I am an Associate Professor in Computer Science at SySMA research unit of IMT School for Advanced Studies Lucca. My previous appointments include a position as Assistant Professor at the Department of Computer Science and System Engineering (DIBRIS) of the University of Genova and Researcher at the Institute of Informatics and Telematics (IIT) of the National Research Council of Italy (CNR).
In 2016-17 I spent a period as a visiting researcher at the Information Security Group of ETH Zurich.
I am co-founder of the Computer Security Laboratory (CSec Lab) of the University of Genova, co-founder and CRO of the innovative start-up Talos https://www.talos-sec.com/, and co-founder of the CTF team born2scan.
I received my Ph.D. in Computer Science from the University of Pisa in 2012 where I also graduated in Computer Science in 2008.
My main research field is cybersecurity. In particular, I my research work includes (but is not limited to) formal verification of software and systems, vulnerability detection mechanisms, attacker models and methodologies, security protocols, and solutions for effective security training.
My research activity covers both the theoretical and practical aspects of cybersecurity. In 2020 I collaborated in discovering two severe vulnerabilities in Rapid7 Metasploit Pro that went under CVE-2020-7354 and CVE-2020-7355.
Andrea Valenza, Gabriele Costa, Alessandro Armando: Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners. RAID (2020)
Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Nicola Zannone: A survey on multi-factor authentication for online banking in the wild. Comput. Secur. 95: 101745 (2020)
Enrico Russo, Gabriele Costa, Alessandro Armando: Building next generation Cyber Ranges with CRACK. Comput. Secur. 95: 101837 (2020)
Gabriele Costa, Letterio Galletta, Pierpaolo Degano, David A. Basin, Chiara Bodei: Natural Projection as Partial Model Checking. J. Autom. Reason. 64(7): 1445-1481 (2020)
Gabriele Costa, Alessio Merlo, Luca Verderame, Alessandro Armando: Automatic security verification of mobile app configurations. Future Gener. Comput. Syst. 80: 519-536 (2018)