Innovation Technology Award.

She has served as Principal Investigator for the Università degli Studi di Milano on the RAPID Roadmap (Roadmap for Advanced Research in Privacy and Identity Management), a Roadmap funded by the European Union targeted to the identification of R&D challenges in privacy technology and identity management [July 2002-June 2003].

She has served as Principal Investigator for the Università degli Studi di Milano for FASTER (Flexible Access to Statistics, Tables, and Electronic Summaries) project, a project funded by the European Union targeted to the secure publication of data on the Web [January 2000-March 2002].

While at SRI International, she participated, as co-PI, in the SAW (Secure Access Wrapper) project, a project funded by DARPA targeted to the development of security wrappers for the secure interoperation and information sharing of distributed, possibly heterogeneous, information sources and applications. At SRI, she also participated as a key researcher in the TIHI (Trusted Interoperation of Healthcare Information), an NSF funded project targeted to the development of a system for privacy-aware and secure sharing of information in the healthcare domain.

3 Educational activities

During her career at the Università degli Studi di Milano, she has been teaching courses in databases, algorithms and data structures, security and privacy, and advanced techniques for data protection, at undergraduate, master, and PhD levels. She has been invited to lecture in international summer schools, where she taught courses on data protection, privacy, and access control:

  • Technoeconomic Management and Security of Digital Systems, University of Piraeus, Greece, 2011
  • The European Intensive Programme on Information and Comm. Security (IPICS 2010), Greece, 2010
  • Technoeconomic Management and Security of Digital Systems, University of Piraeus, Greece, 2010
  • Extending Datatabase Technology school (EDBT school 2009), France, 2009
  • The European Intensive Programme on Information and Comm. Security (IPICS 2009), Austria, 2009
  • The European Intensive Programme on Information and Comm. Security (IPICS 2008), Germany, 2008
  • 8th International School On Foundations Of Security Analysis and Design (FOSAD 2008), Italy, 2008
  • 2nd International School On Foundations Of Security Analysis and Design (FOSAD 2001), Italy, 2001
  • 1st International School On Foundations Of Security Analysis And Design (FOSAD 2000), Italy, 2000

In 2006, 2007, and 2008 she taught, as invited lecturer, the course “Computer Security I” for the MSc in Information Security at the University College London (UCL), UK.

4 Awards and honors

  • IEEE Fellow for contributions to information security, data protection, and privacy [2011].
  • ACM Distinguished Scientist for her contributions in the fields of information security, data protection, and privacy [2009].
  • Kristian Beckman Award from IFIP TC11 for her substantial inquisitive academic activities leading to broad, long-term, and forward reaching contributions to the full field of information security [2008].
  • IFIP Silver Core Award for the services to IFIP TC11 [2004].
  • ACM Principles of Database Systems Best Newcomer Paper Award for the paper “Minimal Data Upgrading to Prevent Inference and Association Attacks,” by S. Dawson, S. De Capitani di Vimercati, P. Lincoln, P. Samarati [1999].
  • Scholarship from The Rotary Foundation for a period of study/research abroad [Mar-Dec 1991].
  • Scholarship from Fondazione Confalonieri for a post-Laurea research period at Università degli Studi di Milano [Jan-Jul 1990].

5 Professional activities

5.1 Service at Università degli Studi di Milano

  • Chair of the educational board, Information Technology Department [Oct 2001-Oct 2008]

5.2 Participation in editorial boards of international journals

  • Editor-in-Chief , Journal of Computer Security [Feb 2010-present]
  • Associate Editor, ACM Transactions on the Web [Nov 2005-present]
  • Associate Editor, ACM Transactions on Database Systems [Oct 2005-Oct 2011]
  • Associate Editor, ACM Computing Surveys [Jul 2004-present]
  • Editorial Board Member, ICST Transactions on Security and Safety [Feb 2009-present]
  • Editorial Board Member, Computers & Security journal [Oct 2008-present]
  • Editorial Board Member, Transactions on Data Privacy [Feb 2008-present]
  • Editorial Board Member, International Journal of Information and Computer Security [Nov 2006-present]
  • Editorial Board Member, Journal of Computer Security [Jan 2001-Jan 2010]

5.3 Conference and workshop organization

She serves in the steering committees of several international conferences and organized many of them as general or program chair. She has served as program committee member for more than 190 international conferences and workshops, including flagship conferences of ACM and IEEE.
She has been actively involved in the organization of some of the most important international conferences in the security community. In 2002, she established the ACM Workshop on Privacy in the Electronic Society, serving as Program Chair for its first two editions. The workshop, of which she now chairs the Steering Committee, gathered the interest of many researchers and, at its 9th edition in 2010, represents one of the largest and most successful thematic workshops held in the association with the ACM Computer and Communications Security Conference (ACM CCS), the flagship ACM SIGSAC (Special Interest Group in Security, Audit and Control) conference.

Chairing roles in steering committees:

  • European Symposium on Research in Computer Security, Chair [Sep 2007-present]
  • ACM Workshop on Privacy in the Electronic Society, Proponent and Chair [Nov 2004-present]
  • ACM SIGSAC (Special Int. Group on Security, Audit, and Control), vice-Chair [2005-2009]
  • European Symposium on Research in Computer Security, vice-Chair [Sep 2003-Aug 2007]
  • IFIP Working Group 11.3 on Data and Application Security, Chair [Jul 2000-Jul 2007]

Member of steering committees:

  • ACM Symposium on InformAtion, Computer and Communications Security, [2006-present]
  • International Conference on Information Systems Security, [2005-present]
  • European Symposium On Research In Computer Security, [Mar 1998-Aug 2003]
  • International Conference on Information and Communications Security, [2000-present]
  • ACM Conference on Computer and Communications Security, [2000-2009]

General Chair:

  • 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2010), Rome, Italy, June 21-23, 2010.
  • 10th European Symposium On Research In Computer Security (ESORICS 2005), Milan, Italy, September 12-14, 2005.
  • 1st Workshop on Security and Trust Management (STM 2005), Milan, Italy, September 15, 2005.

Workshop Chair:

  • 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA, November 7-11, 2005.

Tutorial Chair:

  • 15th ACM Conference on Computer and Communications Security (CCS 2008), Alexandria, VA, USA, October 27-31, 2008.

Panel Chair:

  • 25th Annual Computer Security Applications Conference (ACSAC 2009), Honolulu, Hawaii, December 7-11, 2009.

Program Chair:

  • 8th International Workshop on Security and Trust Management (STM 2012), Pisa, Italy, September 13-14, 2012 (co-chair with Audun Jøsang).
  • 7th International Conference on Security and Cryptography (SECRYPT 2012), Rome, Italy, July 24-27, 2012.
  • 10th International Conference on Applied Cryptography and Network Security (ACNS 2012), Singapore, June 26-29, 2012 (co-chair with Feng Bao).
  • 5th International Conference on Network and System Security (NSS 2011), Milan, Italy, September 6-8, 2011.
  • 6th International Conference on Security and Cryptography (SECRYPT 2011), Seville, Spain, July 18-21, 2011 (co-chair with Javier Lopez).
  • 4th International Conference on Network and System Security (NSS 2010), Melbourne, Australia, September 1-3, 2010 (co-chair with Yang Xiang, Jiankun Hu).
  • 5th International Conference on Security and Cryptography (SECRYPT 2010), Athens, Greece, July 26-28, 2010 (co-chair with Sokratis Katsikas).
  • 3rd International Workshop on Information Security Theory and Practices (WISTP 2010), Passau, Germany, April 12-16, 2010 (co-chair with M. Tunstall).
  • 12th Information Security Conference (ISC 2009), Pisa, Italy, September 7-9, 2009 (co-chair with Moti Yung).
  • 24th Annual Computer Security Applications Conference (ACSAC 2008), Anaheim, California, USA, December 8-12, 2008.
  • 1st International Workshop on Privacy in Location-Based Applications (PiLBA 2008), Malaga, Spain, October 9, 2008 (co-chair with Claudio Bettini, Sushil Jajodia, X. Sean Wang).
  • 23rd International Information Security Conference (SEC 2008), Milan, Italy, September 8-10, 2008 (co-chair with Sushil Jajodia).
  • 23rd Annual Computer Security Applications Conference (ACSAC 2007), Miami, FL, USA, December 10-14, 2007.
  • 4th European PKI Workshop: Theory and Practice (EuroPKI 2007), Palma de Mallorca, Spain, June 28-30, 2007 (co-chair with Javier Lopez).
  • 2nd ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2007), Singapore, March 20-22, 2007 (co-chair with Robert Deng).
  • 2nd International Workshop on Security and Trust Management (STM 2006), Hamburg, Germany, September 20, 2006 (co-chair with Sandro Etalle).
  • 22nd Annual Computer Security Applications Conference (ACSAC 2006), Miami, FL, USA, December 11-15, 2006 (co-chair with Christoph Schuba and Charlie Payne).
  • 21st Annual Computer Security Applications Conference (ACSAC 2005), Tucson, AZ, USA, December 5-9, 2005 (co-chair with Christoph Schuba and Charlie Payne).
  • 20th Annual Computer Security Applications Conference (ACSAC 2004), Tucson, AZ, USA, December 6-10, 2004 (co-chair with Dan Thomsen and Christoph Schuba).
  • 9th European Symposium On Research In Computer Security (ESORICS 2004), Nice, France, September 13-15, 2004 (co-chair with Peter Ryan).
  • 18th IFIP WG11.3 Working Conference on Data and Application Security (DBSec 2004), Sitges, Spain, July 25-28, 2004 (co-chair with Csilla Farkas).
  • 2nd ACM Workshop on Privacy in the Electronic Society (WPES 2003), Washington, DC, USA, October 31, 2003 (co-chair with Paul Syverson).
  • 8th European Symposium On Research In Computer Security (ESORICS 2003), Gjovik, Norway, October 13-15, 2003 (co-chair with Einar Snekkenes).
  • 18th IFIP TC-11 International Conference on Information Security (SEC 2003), Athens, Greece, May 26-28, 2003 (co-chair with Socratis Katsikas).
  • 1st ACM Workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA, November 21, 2002.
  • 8th ACM Conference of Computer and Communications Security (CCS 2001), Philadephia, PA, USA, November 5-8, 2001.
  • 10th IFIP WG11.3 Working Conference on Database Security (DBSec 1996), Como, Italy, July 1996 (co-chair with Ravi Sandhu).

Publicity Chair:

  • International Workshop on Advanced Transaction Models and Architectures (ATMA 1996), Goa, India, August 1996 (co-chair with Vijaylaksmi Atluri).

Program Committee Member:

  • 9th European PKI Workshop: Research and Applications (EuroPKI 2012), Pisa, Italy - September 13-14, 2012.
  • 9th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2012), Vienna, Austria, September 3-7, 2012.
  • 13th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2012), Canterbury, UK, September 2-5, 2012.
  • 26th Annual WG11.3 Conference on Data and Applications Security and Privacy (DBSec 2012), Paris, France, July 11-13, 2012.
  • 12th Privacy Enhancing Technologies Symposium (PETS 2012), Vigo, Spain, July 11-13, 2012.
  • 8th International Conference on Mobile Web Information Systems (MobiWIS 2012), Niagara Falls, Ontario, Canada, August 27-29, 2012.
  • 25th IEEE Symposium on Computer Security Foundations (CSF 2012), Cambridge, USA, June 25-27, 2012.
  • 17th ACM Symposium on Access Control Models and Technologies (SACMAT 2012), June 20-22, 2012.
  • 9th Workshop in Information Security Theory and Practice (WISTP 2012), Egham, UK, June 19-22, 2012.
  • 32nd International Conference on Distributed Computing Systems (ICDCS 2012), Macau, China, June 12-15, 2012.
  • 27th IFIP International Information Security and Privacy Conference (SEC 2012), Heraklion, Crete, Greece, June 4-6, 2012.
  • 6th IFIP WG 11.11 International Conference on Trust Management (IFIPTM 2012), Surat, India, May 21-25, 2012.
  • 5th European Workshop on Systems Security (EuroSec 2012), Bern, Switzerland, April 10, 2012.
  • 5th International Workshop on Privacy and Anonymity in Information Society (PAIS 2012), Berlin, Germany, March 30, 2012.
  • 4th International Symposium on Engineering Secure Software and Systems (ESSOS 2012), Eindhoven, The Netherlands, February 16-17, 2012.
  • 7th International Conference on Information Systems Security (ICISS 2011), Kolkata, India, December 15-18, 2011.
  • 27th Annual Computer Security Applications Conference (ACSAC 2011), Orlando, Florida, USA, December 5-9 2011.
  • 13th International Conference on Information and Communication Security (ICICS 2011), Beijing, China, November 23-26, 2011.
  • 5th International Web Rule Symposium (RuleML2011@BFR), Fort Lauderdale, Florida, USA, November 3-5, 2011.
  • 14th Information Security Conference (ISC 2011), Xian, China, October 26-29, 2011.
  • 12th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2011), Ghent, Belgium, October 19-21, 2011.
  • 8th International Conference on Mobile Web Information Systems (MobiWIS 2011), Niagara Falls, Ontario, Canada, September 19-21, 2011.
  • 8th European Workshop on PKI, Services and Applications (EUROPKI 2011), Leuven, Belgium, September 15-16, 2011.
  • 16th European Symposium On Research In Computer Security (ESORICS 2011), Leuven, Belgium, September 12-14, 2011.
  • 7th International Conference on Security and Privacy in Communication Networks (SecureComm 2011), London, UK, September 7-9, 2011.
  • IFIP Summer School on Privacy and Identity Management for Emerging Internet Applications throughout a Person’s Lifetime, Trento, Italy, September 5-9, 2011.
  • Workshop on Workflow Security Audit and Certification (WfSAC 2011), Clermont-Ferrand, France, August 29, 2011.
  • 11th Privacy Enhancing Technologies Symposium (PETS 2011), Waterloo, ON, Canada, July 27-29, 2011.
  • 5th International RuleML Symposium on Rules (RuleML2011@IJCAI) Barcelona, Spain, July 19-21, 2011.
  • 9th Annual Conf. on Privacy, Security and Trust (PST 2011), Montreal, QC, Canada, July 19-21, 2011.
  • 25th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec 2011), Richmond, Virginia USA, July 11-13, 2011.
  • 8th IEEE/FTRA International Conference on Secure and Trust Computing, Data Management, and Applications (STA 2011), Crete, Greece, June 28-30, 2011.
  • 7th International Workshop on Security and Trust Management (STM 2011), Copenhagen, Denmark, June 27-28, 2011.
  • 10th Workshop on Foundations of Computer Security (FCS 2011), Toronto, ON, Canada, June 20-25, 2011.
  • 2nd International Workshop on Security and Privacy in Cloud Computing (SPCC 2011), Minneapolis, Minnesota, USA, June 20-24, 2011.
  • 16th ACM Symposium on Access Control Models and Technologies (SACMAT 2011), Innsbruck, Austria, June 15-17, 2011.
  • 4th International Workshop on Information Security Theory and Practices (WISTP 2011), Heraklion, Greece, June 8-11, 2011.
  • 26th IFIP International Information Security Conference (SEC 2011), Lucerne, Switzerland, June 7-9, 2011.
  • 12th IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2011), Pisa, Italy, June 6-8, 2011.
  • 4th International Workshop on Privacy and Anonymity in Information Society (PAIS 2011), Uppsala, Sweden, March 25, 2011.
  • 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), Hong Kong, China, March 22-24, 2011.
  • 12th International Conference on Information and Communications Security (ICICS 2010), Barcelona, Spain, December 15-17, 2010.
  • 26th Annual Computer Security Applications Conf. (ACSAC 2010), Austin, Texas, December 6-10, 2010.
  • 19th International Conference on Information and Knowledge Management (CIKM 2010), Toronto, Canada, October 26-30, 2010.
  • 13th Information Security Conference (ISC 2010), Boca Raton, Florida, USA, October 25-28, 2010.
  • 5th International Symposium on Information Security (IS 2010), Crete, Greece, October 25-26, 2010.
  • 5th International Conference on Risks and Security of Internet and Systems (CRiSIS 2010), Montreal, Canada, October 11-13, 2010.
  • 9th Workshop on Privacy in the Electronic Society (WPES 2010), Chicago, IL, USA, October 4, 2010.
  • 7th European Workshop on Public Key Services, Applications and Infrastructures (EuroPKI 2010), Athens, Greece, September 23-24, 2010.
  • 6th International Workshop on Security and Trust Management (STM 2010), Athens, Greece, September 23-24, 2010.
  • 15th European Symposium On Research In Computer Security (ESORICS 2010), Athens, Greece, September 20-22, 2010.
  • 25th IFIP Int’l Information Security Conference (SEC 2010), Brisbane, Australia, September 20-23, 2010.
  • Privacy in Statistical Databases (PSD 2010), Corfu, Greece, September 22-24, 2010.
  • 7th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2010), Bilbao, Spain, 30 August-3 September 2010.
  • Collaborative Methods for Security and Privacy (CollSec 2010), Washington, VA, USA, August 10, 2010.
  • PrimeLife/IFIP Summer School 2010, Helsingborg, Sweden, August 2-6, 2010.
  • 11th IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2010), Fairfax, VA, USA, July 21-23, 2010.
  • Workshop on Foundations of Security and Privacy (FCS-PrivMod 2010), Edinburgh, UK, July 14-15, 2010.
  • 1st International Workshop on Security and Privacy in Cloud Computing (SPCC 2010), Genoa, Italy, June 21-25, 2010.
  • 30th Int’l Conference on Distributed Computing Systems (ICDCS 2010), Genoa, Italy, June 21-25, 2010.
  • ACM Internationa SIGMOD Conference on Management of Data, Indianapolis, Indiana, June 6-11, 2010.
  • 11th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security (CMS 2010), Hagenberg, Austria, May 31-June 2, 2010.
  • 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010), Beijing China, April 13-16, 2010.
  • 13th International Conference on Extending Database Technology (EDBT 2010), Lausanne, Switzerland, March 22-26, 2010.
  • 3rd International Workshop on Privacy and Anonymity in the Information Society (PAIS 2010), Lausanne, Switzerland, March 22, 2010.
  • 26th International Conference on Data Engineering (ICDE 2010), Long Beach, California, March 1-6, 2010.
  • Workshop on Security and Privacy in Cloud Computing (SPCC 2010), Brussels, Belgium, January 29, 2010.
  • 25th Annual Computer Security Applications Conf. (ACSAC 2009), Honolulu, Hawaii, December 2009.
  • 1st ACM Workshop on Information Security Governance (WISG 2009), Chicago, Illinois, USA, November 13, 2009.
  • 1st ACM Cloud Computing Security Workshop (CCSW 2009), Chicago, Illinois, USA, November 13, 2009.
  • 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, Illinois, USA, November 9-13, 2009.
  • 4th International Symposium on Information Security (IS 2009), Algarve, Portugal, November 1-6, 2009.
  • 4th International Conference on Risks and Security of Internet and Systems (CRiSIS 2009), Toulouse, France, October 19-22, 2009.
  • 5th International Workshop on Security and Trust Management, (STM 2009), Saint Malo, France, September 24-25, 2009.
  • 14th European Symposium On Research In Computer Security (ESORICS 2009), Saint Malo, France, September 21-25, 2009.
  • 5th International Conference on Security and Privacy in Communication Networks (SecureComm 2009), Athens, Greece, September 14-18, 2009.
  • 6th European Workshop on Public Key Services (EUROPKI 2009), Pisa, Italy, September 9-11, 2009.
  • PrimeLife Summer School, Nice, France, September 7-11, 2009.
  • 10th IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2009), London, UK, July 20-22, 2009.
  • 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2009), Montreal, Canada, July 12-15, 2009.
  • 22nd IEEE Computer Security Foundations Symposium (CSF 2009), New York, USA, July 8-10, 2009.
  • 29th International Conference on Distributed Computing Systems (ICDCS 2009), Montreal, Quebec, Canada, June 22-26, 2009.
  • 24th IFIP International Information Security Conference (SEC 2009), Pafos, Cyprus, May 18-20, 2009.
  • IEEE Symposium on Computational Intelligence in Cyber Security (CICS 2009), Nashville, TN, USA, March 30 - April 2, 2009.
  • 2nd Workshop on Privacy in Information Society (PAIS 2009), Saint Petersburg, Russia, March 22, 2009.
  • 4th ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2009), Sydney, Australia, March 17-19, 2009.
  • 4th International Conference on Information Systems Security (ICISS 2008), University of Hyderabad, India, December 16-20, 2008.
  • 3rd International Symposium on Information Security (IS 2008), Monterrey, Mexico, November 10-11, 2008.
  • 15th ACM Conference on Computer and Communications Security (CCS 2008), Alexandria, VA, USA, October 27-31, 2008.
  • 7th ACM Workshop on Privacy in the Electronic Society (WPES 2008), Alexandria, VA, USA, October 27, 2008.
  • 13th European Symposium On Research In Computer Security (ESORICS 2008), Malaga, Spain, October 6-8, 2008.
  • 4th International Conference on Security and Privacy in Communication Networks (SecureComm 2008), Instambul, Turkey, September 22-25, 2008.
  • 11th Information Security Conference (IS 2008), Taipei, Taiwan, September 15-18, 2008.
  • 5th International Conference on Trust, Privacy & Security in Digital Business (TrustBus 2008), Turin, Italy, September 1-5, 2008.
  • 8th Brazilian Symposium on Information and Computer System Security (SBSeg 2008), Gramado, Brazil, September 1-5, 2008.
  • 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2008), London, UK, July 13-16, 2008.
  • 4th International Conference on Global E-Security (ICGeS 2008), Docklands, UK, June 23-25, 2008.
  • 28th Int’l Conference on Distributed Computing Systems (ICDCS 2008) Beijing, China, June 17-20, 2008.
  • Joint iTrust and PST Conference on Privacy, Trust Management and Security (IFIPTM 2008), Norway, June 16-20, 2008.
  • 4th International Workshop on Security and Trust Management, Trondheim, Norway, June 16-17, 2008.
  • IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC 2008), Taichung, Taiwan, June 11-13, 2008
  • 9th IEEE Workshop on Policies for Distributed Systems and Networks (POLICY 2008), Palisades, NY, USA, June 2-4, 2008.
  • 2nd Workshop in Information Security Theory and Practices 2008: Smart Devices, Convergence and Next Generation Networks (WISTP 2008), Sevilla, Spain, May 13-16, 2008.
  • 1st International Workshop on Privacy and Anonymity in the Information Society (PAIS 2008), Nantes, France, March 29, 2008.
  • 23rd ACM Symposium on Applied Computing (SAC 2008), Fortaleza, Ceara, Brazil, March 16-20, 2008.
  • Workshop on Privacy Enforcement and Accountability With Semantics (PEAS 2007), Busan, Korea, November 12, 2007.
  • 14th ACM Conference on Computer and Communications Security (CCS 2007), Alexandria, VA, USA, October 29 - November 2, 2007.
  • 1st ACM Workshop on Information and Communications Security Standards and Regulations (StaR SEC 2007), Alexandria, VA, USA, October 29, 2007.
  • 6th ACM Workshop on Privacy in the Electronic Society, Alexandria (WPES 2007), VA, USA, October 29, 2007.
  • 3rd European Conference on Computer Network Defense (EC2ND 2007), Heraklion, Crete, Greece, October 4-5, 2007.
  • 10th Information Security Conference (ISC 2007), Valparaiso, Chile, October 9-12, 2007.
  • 33rd International Conf. on Very Large Databases (VLDB 2007), Vienna, Austria, September 25-28, 2007.
  • 12th European Symposium On Research In Computer Security (ESORICS 2007), Dresden, Germany, September 24-26, 2007.
  • 13th New Security Paradigms Workshop (NSPW 2007), New Hampshire, USA, September 18-21, 2007.
  • 3rd International Conference on Security and Privacy in Communication Networks (SecureComm 2007), Nice, France, September 17-21, 2007.
  • Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM 2007), Moncton, New Brunswick, Canada, July 30 - August 2, 2007.
  • 21st Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2007), Redondo Beach, CA, USA, July 8-11, 2007.
  • 20th IEEE Computer Security Foundations Symposium (CSF 2007), Venice, Italy, July 6-8, 2007.
  • 22nd IFIP TC-11 International Information Security Conference (SEC 2007), Sandton, South Africa, May 14-16, 2007.
  • 1st Workshop in Information Security Theory and Practices 2007: Smart Cards, Mobile and Ubiquitous Computing Systems (WISTP 2007), Heraklion, Crete, Greece, May 9-11, 2007
  • 23rd IEEE International Conference on Data Engineering (ICDE 2007), Istanbul, Turkey, April 16-20, 2007.
  • 2th International Conference on Database Systems for Advanced Applications (DASFAA 2007), Bangkok, Thailand, April 9-12, 2007.
  • 22nd ACM Symposium on Applied Computing (SAC 2007), Seoul, Korea, March 11-15, 2007.
  • 2nd International Conference on Information Systems Security (ICISS 2006), December 17-21, 2006.
  • 8th International Conference on Information and Communications Security (ICICS 2006), Raleigh, NC, USA, December 4-7, 2006.
  • 2nd International Semantic Web Policy Workshop (SWPW 2006), Athens, GA, USA, November 5-9, 2006.
  • 4th ACM Workshop on Formal Methods in Security Engineering (FMSE 2006), Alexandria, VA, USA, November 3, 2006.
  • 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, VA, USA, October 30-November 3, 2006.
  • 5th ACM Workshop on Privacy in the Electronic Society (WPES 2006), Alexandria, VA, USA, October 30, 2006.
  • 1st European Workshop on Technological & Security Issues in Digital Rights Management (EuDiRIghts 2006), Hamburg, Germany, September 9, 2006.
  • 3rd International Conference on Trust and Privacy in Digital Business (TrustBus 2006), Krakov, Poland, September 4-8, 2006.
  • 9th Information Security Conference (IS 2006), Pythagoras, Greece, August 30 - September 2, 2006.
  • 4th International Workshop on Formal Aspects in Security & Trust (FAST 2006), Hamilton, Ontario, August 26-27, 2006.
  • 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2006), Sophia Antipolis, France, July 31-August 2, 2006.
  • IEEE Symposium on Network Security and Information Assurance, Istanbul, Turkey, June 11-15, 2006.
  • 4th International Conference on Applied Cryptography and Network Security Conference (ACNS 2006), Singapore, June 6-9, 2006.
  • 7th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2006), London, Ontario, Canada, June 5-7, 2006.
  • Models of Trust for the Web (MTW 2006), Edinburgh, Scotland, May 22-26, 2006.
  • 4th Working Conference on Privacy and Anonymity in Networked and Distributed Systems (I-NetSec 2006), Karlstad, Sweden, May 22-24, 2006.
  • 21st IFIP International Information Security Conference (SEC 2006), Karlstad, Sweden, May 22-24, 2006.
  • 4th Trust Management Conference (iTrust 2006), Pisa, Italy, May 16-19, 2006.
  • 21st ACM Symposium on Applied Computing (SAC 2006), Dijon, France, April 23-27, 2006.
  • 2nd International Conference on Global e-Security (ICGES 2006), London, UK, April 20-22, 2006.
  • 20th IEEE Advanced Inf. Networking and Applications (AINA 2006), Vienna, Austria, April 18-20, 2006.
  • 2nd Int’l Workshop on Privacy Data Management (PDM 2006), Atlanta, Georgia, USA, April 8, 2006.
  • 1st International Workshop on Security and Trust in Decentralized/Distributed Data Structures (STD3S 2006), Atlanta, GA, USA, April 3-7, 2006.
  • 1st ACM Symposium on Information Communication and Computer Security (ASIACCS 2006), Taipei, Taiwan, March 21-24, 2006.
  • 5th IEEE International Symposium on Signal Processing and Information Technology (ISSPIT 2005), Athens, Greece, December 18-21, 2005.
  • 1st International Conference on Information Security (ICIS 2005) Kolkata, India, December 19-21, 2005.
  • Workshop on Privacy and Security Aspects of Data Mining, Houston, Texas, USA, November 27, 2005.
  • 2nd ACM Workshop on Storage Security and Survivability (StorageSS 2005), Fairfax, Virginia, USA, November 11, 2005.
  • 4th ACM Workshop on Privacy in the Electronic Society (WPES 2005), Alexandria, VA, USA, November 7, 2005.
  • 8th Information Security Conference (ISC 2005), Singapore, September 20-23, 2005.
  • 2nd International Conference on Trust, Privacy, and Security in Digital Business (TrustBus 2005), Copenhagen, Denmark, August 22-26, 2005.
  • 1st Int’l Workshop on Security and Trust Management (STM 2005), Milan, Italy, September 15, 2005.
  • 4th International Workshop on Agents and Peer-to-Peer Computing (AP2PC 2005), Utrecht, Netherlands, July 25-29, 2005
  • 10th Australasian Conf. on Inf. Security and Privacy (ACISP 2005), Brisbane, Australia, July 4-6, 2005.
  • 3rd Applied Cryptography and Network Security Conf. (ACNS 2005), New York City, June 7-10, 2005.
  • 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, June 6-8, 2005.
  • 2nd International Workshop on Security in Distributed Computing Systems (SDCS 2005), Columbus, OH, USA, June 6-9, 2005.
  • IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 8-11, 2005.
  • 20th IFIP Int’l Information Security Conference (SEC 2005), Makuhari, Japan, May 30 - June 1, 2005.
  • 1st International Workshop on Privacy Data Management (PDM 2005), Tokyo, Japan, April 9, 2005.
  • Web Technologies and Applications - Special Track of the 20th ACM Symposium on Applied Computing (SAC 2005), Santa Fe, New Mexico, March 13-17, 2005.
  • 2nd Conference on Secure Communication and the Internet, Cairo, Egypt, December 27-29, 2004.
  • 1st International Conference on Distributed Computing and Internet Technology (ICDCIT 2004), Bhubaneswar, India, December 22-24, 2004.
  • Workshop on Privacy and Security Aspects of Data Mining, Brighton, UK, November 1, 2004.
  • 3rd ACM Workshop on Privacy in the Electronic Society (WPES 2004), Washington, DC, USA October 28, 2004
  • 8th IFIP TC-6&11 Conference on Communication and Multimedia Security (CMS 2004), Lake Windermere, UK, September 15-18, 2004.
  • 1st International Conference on Trust and Privacy in Digital Business (TrustBus 2004), Zaragoza, Spain, August 30 - September 3, 2004.
  • 2nd International Workshop on Certification and Security in Inter-Organizational E-Services (CSES 2004), Toulouse, France, August 26-27, 2004.
  • 19th IFIP Int’l Information Security Conference (SEC 2004), Toulouse, France, August 23-26, 2004.
  • 2nd Int. Workshop on Formal Aspects in Security & Trust (FAST 2004), Toulouse, France, Aug. 22, 2004.
  • 3rd International Workshop on Agents and Peer-to-Peer Computing, (AP2PC 2004), New York, NY, USA, July 19-23, 2004.
  • 1st Eur. PKI Workshop: Research and Applications (EuroPKI 2004), Samos, Greece, June 25-26, 2004.
  • 1st Workshop on Databases In Virtual Organizations (DIVO 2004), Paris, June 17, 2004.
  • 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), New York, June 7-9, 2004.
  • IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 9-12, 2004.
  • 19th Annual Computer Security Applications Conference, Las Vegas, NV, December 8-12, 2003.
  • 10th ACM Conf of Computer and Communications Security, Washington, DC, USA, October 27-31, 2003.
  • 1st MiAn Int. Conf. on Applied Cryptography and Network Security, Kunming, China, Oct. 16-19, 2003.
  • 1st Int. Workshop on Formal Aspects in Security & Trust (FAST 2003), Pisa, Italy, September 8-9, 2003.
  • 2nd Int. Workshop on Agents and Peer-to-Peer Computing, Melbourne, Australia, July 14-15, 2003.
  • 2003 Workshop on Foundations of Computer Security, Ottawa, Canada, June 26-27, 2003.
  • 4th IEEE Int. Workshop on Policies for Distributed Systems and Networks, Como, Italy, June 4-6, 2003.
  • 2nd Int. IFIP Working Conf. on Network and Distr. System Security, Athens, Greece, May 26-28, 2003.
  • 1st IEEE International Security In Storage Workshop, Greenbelt, Maryland, USA, December 11, 2002.
  • 18th Annual Computer Security Applications Conference, Las Vegas, NV, USA, Dec. 9-13, 2002.
  • 20th Int. Conference on Conceptual Modeling (ER 2001), Yokohama, Japan, November 26-30, 2001.
  • 9th ACM Conf of Computer and Communications Security, Washington, DC, USA, November 17-21, 2002.
  • 7th European Symp. On Research In Computer Security (ESORICS 2002), Zurich, CH, Oct. 14-16, 2002.
  • IFIP TC-11 International Conference on Information Security (SEC 2002), Cairo, Egypt, May 6-8, 2002.
  • 17th Annual Computer Security Applications Conference, New Orleans, LA, USA, Dec. 10-14, 2001.
  • 1st Int. IFIP WG11.4 Conf. on Network Security (I-NetSec 2001), Leuven, Belgium, Nov. 26-27, 2001.
  • 3rd Int. Conf. on Information and Communication Security (ICICS 2001), Xian, China, Nov. 13-16, 2001.
  • Sistemi Evoluti di Basi Dati, Venezia, Italy, June 27-29, 2001.
  • IFIP-TC11 International Conference on Information Security, Paris, France, June 12-14, 2001.
  • 1st Workshop on Security and Privacy in E-Commerce, Athens, Greece, November 4, 2000.
  • 7th ACM Conference of Computer and Communications Security, Athens, Greece, November 1-4, 2000.
  • 6th European Symp. On Research In Computer Security (ESORICS 2000), Tolouse, FR, Oct. 4-6, 2000.
  • IFIP-TC11 Conference on Information Security, Beijing, China, August 21-25, 2000.
  • 2000 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 14-17, 2000.
  • EDBT2000 – VII Conference on Extending Database Technology, Konstanz, Germany, March 27-31, 2000.
  • DEXA’99 Workshop on Electronic Commerce and Security, Florence, Italy, Aug. 30 - Sept. 3, 1999.
  • IEEE Computer Security Foundations Workshop, Mordano, Italy, June 28-30, 1999.
  • ACM Conference on Computer and Communications Security, San Francisco, CA, USA, Nov 2-5, 1998.
  • IFIP WG 11.5 Working Conf. on Integrity and Control in Information Systems, VA, USA, Nov 1998.
  • 5th European Symposium on Research in Computer Security, Belgium, September 16-18, 1998.
  • IFIP-TC11 Conference on Information Security, Vienna, Austria, September 1998.
  • DEXA Workshop on Security and Integrity of Data Intensive Applications, Vienna, Austria, August 1998.
  • IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 3-6, 1998.
  • ACM SIGSAC Workshop on New Security Paradigms, Great Langdale, Cumbria, UK, Sept. 23-26, 1997.
  • IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 4-7, 1997.
  • 4th European Symp. On Research In Computer Security (ESORICS), Roma, Italy, September 25-27, 1996.
  • ACM SIGSAC Workshop on New Security Paradigms, Lake Arrowhead, CA, USA, September 16-19, 1996.
  • ACM SIGSAC Workshop on New Security Paradigms, La Jolla, CA, USA, August 22-25, 1995.
  • 2nd ACM Conference on Computer and Communications Security, Fairfax, VA, USA, November 2-4, 1994.
  • ACM Conf. on Object-Oriented Programming Systems, Languages, and Appl., Portland, USA, Oct. 1994.
  • International Symposium on Object-Oriented Methodologies and Systems, Palermo, Italy, September 1994.

Advisory Committee Member:

  • 4th Summer School on Network and Information Security (NIS 2011), Crete, Greece, June 27-July 1, 2011.
  • 3rd Summer School on Network and Information Security (NIS 2010), Crete, Greece, September 13-17, 2010.

5.4 Member of scientific and technical boards

  • IEEE Systems Council - Technical Committee on Security and Privacy in Complex Information Systems, Chair [2010-present]
  • ACM SIGSAC Awards Committee, Chair [2005-2009]
  • External Advisory Board, the IBM Privacy Institute [2001-present]
  • OASIS XACML Technical Committee, chairing Policy Model Subcommittee [2001]
  • Board of Directors, International Communications and Information Security Association [2000-present]
  • IFIP Technical Committee 11 on EDP Security, Italian representative [1996-present]
  • AICA (Italian Ass. for Information Processing) Working Group on Security, Chair [1996-present]

5.5 Participation in panels of conferences and workshops

  • “Data and Applications Security: Status and Prospects,” in 25th Annual IFIP WG11.3 Conference on Data and Applications Security and Privacy (DBSec 2011) Richmond, Virginia USA, July 11-13, 2011.
  • “Future Challenges in Telecommunications and Computer Networking,” in 7th International Conference on e-Business and Telecommunications (ICETE 2010), Athens, Greece, July 26-28, 2010.
  • “e-Business: Socio-Technical Challenges and Strategies,” in International Joint Conference on e-Business and Telecommunications (ICETE 2009), Milan, Italy, July 7-10, 2009.
  • “The Role of Data and Application Security in Homeland Security,” in 18th IFIP WG11.3 Working Conference on Database and Application Security, Sitges, Spain, July 25-28, 2004.
  • “Privacy and Civil Liberties,” in 16th IFIP WG11.3 Working Conference on Database and Application Security, Cambridge, UK, July 29-31, 2002.
  • “XML and Security,” in 15th IFIP WG11.3 Working Conference on Database and Application Security, Niagara on the Lake, Ontario, Canada, July 15-18, 2001.
  • “Privacy Issues in WWW and Data Mining,” in 12th IFIP WG11.3 Working Conference on Database Security, Tessaloniki, Greece, July 15-17, 1998.
  • “Data Warehousing, Data Mining, and Security,” in 11th IFIP WG11.3 Working Conference on Database Security, Lake Tahoe, CA, USA, August 10-13, 1997.
  • “Role-Based Access Control and Next Generation Security Models,” in 9th IFIP WG11.3 Working Conference on Database Security, Rensselaerville, NY, USA, August 13-16, 1995.

5.6 Invited talks

  • “Providing Support for User Privacy Preferences,” in IEEE International Workshop on Semantics, Security, and Privacy (WSSP 2011), Palo Alto, California, USA, September 21, 2011.
  • “Policy Specification and Enforcement in Emerging Scenarios,” in IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2011), Pisa, Italy, June 6-8, 2011.
  • “Protecting Data Privacy in Emerging Scenarios,” in 10th Brazilian Symposium on Information and Computer System Security (SBSeg 2010), Fortaleza, Brasil, October 11-15, 2010.
  • “Privacy in Data Publication,” in 10th Brazilian Symposium on Information and Computer System Security (SBSeg 2010), Fortaleza, Brasil, October 11-15, 2010. [Tutorial]
  • “Data Privacy in Outsourcing Scenarios,” in 7th European Workshop on Public Key Services, Applications, and Infrastructures (EUROPKI 2010), Athens, Greece, September 23-24, 2010.
  • “Protecting Data Privacy in Data Outsourcing and Publication,” in 6th International ICST Conference on Security and Privacy in Communication Networks (SecureComm 2010), Singapore, September 7-9, 2010.
  • “Protecting Privacy in Data Publishing,” in Institute for Infocomm Research, Singapore, September 6, 2010.
  • “Protecting Confidentiality in External Data Storage,” in 1st International Workshop on Security and Privacy in Cloud Computing (SPCC 2010), Genoa, Italy, June 25, 2010.
  • “Data Protection in Outsourcing Scenarios: Issues and Directions,” in 5th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2010), Beijing, China, April 13-16, 2010.
  • “Protecting Data Privacy in Outsourcing Scenarios,” in 3rd International Workshop on Privacy and Anonymity in the Information Society (PAIS 2010), Lausanne, Switzerland, March 22, 2010.
  • “Protecting Data Privacy in Outsourcing Scenarios,” in Illinois Institute of Technology, Chicago, Illinois, USA, November 11, 2009.
  • “Protecting Data to Enable Privacy in the Electronic Society,” in International Workshop on Signal Processing in the EncryptEd Domain (SPEED 2009) Lausanne, Switzerland, September 10, 2009.
  • “Protecting Information Privacy in the Electronic Society,” in International Conference on Security and Cryptography (SECRYPT 2009), Milan, Italy, July 7-10, 2009.
  • “Privacy in Data Dissemination and Outsourcing,” in 13th European Symposium On Research In Computer Security (ESORICS 2008), Malaga, Spain, October 6-8, 2008.
  • “Access Control Policies and Data Protection: Some Results and Open Issues”, in 23rd International Information Security Conference (SEC 2008), Milan, Italy, September 2008. [Kristian Beckman Award Speech]
  • “Privacy in the Electronic Society,” in 2nd International Conference on Information Systems Security (ICISS 2006), Kolkata, India, December 2006.
  • “Identity Management & Privacy in the Electronic Society,” in ICT for Trust and Security (IST 2006), Helsinki, Finland, November 22, 2006.
  • “New Direction in Access Control,” in NATO Advanced Research Workshop on Cyberspace Security and Defense: Research Issues, Gdansk, Poland, September 2004.
  • “Access Control in the Open Infrastructure,” in ITI First International Conference on Information & Communication Technology (ICICT 2003), Cairo, Egypt, December 2003.
  • “New directions for access control policies,” in 7th European Symposium On Research In Computer Security (ESORICS 2002), Zurich, Switzerland, October 16, 2002.
  • “Enriching Access Control to Support Credential-Based Specifications,” in Workshop on Credential-based Access Control in Open Interoperable Systems, Dortmund, Germany, October 2, 2002.
  • “Choosing Reputable Servents in a P2P Network,” in 2nd Annual Information Security for South Africa Conference (ISSA 2002), Muldersdrift, South Africa, July 12, 2002.
  • “Research Directions in Access Control,” in 2nd Annual Information Security for South Africa Conference (ISSA 2002), Muldersdrift, South Africa, July 11, 2002.
  • “Data Security,” in Jor. de Bases de Datos e Ingenieria del Software, Ciudad Real, Spain, Nov 20-21, 2001.

6 Publications

See publications page