Security & Trust

Matteo Rizzi

Matteo Rizzi Security Specialist Officer

Matteo Rizzi, born on September 30, 1998, currently holds the position of Security Administrator at Fondazione Bruno Kessler and serves as a Security Specialist Officer in the Security and Trust unit. His research interests focus on improving TLS analysis and exploring identity management to safeguard their foundation against cyber threats. The main works are related to applying his expertise in risk analysis, red and blue teaming, OSINT, and offensive technologies. He regularly performs penetration tests and implements additional security measures to ensure the safety of FBK infrastructure.

As a Security Specialist Officer, he analyzes the security of TLS deployments and strives to enhance TLS analysis tools. Through his work, he fostered collaborations that encourage the sharing of knowledge in security technologies. He received recognition for his thesis in information security with the colleagues Giada Sciarretta and Salvatore Manfredi, achieving third place in the Premio Tesi - Clusit in Milan.

He has had the privilege of mentoring bright students (high school and undergraduate), guiding them through projects that enhance their understanding of cybersecurity, with a focus on conducting penetration testing and creating educational videos. He has also been involved in lecturing and sharing their career path to inspire others in cybersecurity.

As part of a partnership with Istituto Poligrafico and Zecca dello Stato, he was involved in the development of the European Identity Wallet, with the goal of creating a reliable and secure digital identity management system. He has developed guidelines for Linux hardening in banking environments and made contributions to the Multi-CIE function in the CieID App.

Matteo has a wide range of technical skills, including proficiency in multiple programming languages and a strong understanding of cybersecurity standards. They have a strong passion for threat intelligence and have uncovered significant vulnerabilities in their infrastructure. This has resulted in valuable partnerships with law enforcement agencies.

Looking ahead, Matteo is deeply interested in exploring new solutions and conducting research in the fields of cybersecurity, privacy, forensics, and digital identity, with a strong interest in security protocol analysis, access control, zero-trust and zero-knowledge methods, malware analysis, and AI-powered cybersecurity. Matteo’s goal is to continue contributing to their field and exploring new opportunities that align with their passion for cybersecurity.

Publications

2024

  • Riccardo Germenia, Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta, Alessandro Tomasi, Silvio Ranise
    Automating Compliance for Improving TLS Security Postures: An Assessment of Public Administration Endpoints
    In: 21th International Conference on Security and Cryptography (SECRYPT 2024) (DOI, complementary material, news)

2022

  • Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
    A Modular and Extensible Framework for Securing TLS
    In: Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy (CODASPY 2022) (DOI, news)
  • Matteo Rizzi, Salvatore Manfredi, Giada Sciarretta, Silvio Ranise
    Demo: TLSAssistant v2 - A Modular and Extensible Framework for Securing TLS
    In: Proceedings of the 27th ACM Symposium on Access Control Models and Technologies (SACMAT 2022) (DOI, news)

Theses

  • Matteo Rizzi (Bachelor's Thesis, University of Trento, 2021)
    TLS Analyzers for Android Apps: State-of-the-art Analysis and Integration in TLSAssistant
    Supervisor: Silvio Ranise | Co-supervisors: Giada Sciarretta, Salvatore Manfredi
    Awards: 3rd place at thesis award "Innovare la sicurezza delle informazioni 2021", sponsored by CLUSIT

Dissemination

2023

  • September 29, 2023 • General
    Salvatore Manfredi, Matteo Rizzi, Giada Sciarretta
    Siamo al sicuro? Mettiamoci alla prova! Un viaggio nel mondo della sicurezza informatica
    Notte della Ricerca 2023 (Event)
  • April 14, 2023 • School
    Matteo Rizzi, Giada Sciarretta
    Cybersecurity: l'esperienza di due giovani professionisti
    Liceo Steam International, Rovereto
  • March 26, 2023 • Specialized
    Matteo Rizzi
    Know Your Enemy
    Workshop for the "Fog and Cloud Computing" Master Course at UniTN

Supervised Theses

2024

  • Matteo Bregola (Bachelor's Thesis, University of Trento, 2024)
    Comprehensive Analysis of Breach and Attack Simulation Tools - A Theoretical and Framework-Driven Assessment of Their Capabilities, Advantages, and Limitations
    Supervisor: Silvio Ranise | Co-supervisors: Matteo Rizzi, Salvatore Manfredi, Pietro De Matteis
  • Filippo De Grandi (Bachelor's Thesis, University of Trento, 2024)
    BAS Tools - Implementation of an Attack Pattern to Mimic a Threat Actor
    Supervisor: Domenico Siracusa | Co-supervisors: Matteo Rizzi, Salvatore Manfredi, Pietro De Matteis
  • Alessandro Fontana (Bachelor's Thesis, University of Trento, 2024)
    Rilevamento Automatico di Vulnerabilità TLS su iOS e Android
    Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi

2023

  • Sara Sorrentino (Bachelor's Thesis, University of Trento, 2023)
    Use of Gamification for Effective Cybersecurity Awareness Programs: Study and Design of a Novel Framework
    Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi
  • Riccardo Germenia (Bachelor's Thesis, University of Trento, 2023)
    A Module to Evaluate the Security Compliance of TLS Deployments: Design and Implementation of a Mechanized Methodology
    Supervisor: Silvio Ranise | Co-supervisors: Salvatore Manfredi, Matteo Rizzi