I was born in Piedmont, Italy, in 1994. I received my Master's and PhD degree in Computer Engineering from Politecnico di Torino, Italy, respectively in 2018 and 2022. Currently, I'm a Software Engineer at Isovalent, working on the Cilium open-source project.
Previously, I've been a Postdoctoral Researcher at Politecnico di Torino, serving as maintainer and core developer of Liqo, an open-source project enabling dynamic and seamless Kubernetes multi-cluster topologies (700+ stars on GitHub).
During my PhD, I collaborated with Italdesign Giugiaro (Volkswagen group) towards the introduction of secure communication paradigms both on-board and among vehicles. Additionally, I explored the transparent support of advanced and resource demanding services thanks to edge computing, benefiting from computational offloading and the adoption of cloud-native approaches.
I'm also one of the founding members of CrownLabs, an open-source project started in March 2020 at Politecnico di Torino to deliver remote computing laboratories (90+ stars on GitHub). Until the end of 2022, I have been involved as maintainer in the design and development of the project, as well as I was in charge of operating the Kubernetes-based CrownLabs infrastructure.
Besides loving anything related to technology, I am interested in TV shows and I like relaxing with crossword puzzles and long walks in the countryside.
Working on the Cilium open-source project.
Working as maintainer and core developer of Liqo, including the following responsibilities:
Teaching activities and preparation of new learning materials for the following university courses:
Performed in collaboration with Italdesign Giugiaro (Volkswagen group), my PhD explored the path towards more secure, hence safer vehicles, paving at the same time the way to support novel and resource demanding software services.
The main research topics I faced during my PhD include:
In addition, I contributed to, and served as a maintainer for the following open-source projects:
Thesis: Towards Novel Software Services in Future Vehicles
Thesis: Protecting In-Vehicle Services with a Secure SOME/IP Protocol
Grade: 110/110 cum laude
Courses: Computer Architectures · System and Device Programming · Software Engineering · Network Services and Technologies · Local Area Network Design · Routing Architectures and Protocols · Computer System Security · Distributed Programming · Mobile Application Development · Database Management Systems · Big Data
Grade: 110/110 cum laude
Courses: Mathematical Analysis · Physics · Chemistry · Electronics · Computer Science · Algorithms and Programming · Object Oriented Programming · Computer Systems · Operating Systems · Computer Networks · Databases · Automatic Control · Visualization of Quantitative Information
Liqo (700+ stars on GitHub) is an open-source project that enables dynamic and seamless Kubernetes multi-cluster topologies, supporting heterogeneous on-premise, cloud and edge infrastructures. It abstracts remote pools of resources as virtual nodes attached to the local cluster, while featuring cross-cluster network and storage fabrics, as well as a dynamic discovery and peering module.
Photo by John Schnobrich on Unsplash
CrownLabs (90+ stars on GitHub) is an open-source project started at Politecnico di Torino during the pandemic period to deliver remote computing laboratories. Since then, it has been leveraged with satisfaction by more than 5000 students. CrownLabs also successfully hosted multiple session of the Computer Science (first year course) exams, featuring the integration with the official “exams” platform of our university.
Photo by Pete Linforth on Pixabay · Icon by Kmg Design on IconFinder
Secure vsomeip introduces security functionalities on top of the vsomeip stack (i.e., open-source implementation of the SOME/IP automotive middleware) through the design and development of a two-phase security protocol tightly integrated within SOME/IP and strongly based on the usage of well-established cryptographic algorithms to provide the actual protection.
Photo by ShareGrid on Unsplash · Icon by Iconsstore on Flaticon
Amazon Prime Video Playback Analyzer is a Python script analyzing the network traces referred to the playback of a movie and/or TV show from Amazon Prime Video. It plots multiple graphs showing the most relevant information to study how the player reacts to different network conditions. This project has been developed as an assignment for the "Multimedia Communications" and "Python in the Lab" PhD courses taught at Politecnico di Torino.
Photo by Klara Kulikova on Unsplash · Icon by Washaweb on IconFinder
Share Your Files is an application designed to allow peer to peer, on LAN, file sharing. This project has been developed in C++ using the Qt Framework, and it was born as an assignment from the "System and Device Programming" course taught at Politecnico di Torino.
Photo by Olav Ahrens Røtne on Unsplash
CoIoTe Solver is an application characterized by a heuristic to assign missions to mobile customers (e.g., users are asked to go near to IoT objects to provide relayed Internet connectivity), achieving the desired trade-off between QoS and amount of rewards. This project has been developed in C++, and it was born as an assignment from the "Optimization Methods and Algorithms" course taught at Politecnico di Torino.
In IEEE Transactions on Cloud Computing, 2022
Abstract: Despite the de-facto technological uniformity fostered by the cloud and edge computing paradigms, resource fragmentation across isolated clusters hinders the dynamism in application placement, leading to suboptimal performance and operational complexity. Building upon and extending these paradigms, we propose a novel approach envisioning a transparent continuum of resources and services on top of the underlying fragmented infrastructure, called liquid computing. Fully decentralized, multi-ownership-oriented and intent-driven, it enables an overarching abstraction for improved applications execution, while at the same time opening up for new scenarios, including resource sharing and brokering. Following the above vision, we present liqo, an open-source project that materializes this approach through the creation of dynamic and seamless Kubernetes multi-cluster topologies. Extensive experimental evaluations have shown its effectiveness in different contexts, both in terms of Kubernetes overhead and compared to other open-source alternatives.
Read the articleIn ACM SIGCOMM Computer Communication Review, 2021
Abstract: Several emerging classes of interactive applications are demanding for extremely low-latency to be fully unleashed, with edge computing generally regarded as a key enabler thanks to reduced delays. This paper presents the outcome of a large-scale end-to-end measurement campaign focusing on task-offloading scenarios, showing that moving the computation closer to the end-users, alone, may turn out not to be enough. Indeed, the complexity associated with modern networks, both at the access and in the core, the behavior of the protocols at different levels of the stack, as well as the orchestration platforms used in data-centers hide a set of pitfalls potentially reverting the benefits introduced by low propagation delays. In short, we highlight how ensuring good QoS to latency-sensitive applications is definitely a multi-dimensional problem, requiring to cope with a great deal of customization and cooperation to get the best from the underlying network.
Read the articleIn IEEE International Conference on Cloud and Big Data Computing (CBDCom 2021), Virtual, 2021
Abstract: The capability to predict the precise resource requirements of a microservice-based application is a very important problem for cloud services. In fact, the allocation of abundant resources guarantees an excellent quality of experience (QoE) for the hosted services, but it can translate into unnecessary costs for the cloud customer due to the reserved (but unused) resources. On the other side, poor resource provisioning may turn out in scarce performance when experiencing an unexpected peak of demand. This paper proposes RAYGO, a novel approach for dynamic resource provisioning to microservices in Kubernetes that (i) reliefs the customers from the definition of appropriate execution boundaries, (ii) ensures the right amount of resources at any time, according to the past and the predicted usage, and (iii) operates at the application level, acknowledging the dependency between multiple correlated microservices.
Read the articleIn IEEE Transactions on Vehicular Technology, 2020
Abstract: Although high-speed in-vehicle networks are being increasingly adopted by the industry to support emerging use cases, previous research already demonstrated that car hacking is a real threat. This paper formalizes a novel framework proposed to provide improved security to the emerging SOME/IP middleware, without introducing at the same time limitations in the communication patterns available. Most notably, the entire traffic matrix is designed to be configured using simple high-level rules, clearly stating who can talk to whom according to the service abstraction adopted by SOME/IP. Three incremental security levels are made available, accounting for different services being associated with different requirements. The core security protocol, encompassing a session establishment phase followed by the transmission of secured SOME/IP messages, has been formally verified, to prove its correctness in terms of authentication and secrecy properties. Performance-wise, in-depth experimental evaluations conducted with an extended version of vsomeip confirmed the introduction of quite limited penalties compared to the bare unsecured implementation.
Read the articleIn IEEE Access, 2020
Abstract: The coronavirus pandemic hit the entire education sector hard. All students were sent home and lectures started to be delivered through video-conferencing systems. CrownLabs is an open-source project providing an answer to the problem of delivering remote computing laboratories. Simplicity is one of its main characteristics, requiring nothing but a simple web browser to interact with the system and being all heavyweight computations performed at the university premises. Cooperation and mentoring are also encouraged through parallel access to the same remote desktop. The entire system is built up using components from the Kubernetes ecosystem, to replicate a “cloud grade” infrastructure, coupled with custom software implementing the core business logic. To this end, most of the complexity has been delegated to the infrastructure, to speed up the development process and reduce the maintenance burden. An extensive evaluation has been performed in both real and simulated scenarios to validate the overall performance: the results are encouraging, as well as the feedback from the early adopters of the system.
Read the articleIn IEEE Vehicular Technology Magazine (VTM), 2020
Abstract: With every generation, vehicles are becoming smarter and more oriented toward information and communications technology (ICT). However, computerization is posing unforeseen challenges in a sector for which the first goal must be safety: car hacking has been shown to be a real threat. This article presents a novel mechanism to provide improved security for applications executed in the vehicle based on the principle of defining exactly who can talk to whom. The proposed security framework targets Ethernet-based communications and is tightly integrated within the emerging Scalable service-Oriented MiddlewarE over IP (SOME/IP) middleware. No complex configurations are needed: simple high-level rules, clearly stating the communications allowed, are the only element required to enable the security features. The designed solution has been implemented as a proof of concept (PoC) inside the vsomeip stack to evaluate the validity of the approach proposed: experimental measurements confirm that the additional overhead introduced in end-to-end communication is negligible.
Read the articleIn 2019 IEEE Vehicular Networking Conference (VNC), Los Angeles (USA), 4-6 December 2019
Abstract: Although vehicle platooning promises to improve transportation efficiency and safety by leveraging communication between convoy members, preliminary results in previous work suggest that cyber-attacks could deceive many Cooperative Adaptive Cruise Control algorithms, hence endangering the safety of every participant. This paper deeply analyzes the case of injection attacks. First, we introduce an extensive security analysis carried out through realistic simulations, to demonstrate how even slight and smooth falsification attacks do succeed in fooling the CACC controllers and cause numerous vehicle crashes. Second, we present a novel misbehavior detection technique. It leverages the correlation between multiple motion parameters concerning both single and consecutive vehicles to evaluate the plausibility of the information received from the other members. Extensive validation confirms the effectiveness of the technique proposed: overall, it succeeds to detect all the attacks simulated and prevents the occurrence of safety-critical situations.
Read the articleWO/2020/217202 · Issued Oct 29, 2020
Abstract: A method is described for the transmission of messages on a communications network on board a vehicle between an entity requesting a service instance and an entity offering a service instance by means of the SOME/IP communication protocol, which comprises: (a) a step of mutual authentication between the requesting entity and the offering entity in view of a communication associated with a service instance, including (i) verifying the existence and mutual validity of a pre-as signed certificate of the requesting entity and the offering entity, which authorizes its access to the service instance, and (ii) verifying that the security level at which the service is offered by the offering entity is not lower than the minimum security level pre-assigned to the service at the requesting entity and at the offering entity; and (b) transmitting at least one communication message associated with a service instance from the offering entity to the requesting entity and vice versa if the certificate verification and security level verification are successful.
See patent