Digital technologies are integral to our lives. Software is pervasive at every level: from IoT devices running firmware, to cloud systems delivering APIs and services, to cyber-physical systems making decisions and impacting the real world. Ensuring software security is therefore essential to protect our data, safeguard digital identities, and prevent attacks that could have devastating consequences. The complexity of the software ecosystem, with its dependencies on external libraries and tools, has expanded the attack surface, making the software supply chain a potential vector for exploitation. The SERICS doctoral summer school on “Secure Software Development: From Design to Implementation” will focus on advancing secure software development through innovative programming paradigms and formal verification techniques. Lecturers will cover methods for developing secure-by-design and certified software, as well as strategies for testing and protecting the software supply chain through targeted security analyses and assessments. Practical labs will provide participants with hands-on experience using state-of-the-art software analysis tools.
The dates July 7–13 include arrival and departure days; the actual program will run from July 8 to 12, with the possibility to arrive a day early and leave a day later.
Thanks to SERICS support, registration and lunches are covered, so students will only need to pay for accommodation and dinners. The accommodation form is linked below.
Download the registration form
Topic 1 Confidential Computing: Attacks and Defenses
Hours: 4-5
Speaker: Frank Piessens (KU Leuven)
Speaker Bio:
Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium.
His research focuses on software and systems security, encompassing both attack techniques and defenses.
On the defense side, he has made contributions to formal verification techniques for C-like languages, enforcement of information flow security, hardening against memory safety exploits, mitigating micro-architectural side-channels, and designing and implementing embedded security architectures.
On the attack side, he has contributed to the development of novel attack techniques for transient execution attacks, memory safety attacks, and controlled channel attacks.
Frank has served on the program committee of numerous prestigious security and software conferences including ACM CCS, Usenix Security, IEEE Security & Privacy, and ACM POPL. He acted as program chair for the International Conference on Principles of Security and Trust (POST 2016), for the IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019), and for the IEEE Secure Development Conference (SecDev 2021 & 2022).
Topic 2 Foundations of Secure Blockchain Programming
Hours: 4-5
Speaker: Matteo Maffei (TU Wien)
Speaker Bio:
Matteo Maffei is professor at TU Wien since 2017, where he leads the Security and Privacy research unit. Previously, he held a professorship at Saarland University in Germany. He earned his Ph.D. in Computer Science from the Ca’ Foscari University of Venice in 2006.
In recognition of his research, he was awarded an ERC Advanced Grant in 2024, an ERC Consolidator Grant in 2018, and a DFG Emmy Noether Fellowship from DFG in 2009. He currently serves as codirector of the TU Wien Cybersecurity Center (https://cysec.wien) and SecInt doctoral school (https://secint.visp.wien), coordinates the FWF special research program SPyCoDe (https://spycode.at), serves as key researcher at SBA Research (https://www.sba-research.org), and is the local leader at the Christian Doppler Lab for Blockchain Technologies for the Internet of Things (https://www.cdl-bot.at).
Matteo’s research focuses on methods and tools to certify security and privacy properties, with special emphasis on cryptographic protocols, web security, machine learning, and blockchain technologies.
Topic 3 Designing Secure Protocols and Proving Them Correct, with Strand Spaces
Hours: 4-6
Speaker: Joshua Guttman (MITRE)
Speaker Bio:
Dr. Joshua Guttman is a Senior Principal Scientist at the MITRE
Corporation, and was formerly Professor at Worcester Polytechnic
Institute. He has focused on security foundations and applications,
including cryptographic protocol analysis and design, network
security, operating systems security, and information flow.
Dr. Guttman has been a program chair for the IEEE Computer Security
Foundations Workshop (now a symposium), the first Conference on
Principles of Security and Trust at ETAPS, the Workshop on Issues in
the Theory of Security, the workshop on Formal Aspects of Security and
Trust, and an NSF workshop on Formal Methods for Security.
Topic 4 Strands Rocq: Why is a Security Protocol Correct, Mechanically?
Hours: 4
Speaker: Riccardo Focardi and Matteo Busi (Ca’ Foscari University)
Speaker Bio (Riccardo Focardi):
Riccardo Focardi is a full professor of computer science at Ca’ Foscari University of Venice, specializing in system and network security, trusted hardware, cryptography, and formal methods. He has participated in, and led, several national and European cybersecurity projects, and currently coordinates Spoke 6 on Software and Platform Security in the SERICS NextGenerationEU initiative.
He has served on program committees of leading conferences such as IEEE S&P, IEEE CSF (Program Chair 2003–2004, General Chair 2006–2007), POST (Co-chair 2015), and WITS (Chair 2007). He organized the second and third FOSAD schools and co-founded the Italian Conference on Cybersecurity (ITASEC), where he serves on the steering committee.
From 2016 to 2019, he chaired the IFIP Working Group 1.7 on security foundations and was on the editorial board of the Journal of Computer Security (2005–2019). He also led Ca’ Foscari’s PhD program in Computer Science (2012–2019), launching an international PhD in cybersecurity with Masaryk University. He is the founder of two cybersecurity startups: Cryptosense (2013) and 10Sec (2020).
Speaker Bio (Matteo Busi):
Matteo Busi is a researcher at Ca’ Foscari University of Venice, where he works on formal methods and their applications to secure compilation, side-channel attacks, and cryptography. He earned his PhD in Computer Science from the University of Pisa in 2021. He is currently involved in the “Security and Rights in the CyberSpace” (SERICS) project, funded by the European Union’s Next-GenerationEU program. Matteo has also served on program and artifact evaluation committees for several conferences in the field.
Topic 5 Rule them all: semantically characterizing vulnerabilities and malware
Hours: 4
Speaker: Gabriele Costa and Silvia De Francisci (IMT Lucca)
Speaker Bio:
Gabriele Costa is an Associate Professor in Computer Science at SySMA research unit of IMT School for Advanced Studies Lucca. His previous appointments include a position as Assistant Professor at the Department of Computer Science and System Engineering (DIBRIS) of the University of Genova and a researcher at the Institute of Informatics and Telematics (IIT) of the National Research Council of Italy (CNR). In 2016-17 he spent a period as a visiting researcher at the Information Security Group of ETH Zurich. He is co-founder of the Computer Security Laboratory (CSec Lab) of the University of Genova, co-founder and CRO of a SME, UNIGE spin-off, called Talos, and co-founder of the CTF team born2scan. He received his Ph.D. in Computer Science from the University of Pisa in 2012 where he also graduated in Computer Science in 2008.
Silvia De Francisci is a Ph.D. Student of Computer Science and Systems Engineering within the SySMA research unit of IMT School for Advanced Studies Lucca. She graduated in Mathematics and Computational Science at the University of Rome ‘Roma Tre’.
Topic 6 Resource-Aware Programming for Secure Smart Contracts
Hours: 6
Speaker: Alvise Spanò
Speaker Bio:
Alvise Spanò is an assistant professor in Computer
Science on the SERICS PNRR project, at the Ca’ Foscari University of Venice, Italy. His interests
range from programming languages to blockchain and smart contract
security, with an emphasis on type systems, compilers and software
verification with formal methods-based techniques.