avatar

Ciao! I'm Luca Invernizzi

About Me

My passion is information security, and my expertise is malware. I am keen on building large-scale systems that discover miscreants in a sea of data. In my free time, I love to challenge myself by competing in (or, sometimes, by running) hacking competitions.

Since October '15, I am a Research Scientist at Google. My main research focus is finding novel, robust ways to detect and prevent the spreading of malicious and abusive content.

In the past, I have done research in censorship resistance and Android security, I've been an active member of the GNOME open-source community, and I've had some fun in underwater robotics research.

Professional Experience

Google, Inc.
2015
Research Scientist
Google, Inc.
2015
Software Engineering Intern (research)
At Google, I've joined the anti-abuse team to better understand and detect sophisticated cloaking sites.
The Activity Exchange
2012 - 2015
Project Lead
At ActivityX, I've been in charge of designing and running a scalable service that collects, normalizes, and distributes sensitive health data (such as workouts and blood pressure readings) coming from 20+ sources (such as Fitbit and AppleHealth) and 200k+ users. This system is currently powering Achievemint.com, and Humana Vitality.
Narus
2013
Research Intern
At Narus, I've designed Nazca, a system capable of discovering and tracking malicious downloads in the network traffic of ISPs. This work resulted in a NDSS'14 paper, a patent, and has sparked the interest of the press.
Appfolio
2011
Engineering Intern, Pentester
At Appfolio, I've pentested the various RoR web apps developed there, including a payment-processing system handling the financial information of 100k+ users. I've fixed tens of vulnerabilities, ranging from logic flaws, XSSs, CSRFs, and authentication/authorization flaws. I left the company with a set of tools (integrated in their CI system) that perform static and dynamic analysis on the various products to alert the developers of possible security vulnerabilities before they go live.
Google Summer of Code
2010
Engineering Intern
During my summer, I've extended Getting Things GNOME!, a task manager for the Linux desktop, to support multiple synchronization services (such as Bugzilla, Evolution, RememberTheMilk,...). People liked the new GTG :)
Biorobotics Institute, Sant'Anna
2009
Web Designer
I've created and maintained the website for ANGELS , an European project in underwater robotics.

Education

  • '10-'15

    Ph.D. in Computer Science, Information Security at U.C. Santa Barbara

    During my Ph.D. studies, I have been having fun researching on:

    • Leveraging big-data analysis to discover malware being distributed online (with papers in the top infosec conferences: S&P, NDSS, CSS. Publications include a CSAW best security paper '12 finalist, and UCSB Computer Science Outstanding Publication Award '15)
    • How to better secure Android mobile devices (one S&P paper, 1 ACSAC paper, secured $1.1M grant)
    • How to maintain some privacy online, and novel ways to invade it again.
    • How to teach information security with the help of hacking competitions.

    GPA 4.0

  • '10-'15

    Master's in Computer Science at U.C. Santa Barbara

    GPA 4.0

  • '09-'10

    Visiting Researcher at the University of Hawaii

    At UH I've worked on a novel mathematical model to drive autonomous underwater vehicles. This work has been presented at the IEEE Conference on Decision and Control (CDC).

  • '07-'10

    "Diploma di Licenza" at the Sant'Anna School of Advanced Studies University,, Italy

    Summa cum laude, full scholarship awarded as a winner of a nation-wide competition.

  • '07-'10

    Master's Degree in Control Engineering at the University of Pisa, Italy

    Summa cum laude.

  • '08

    Visiting Researcher at U.C. Santa Barbara

    In UCSB's mechanical engineering department, I've worked on a distributed algorithm to drive autonomous land vehicles to patrol an area. We have implemented this algorithm to make a group of (real) robotic vehicles collaborate with virtual ones. Part of this work is now part of the Player/Stage open-source framework.

  • '04-'07

    Bachelor's Degree in Computer Engineering at the University of Pisa, Italy

    Summa cum laude, completed the Path of Excellence honors program.

Open Source contributions

The GNOME foundation
2010-2012
Core Developer & Mentor
I like participating in the open-source world, whenever I have time. In this period, I've been a core developer of "Getting Things GNOME", and I've become a member of the GNOME Foundation. I've also mentored five nice international students for several editions of the Google Summer of Code and the Gnome's Outreach Program for Women.
Open Source
2009-now
Over time, like any well-behaved developer I've shared online a few niche projects that other people are using (such as Scapy's support for HTTP, which a few companies, such a Lastline and Google, are currently using in some of their projects, and Chrisper, a style-checker for academic papers). I've also made many contributions, big and small, to popular open-source projects (PLAYER robotic framework, Flask-Security, Eucalyptus...). Check out my Github page for a collection of a few of those.

Competitions

Hacking Competitions
2010-now
Hacker
I've played in tens of hacking competitions, including the DEFCON CTF in Las Vegas, with my team Shellphish. With the team, I've also designed and organized for four years the iCTF, the biggest academic hacking competition, with more than 1k players from all over the globe.
European Space Agency Robotic Challenge
2008
Robot Hacker
In this competition, ESA challenged university students to design and build a robotic vehicle capable of retrieving samples in a steep lunar crater. After winning a €40k grant, my team from the SSSUP university built an hexapod that managed to be selected up to the final in Tenerife. Unfortunately, while our robot was in the crater it started raining (in a very lunar fashion), which shorted our robot's circuits :)

Ciao!

I'm Luca Invernizzi.

Skills

Infosec Research
Fighting online abuse
Full-stack web design
Creating large-scale scalable systems
Data mining
Robotics
Beginner
Proficient
Advanced
Expert

Publications

I have published papers in the fields of information security and robotics. Also on Google Scholar
  • BareDroid: Large-Scale Analysis of Android Apps on Real Devices S. Mutti, Y. Fratantonio, A. Bianchi, J. Corbetta, L. Invernizzi, D. Kirat, C. Kruegel, G. Vigna Proceedings of the Annual Computer Security Applications Conference (ACSAC 2015)
  • What the App is That? Deception and Countermeasures in the Android User Interface A. Bianchi, J. Corbetta, L. Invernizzi, Y. Fratantonio, C. Kruegel, G. Vigna Proceedings of the IEEE Symposium on Security and Privacy (S&P 2015)
  • Eyes of a Human, Eyes of a Program: Leveraging different views of the web for analysis and detection J. Corbetta, L. Invernizzi, C. Kruegel, G. Vigna Proceedings of the Research in Attacks, Intrusions and Defenses Symposium (RAID Symposium 2014)
  • Ten Years of iCTF: The Good, The Bad, and The Ugly G. Vigna, K. Borgolte, J. Corbetta, A. Doupé, Y. Fratantonio, L. Invernizzi, D. Kirat, Y. Shoshitaishvili Proceedings of the USENIX Summit on Gaming, Games and Gamification in Security Education (3GSE 2014)
  • Do You Feel Lucky? A Large-Scale Analysis of Risk-Rewards Trade-Offs in Cyber Security Y. Shoshitaishvili, L. Invernizzi, A. Doupé, G. Vigna Proceedings of the ACM Symposium on Applied Computing (SAC 2014)
  • Nazca: Detecting Malware Distribution in Large-Scale Networks L. Invernizzi, S. Miskovic, R. Torres, S. Saha, S. Lee, M. Mellia, C. Kruegel, G. Vigna Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS 2014) (UCSB Computer Science Outstanding Publication Award 2015)
  • Message In A Bottle: Sailing Past Censorship L. Invernizzi, C. Kruegel, G. Vigna Proceedings of the Annual Computer Security Applications Conference (ACSAC 2013)
  • You Are What You Include: Large-scale Evaluation of Remote JavaScript Inclusions N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. Van Acker, W. Joosen , C. Kruegel, F. Piessens, G. Vigna Proceedings of the ACM Conference on Computer and Communications Security (CCS 2012)
  • EVILSEED: A Guided Approach to Finding Malicious Web Pages L. Invernizzi, S. Benvenuti, P. Milani Comparetti, M. Cova, C. Kruegel, G. Vigna Proceedings of the IEEE Symposium on Security and Privacy (S&P 2012) (AT&T NYU CSAW best security paper '12 finalist)
  • Geometric control for autonomous underwater vehicles: overcoming a thruster failure M. Andonian, D. Cazzaro, L. Invernizzi, M. Chyba, S. Grammatico Proceedings of the IEEE Conference on Decision and Control (CDC 2010)
  • Trajectory Design for Autonomous Underwater Vehicles for Basin Exploration M. Chyba, D. Cazzaro, L. Invernizzi, M. Andonian Proceedings of the International Conference on Computer and IT Applications in the Maritime Industries (COMPIT 2010)
  • A Geometric Approach to Trajectory Design for an Autonomous Underwater Vehicle: Surveying the Bulbous Bow of a Ship R. N Smith, D. Cazzaro, L. Invernizzi, G. Marani, S. K Choi, M. Chyba Acta applicandae mathematicae, 2010

Patents

  • Detecting Malware Infestations in Large-Scale Networks, L. Invernizzi, S. Miskovic, R. Torres, S. Saha, S. Lee, M. Mellia, C. Kruegel, G. Vigna (United States Patent 8959643)

BUZZWORDS

Technology I've worked with (the bigger the font ⇒ the more confident I am using it):

Languages

Italian
English
French
Spanish

Hobbies

Hiking
Tinkering with things to see how they work
Breaking websites
Growing plants in custom hydroponics contraptions
Proposing tons of startup ideas to my annoyed wife