The summer school “Securing Digital Transformation: Approaches and Technologies”, organized by the SERICS Foundation – Spoke 9 and hosted at Sapienza University of Rome, offers PhD students a comprehensive overview of current research challenges in cybersecurity and privacy.
The digital transformation of society provides unprecedented opportunities, but also introduces new threats that require innovative and interdisciplinary solutions. The school will cover advanced topics including:
- fuzzing techniques for vulnerability discovery,
- multimedia forensics
- federated learning frameworks
- secure computing
- secure and anonymous cryptocurrency transactions.
By connecting these research areas to the broader challenge of securing complex digital infrastructures, the school aims to equip participants with both solid theoretical foundations and practical insights into emerging trends and future research directions.
The school is organized and supported by the Spoke 9 on Securing the Digital Transformation in the SERICS NextGenerationEU initiative, coordinated by Sapienza University of Rome. The school will be held at the DIAG department, located in the heart of Rome’s city center, close to several historical locations in a neighbourhood that offers plenty of accomodation opportunities.
Lecturers and Courses
Zekeriya Erkin (TU DElft): Financial Crime Detection with Privacy.
Jose Luis Hernandez Ramos (University of Murcia): Federated learning and security
Victor Sanchez (University of Warwick): Computer-vision informed security and forensics
Alessandra Scafuro (North Carolina State University): Privacy Techniques in Cryptocurrencies
Valerio Schiavoni (University of Neuchatel): Confidential computing with TEEs
Fabio Toffalini (Ruhr Universität Bochum): Advanced Automatic Testing
Registration
Thanks to the support of the SERICS initiative, registration and lunches are fully covered.
Participants are only responsible for accommodation and dinners.
Please register by September 15, 2025 HERE
Contacts
Leonardo Querzoni (querzoni@diag.uniroma1.it)
Topic 1: Advanced Automatic Testing
This course delves into the foundations of automatic testing (fuzzing) in software security, providing students with an opportunity to deepen their expertise in the field. The course offers a comprehensive overview of automatic testing, covering fundamental concepts such as White-box, Grey-box, and Black-box testing, standard and modern code exploration techniques, and advanced bug detection using logic-based oracles. Each lesson focuses on a specific aspect of the discipline, progressively building a complete understanding of the subject and equipping students with the skills to independently explore new concepts in this domain.
The course will cover the following topics, with adjustments made as needed to suit the class’s requirements:
– Introduction to the fuzzing paradigm: Black-box, Grey-box, and White-box approaches
– Types of coverage feedback
– Heuristics for code exploration (e.g., mutators, meta-strategies, seed selection, grammars)
– Bug detection and replication
Laboratory sessions complement the in-class lectures by offering hands-on experience with the principles taught. These exercises are essential for developing the practical knowledge and problem-solving skills required for the final exam and for thoroughly understanding the material presented in the course.
Speaker: Fabio Toffalini (Ruhr Universität Bochum)
Speaker Bio:
Flavio Toffalini is an Assistant Professor at Ruhr-Universität Bochum (RUB), where he holds the Chair for Automated Security Analysis. His research focuses on system security, with particular emphasis on trusted applications, automated software testing, and exploit mitigation techniques. He specializes in developing novel testing methodologies and analyzing security threats for SGX and TEE (Trusted Execution Environment) technologies. With expertise spanning software engineering, vulnerability mitigation, and automated bug discovery, Toffalini has published extensively in leading international academic and industry conferences, earning recognition through various awards. He actively contributes to the security research community by serving on program committees for prestigious conferences, including NDSS, USENIX Security, ACSAC, RAID, DIMVA, and ISSTA.
Topic 2: Computer-vision informed security and forensics
In this series of lectures, we will discuss how computer vision has impacted the fields of security and forensics. We will present the current challenges, discuss some recent research results in this field, and summarize the opportunities for future work. Specifically, we will discuss the use of video analytics, deepfake detection, and biometrics in several surveillance and forensic scenarios. In the context of video analytics, we will explore the tasks of trajectory forecasting and crowd counting in public spaces. We will delve into the task of multi-camera trajectory forecasting, which presents an additional set of challenges compared to traditional single-camera trajectory forecasting. Our discussion will include the use of natural language supervision in the crowd counting task. For deepfake detection, we will discuss the current challenges in detecting synthetic videos and images generated by the most recent high-resolution generative AI models, including the Text-To-Video (T2V) and Image-To-Video (I2V) models. We will present a new dataset aimed at promoting the development of robust and generalizable detection systems for T2V and I2V videos. Our discussions will also include how explainable AI can be used to understand how synthetic images are linked to the training data used to optimize a generative AI model. Finally, in the context of biometrics, we will discuss the task of real-time face detection and tracking in public places, as well as how synthetic face images can be used in security applications where the goal is to predict the appearance of an individual across time.
Speaker: Victor Sanchez (University of Warwick)
Speaker Bio:
Prof Victor Sanchez is the Head of the Signal and Information Processing (SIP) Lab of The University of Warwick. He received an M.Sc. degree from the University of Alberta, Canada, in 2003, and a Ph.D. degree from the University of British Columbia, Canada, in 2010. From 2011 to 2012, he was with the Video and Image Processing Laboratory, at the University of California at Berkeley as a Postdoctoral Researcher. In 2012, he was a Visiting Lecturer with the Group on Interactive Coding of Images, Universitat Autonoma de Barcelona. From 2018 to 2019, he was a Visiting Scholar with the School of Electrical and Information Engineering, The University of Sydney, Australia. His research interests include computer vision with applications to biometrics, forensics, security, and multimedia analysis. He has authored several technical articles and book chapters in these areas. His research has been funded by the Newton Fund; the Natural Sciences and Engineering Research Council of Canada; the Canadian Institutes of Health Research; the FP7 and the H2020 Programs of the European Union; the Engineering and Physical Sciences Research Council, U.K.; Ford Motor Company, USA; the Defence and Security Accelerator, U.K.; and Research England. He is the Chair of the Technical Committee on Computational Forensics under the auspices of the International Association for Pattern Recognition (IAPR). He currently serves as a senior editor of IEEE Signal Processing Letters and IEEE Transactions on Information Forensics and Security.
Topic 3: Trustworthy AI for Next-Generation Cybersecurity
This lecture examines how trustworthy AI can advance the state of the art in cybersecurity, bridging research, practice, and standardization. I will discuss federated learning for intrusion detection and its robustness under adversarial settings, the use of large language models in key cybersecurity scenarios, such as fuzzing automation, phishing and synthetic data generation to improve cyber threat intelligence classification. These research efforts are connected with ongoing work in European projects and with my contributions to standardization and regulatory frameworks such as the EU Cyber Resilience Act.
Speaker: Jose Luis Hernandez Ramos (University of Murcia)
Speaker Bio:
José Luis Hernández-Ramos is an Associate Professor in Cybersecurity at the University of Murcia (Spain) and former Scientific Project Officer at the European Commission’s Joint Research Centre (2018–2023). He held a Marie Skłodowska-Curie Postdoctoral Fellowship (2023–2025) on decentralized/federated learning for cyberattack detection in IoT. He has coordinated and participated in several EU and nationally funded projects. He co-authored the JRC Cybersecurity Taxonomy adopted by the EU and the ENISA–JRC report on the standardization landscape related to the Cyber Resilience Act. He has published extensively in IEEE/ACM venues and serves on program committees and editorial boards. He also serves as an expert/advisor and evaluator for research funding agencies and EU institutions, and actively contributes to standardization and regulatory initiatives in cybersecurity.
Topic 4: Financial Crime Detection with Privacy
Financial crime detection is increasingly reliant on large-scale data analysis, ranging from banking transactions to networked financial infrastructures. Traditional approaches demand centralizing sensitive information, raising significant concerns about data protection, regulatory compliance, and trust among stakeholders. This course explores how privacy-enhancing technologies (PETs)—such as secure multiparty computation, homomorphic encryption, and differential privacy—can enable collaborative financial crime detection without exposing raw data. We will discuss state-of-the-art research and practical use cases where PETs empower banks, regulators, and investigators to jointly identify fraud, money laundering, and other illicit activities while guaranteeing strong privacy safeguards. Participants will also learn from our experience in the international PETs Challenge (organized by the U.S. and U.K. governments), where our team was awarded second prize for developing a privacy-preserving solution for financial crime detection. This course bridges cutting-edge cryptographic research with pressing real-world challenges in finance.
Speaker: Zekeriya Erkin (TU DElft)
Speaker Bio:
Zekeriya Erkin is an Associate Professor of Cyber Security at Delft University of Technology. His research focuses on applied cryptography, privacy-preserving technologies, and secure data sharing. He serves as Editor-in-Chief of the Eurasip Journal on Information Security and has held leadership roles in the IEEE Information Forensics and Security Technical Committee. With over a decade of academic experience, he leads international projects on security and digital privacy protection.
Topic 5: Privacy Techniques in Cryptocurrencies
This lecture series examines what privacy means in the context of cryptocurrency and how it is achieved both in theory and in practice. We will review core privacy definitions and survey the leading techniques developed to preserve transaction anonymity, including tumblers, zero-knowledge proofs, ring signatures, and fully homomorphic encryption. The goal is to provide a clear understanding of the trade-offs, assumptions, and real-world implications behind these approaches.
Speaker: Alessandra Scafuro (North Carolina State University)
Speaker Bio:
Alessandra Scafuro is an
Associate Professor in the Department of Computer Science at North Carolina State
University. Her research focuses on both theoretical and applied cryptography, with particular
interest in the design of cryptographic protocols such as zero-knowledge proofs and secure
two-party computation that are modular, composable, and efficient. Scafuro also applies
cryptographic techniques to enhance confidentiality and privacy in blockchain technologies
and distributed systems. Her work bridges foundational theory and practical implementation to
address real-world security challenges. Before joining NC State, Scafuro was a postdoctoral
researcher at UCLA, Boston University, and Northeastern University. She received her Ph.D.
in computer science from the University of Salerno in Italy.
Topic 6: Confidential Computing: Foundations and Research Perspectives
Confidential computing is an emerging paradigm that aims to protect data and code from powerful attackers, including compromised operating systems, hypervisors, and even physical attacks. Today, all major cloud providers offer some form of confidential computing nodes, supporting both CPU- and GPU-based workloads. In this lecture series, we will explore several key topics related to this exciting area of research. We begin with the essential foundations of the paradigm, including a deep dive into the underlying hardware requirements and the technological solutions currently available off the shelf for deploying shielded systems (such as Intel SGX, Intel TDX, and Arm TrustZone). Finally, we will examine recent research results—covering, among other topics, how to manage confidential virtual machines and how to address real-time requirements within trusted execution environments—before discussing open research challenges and future directions.
Speaker: Valerio Schiavoni (University of Neuchatel)
Speaker Bio:
Valerio Schiavoni is Professeur Titulaire at the University of Neuchâtel, Switzerland. He received his B.Sc., M.Sc., and Ph.D. degrees in Computer Science from Roma Tre University (Italy) and the University of Neuchâtel (Switzerland). He previously worked as a Research Engineer at INRIA Rhône-Alpes (France) and Yahoo! Research (Spain). At the University of Neuchâtel, he served as the scientific coordinator of the Centre of Competence for Complex Systems and Big Data, and he currently coordinates the CUSO Doctoral Program in Computer Science. He is also a co-founder of both a start-up and the Arm HPC User Group (AHUG). Valerio has authored more than 100 publications and has served on over 50 program committees, including DSN, EuroSys, ICDCS, and SoCC. He has taken on several leadership roles, including PC Co-Chair for DAIS 2020, the EuroSys 2023 Shadow Program Committee, ACM Middleware 2024, IEEE PRDC 2024, and the EuroSys Artifact Evaluation Committee in 2024. He is currently serving as PC Co-Chair for IEEE SRDS 2025. His research interests span systems, distributed computing, security, and data management.