The real voyage of discovery lies in not seeing new landscapes but in having new eyes. (Marcel Proust)

I am an Assistant Professor at the Security Group of the Eindhoven University of Technology, in the Netherlands. I investigate attacker operations ([1], [2]) and economics ([3], [4]) to improve operational defense capabilities ([5], [6]). My research draws from several fields, including computer security, economics, risk analysis, and criminology. I manage the B-LAB and Security Operation Center Laboratories @ TU/e.

About

        Office:         MF 6.122a 
                        P.O. Box 513, 5600 MB
                        Eindhoven, The Netherlands
        Email:          l.allodi at tue.nl
        PGP fngrprnt:   950E 3DC8 EB66 DFF3 B64D  7848 A0AD 0BB6 5DC4 98F1

Public key here.

Curriculum Vitae

I DO NOT have a Facebook profile.
My LinkedIn page (hardly updated) is this.
My Twitter handle is @securescientist.

Some highlights

Organization

I am the organizer and co-chair of the multidisciplinary Workshop on Attackers and Cyber-Criminal Operations (WACCO), together with, among others, Alice Hutchings (Twitter, homepage) and Sergio Pastrana (Twitter, homepage). The workshop is held annually (now at its 2nd edition) jointly with the European Symposium on Security and Privacy.

Standard setting

I am one of the authoring member of the First.org/NIST Common Vulnerability Scoring System Standard. First.org CVSS Special Interest Group (Authoring member). Common Vulnerability Scoring System (CVSS) v3. Published at http://www.first.org/cvss.

Publications

  • Amber van der Heijden, Luca Allodi. Cognitive Triaging of Phishing Attacks. In Proceedings of Usenix Security 2019. (Acc. rate 16%). Preprint.
  • Luca Allodi. 2017. Economic Factors of Vulnerability Trade and Exploitation. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘17). ACM, New York, NY, USA, 1483-1499. DOI: https://doi.org/10.1145/3133956.3133960 (Acc. rate 18%). Preprint.
  • Allodi, L. and Massacci, F. (2017), Security Events and Vulnerability Data for Cybersecurity Risk Estimation. Risk Analysis, 37: 1606–1627. doi:10.1111/risa.12864 Impact factor: 2.225, ISI Journal Citation Reports Ranking: 2015: 649 (Social Sciences Mathematical Methods); 17101 (Mathematics Interdisciplinary Applications). Preprint.