I'm Marco Iorio.

Software Engineer @ Isovalent

Scroll Down

About Me

I was born in Piedmont, Italy, in 1994. I received my Master's and PhD degree in Computer Engineering from Politecnico di Torino, Italy, respectively in 2018 and 2022. Currently, I'm a Software Engineer at Isovalent, working on the Cilium open-source project.

Previously, I've been a Postdoctoral Researcher at Politecnico di Torino, serving as maintainer and core developer of Liqo, an open-source project enabling dynamic and seamless Kubernetes multi-cluster topologies (700+ stars on GitHub).

During my PhD, I collaborated with Italdesign Giugiaro (Volkswagen group) towards the introduction of secure communication paradigms both on-board and among vehicles. Additionally, I explored the transparent support of advanced and resource demanding services thanks to edge computing, benefiting from computational offloading and the adoption of cloud-native approaches.

I'm also one of the founding members of CrownLabs, an open-source project started in March 2020 at Politecnico di Torino to deliver remote computing laboratories (90+ stars on GitHub). Until the end of 2022, I have been involved as maintainer in the design and development of the project, as well as I was in charge of operating the Kubernetes-based CrownLabs infrastructure.

Besides loving anything related to technology, I am interested in TV shows and I like relaxing with crossword puzzles and long walks in the countryside.


Software Engineer

Isovalent Jan 2023 - Present

Working on the Cilium open-source project.

Postdoctoral Researcher

Politecnico di Torino, Italy Feb 2022 - Dec 2022

Working as maintainer and core developer of Liqo, including the following responsibilities:

  • Design of new functionalities starting from high-level requirements.
  • Implementation of new components extending Kubernetes according to the operator pattern.
  • Development of a user-friendly CLI to interact with Liqo.
  • Implementation of automatic build and test pipelines through GitHub Actions.
  • Performance-driven benchmarking and optimization.
  • Preparation of technical documentation, scientific papers and blog posts.
  • Bug triage, peer reviews and mentoring.

Teaching Assistant

Politecnico di Torino, Italy Oct 2019 - Dec 2022

Teaching activities and preparation of new learning materials for the following university courses:

  • Computer Networks · B.S. in Computer Engineering
  • Software Networking · M.S. in Computer Engineering
  • Cloud Computing · M.S. in Computer Engineering
  • Cloud Infrastructures and Networks · II Level Specializing Master in Computer Engineering

PhD Student

Politecnico di Torino, Italy Nov 2018 - Jan 2022

Performed in collaboration with Italdesign Giugiaro (Volkswagen group), my PhD explored the path towards more secure, hence safer vehicles, paving at the same time the way to support novel and resource demanding software services.

The main research topics I faced during my PhD include:

  • Security of in-vehicle and V2X communications.
  • Performance and reliability requirements of distributed applications.
  • Definition of a transparent continuum of computational resources and services across multiple independent infrastructures.

In addition, I contributed to, and served as a maintainer for the following open-source projects:

  • Liqo: dynamic and seamless Kubernetes multi‐cluster topologies.
  • CrownLabs: a Kubernetes-based collaborative environment for remote computing laboratories.


Doctor of Philosophy - PhD, Computer Engineering

Politecnico di Torino, Italy Nov 2018 - Jan 2022

Thesis: Towards Novel Software Services in Future Vehicles

Master's Degree, Computer Engineering

Politecnico di Torino, Italy Oct 2016 - Oct 2018

Thesis: Protecting In-Vehicle Services with a Secure SOME/IP Protocol
Grade: 110/110 cum laude
Courses: Computer Architectures · System and Device Programming · Software Engineering · Network Services and Technologies · Local Area Network Design · Routing Architectures and Protocols · Computer System Security · Distributed Programming · Mobile Application Development · Database Management Systems · Big Data

Bachelor's Degree, Computer Engineering

Politecnico di Torino, Italy Oct 2013 - Sep 2016

Grade: 110/110 cum laude
Courses: Mathematical Analysis · Physics · Chemistry · Electronics · Computer Science · Algorithms and Programming · Object Oriented Programming · Computer Systems · Operating Systems · Computer Networks · Databases · Automatic Control · Visualization of Quantitative Information



Computing Without Borders: The Way Towards Liquid Computing

In IEEE Transactions on Cloud Computing, 2022

Abstract: Despite the de-facto technological uniformity fostered by the cloud and edge computing paradigms, resource fragmentation across isolated clusters hinders the dynamism in application placement, leading to suboptimal performance and operational complexity. Building upon and extending these paradigms, we propose a novel approach envisioning a transparent continuum of resources and services on top of the underlying fragmented infrastructure, called liquid computing. Fully decentralized, multi-ownership-oriented and intent-driven, it enables an overarching abstraction for improved applications execution, while at the same time opening up for new scenarios, including resource sharing and brokering. Following the above vision, we present liqo, an open-source project that materializes this approach through the creation of dynamic and seamless Kubernetes multi-cluster topologies. Extensive experimental evaluations have shown its effectiveness in different contexts, both in terms of Kubernetes overhead and compared to other open-source alternatives.

Read the article
When Latency Matters: Measurements and Lessons Learned

In ACM SIGCOMM Computer Communication Review, 2021

Abstract: Several emerging classes of interactive applications are demanding for extremely low-latency to be fully unleashed, with edge computing generally regarded as a key enabler thanks to reduced delays. This paper presents the outcome of a large-scale end-to-end measurement campaign focusing on task-offloading scenarios, showing that moving the computation closer to the end-users, alone, may turn out not to be enough. Indeed, the complexity associated with modern networks, both at the access and in the core, the behavior of the protocols at different levels of the stack, as well as the orchestration platforms used in data-centers hide a set of pitfalls potentially reverting the benefits introduced by low propagation delays. In short, we highlight how ensuring good QoS to latency-sensitive applications is definitely a multi-dimensional problem, requiring to cope with a great deal of customization and cooperation to get the best from the underlying network.

Read the article
RAYGO: Reserve As You GO

In IEEE International Conference on Cloud and Big Data Computing (CBDCom 2021), Virtual, 2021

Abstract: The capability to predict the precise resource requirements of a microservice-based application is a very important problem for cloud services. In fact, the allocation of abundant resources guarantees an excellent quality of experience (QoE) for the hosted services, but it can translate into unnecessary costs for the cloud customer due to the reserved (but unused) resources. On the other side, poor resource provisioning may turn out in scarce performance when experiencing an unexpected peak of demand. This paper proposes RAYGO, a novel approach for dynamic resource provisioning to microservices in Kubernetes that (i) reliefs the customers from the definition of appropriate execution boundaries, (ii) ensures the right amount of resources at any time, according to the past and the predicted usage, and (iii) operates at the application level, acknowledging the dependency between multiple correlated microservices.

Read the article
Securing SOME/IP for In-Vehicle Service Protection

In IEEE Transactions on Vehicular Technology, 2020

Abstract: Although high-speed in-vehicle networks are being increasingly adopted by the industry to support emerging use cases, previous research already demonstrated that car hacking is a real threat. This paper formalizes a novel framework proposed to provide improved security to the emerging SOME/IP middleware, without introducing at the same time limitations in the communication patterns available. Most notably, the entire traffic matrix is designed to be configured using simple high-level rules, clearly stating who can talk to whom according to the service abstraction adopted by SOME/IP. Three incremental security levels are made available, accounting for different services being associated with different requirements. The core security protocol, encompassing a session establishment phase followed by the transmission of secured SOME/IP messages, has been formally verified, to prove its correctness in terms of authentication and secrecy properties. Performance-wise, in-depth experimental evaluations conducted with an extended version of vsomeip confirmed the introduction of quite limited penalties compared to the bare unsecured implementation.

Read the article
CrownLabs – A Collaborative Environment to Deliver Remote Computing Laboratories

In IEEE Access, 2020

Abstract: The coronavirus pandemic hit the entire education sector hard. All students were sent home and lectures started to be delivered through video-conferencing systems. CrownLabs is an open-source project providing an answer to the problem of delivering remote computing laboratories. Simplicity is one of its main characteristics, requiring nothing but a simple web browser to interact with the system and being all heavyweight computations performed at the university premises. Cooperation and mentoring are also encouraged through parallel access to the same remote desktop. The entire system is built up using components from the Kubernetes ecosystem, to replicate a “cloud grade” infrastructure, coupled with custom software implementing the core business logic. To this end, most of the complexity has been delegated to the infrastructure, to speed up the development process and reduce the maintenance burden. An extensive evaluation has been performed in both real and simulated scenarios to validate the overall performance: the results are encouraging, as well as the feedback from the early adopters of the system.

Read the article
Protecting In-Vehicle Services: Security-Enabled SOME/IP Middleware

In IEEE Vehicular Technology Magazine (VTM), 2020

Abstract: With every generation, vehicles are becoming smarter and more oriented toward information and communications technology (ICT). However, computerization is posing unforeseen challenges in a sector for which the first goal must be safety: car hacking has been shown to be a real threat. This article presents a novel mechanism to provide improved security for applications executed in the vehicle based on the principle of defining exactly who can talk to whom. The proposed security framework targets Ethernet-based communications and is tightly integrated within the emerging Scalable service-Oriented MiddlewarE over IP (SOME/IP) middleware. No complex configurations are needed: simple high-level rules, clearly stating the communications allowed, are the only element required to enable the security features. The designed solution has been implemented as a proof of concept (PoC) inside the vsomeip stack to evaluate the validity of the approach proposed: experimental measurements confirm that the additional overhead introduced in end-to-end communication is negligible.

Read the article
Detecting Injection Attacks on Cooperative Adaptive Cruise Control

In 2019 IEEE Vehicular Networking Conference (VNC), Los Angeles (USA), 4-6 December 2019

Abstract: Although vehicle platooning promises to improve transportation efficiency and safety by leveraging communication between convoy members, preliminary results in previous work suggest that cyber-attacks could deceive many Cooperative Adaptive Cruise Control algorithms, hence endangering the safety of every participant. This paper deeply analyzes the case of injection attacks. First, we introduce an extensive security analysis carried out through realistic simulations, to demonstrate how even slight and smooth falsification attacks do succeed in fooling the CACC controllers and cause numerous vehicle crashes. Second, we present a novel misbehavior detection technique. It leverages the correlation between multiple motion parameters concerning both single and consecutive vehicles to evaluate the plausibility of the information received from the other members. Extensive validation confirms the effectiveness of the technique proposed: overall, it succeeds to detect all the attacks simulated and prevents the occurrence of safety-critical situations.

Read the article


Improvements in the transmission of data or messages on board a vehicle by means of a SOME/IP communication protocol

WO/2020/217202 · Issued Oct 29, 2020

Abstract: A method is described for the transmission of messages on a communications network on board a vehicle between an entity requesting a service instance and an entity offering a service instance by means of the SOME/IP communication protocol, which comprises: (a) a step of mutual authentication between the requesting entity and the offering entity in view of a communication associated with a service instance, including (i) verifying the existence and mutual validity of a pre-as signed certificate of the requesting entity and the offering entity, which authorizes its access to the service instance, and (ii) verifying that the security level at which the service is offered by the offering entity is not lower than the minimum security level pre-assigned to the service at the requesting entity and at the offering entity; and (b) transmitting at least one communication message associated with a service instance from the offering entity to the requesting entity and vice versa if the certificate verification and security level verification are successful.

See patent