People

I am an Associate Professor in Computer Science at SySMA research unit of IMT School for Advanced Studies Lucca. My previous appointments include a position as Assistant Professor at the Department of Computer Science and System Engineering (DIBRIS) of the University of Genova and a researcher at the Institute of Informatics and Telematics (IIT) of the National Research Council of Italy (CNR).

In 2016-17 I spent a period as a visiting researcher at the Information Security Group of ETH Zurich.

I am co-founder of the Computer Security Laboratory (CSec Lab) of the University of Genova, co-founder and CRO of a SME, UNIGE spin-off, called Talos https://www.talos-sec.com/, and co-founder of the CTF team born2scan.

I received my Ph.D. in Computer Science from the University of Pisa in 2012 where I also graduated in Computer Science in 2008.

My main research field is cybersecurity. In particular, my research work includes (but is not limited to) formal verification of software and systems, vulnerability detection mechanisms, attacker models and methodologies, security protocols, and innovative methods for effective security training.

My research activity covers both the theoretical and practical aspects of cybersecurity. In 2020 I collaborated in discovering two severe vulnerabilities in Rapid7 Metasploit Pro that went under CVE-2020-7354 and CVE-2020-7355.

In 2024 I collaborated in discovering a 0-day vulnerability (CVE-2024-50610) using a fully automated vulnerability testing tool, called GolDRuSh.

I am always happy to revise candidates' resumes and evaluate their project proposals, but due to time constraints, some filtering is necessary. Hence, I will only answer emails having the right subject. You can find it by solving the following 

• Subject: LNJXSU2NIEQHAYLHMUQGG2DBNRWGK3THMUQHG33MOZSWIXI=

• Gabriele Costa, Pierpaolo Degano, Letterio Galletta, Simone Soderi: Formally verifying security protocols built on watermarking and jamming. Comput. Secur. 128: 103133 (2023)

• Enrico Russo, Gabriele Costa, Giacomo Longo, Alessandro Armando, Alessio Merlo: LiDiTE: A Full-Fledged and Featherweight Digital Twin Framework. IEEE Trans. Dependable Secur. Comput. 20(6): 4899-4912 (2023)

• Gabriele Costa, Fabio Pinelli, Simone Soderi, Gabriele Tolomei: Turning Federated Learning Systems Into Covert Channels. IEEE Access 10: 130642-130656 (2022)

• Andrea Valenza, Gabriele Costa, Alessandro Armando: Never Trust Your Victim: Weaponizing Vulnerabilities in Security Scanners. RAID (2020)

• Federico Sinigaglia, Roberto Carbone, Gabriele Costa, Nicola Zannone: A survey on multi-factor authentication for online banking in the wild. Comput. Secur. 95: 101745 (2020)

• Enrico Russo, Gabriele Costa, Alessandro Armando: Building next generation Cyber Ranges with CRACK. Comput. Secur. 95: 101837 (2020)

• Gabriele Costa, Letterio Galletta, Pierpaolo Degano, David A. Basin, Chiara Bodei: Natural Projection as Partial Model Checking. J. Autom. Reason. 64(7): 1445-1481 (2020)

• Gabriele Costa, Alessio Merlo, Luca Verderame, Alessandro Armando: Automatic security verification of mobile app configurations. Future Gener. Comput. Syst. 80: 519-536 (2018)