Massimiliano Pala
Research Professor
Computer Science & Engineering
- Phone: (718) 260-4009
- Email: mpala@poly.edu
- Location: 10.040 (2 MetroTech Center, 10th Floor)
- Website:
Education
Polytechnic of Turin, Class of 2007
Ph.D., Computer Engineering
University of Modena and Reggio Emilia, Class of 2003
Laurea (BS + MS), Computer Engineering and IT Systems
Experience
Penango, Inc.
VP of Engineering
From: December 2012 to present
NYU Poly
Research Professor and Co-Director of CRISSP
From: May 2011 to December 2012
Institute for Security, Technology, & Society. Dartmouth College.
Research Fellow
From: January 2009 to May 2011
Computer Science Department. Dartmouth College
Research Fellow
From: January 2007 to December 2009
Nabla2 S.r.l.
Company Co-Founder and Project Manager.
From: January 2001 to December 2006
Modena's Municipality.
Project Manager. UnoX1 CRM Project.
From: July 2003 to July 2004
Solving S.r.l.
Consultant. Security Software Engineer.
From: January 2004 to July 2004
Universtiy of Modena and Reggio Emilia
PKI Architect
From: January 2001 to December 2002
Modena's Municipality.
PKI Architect
From: January 2001 to December 2001
Courses Taught
- Instructor. Mobile Application Programming (CS 9033). NYU Poly.
- Instructor. Introduction to Practical Cryptography. Dartmouth College.
- Teaching Assistant. Advanced Operating Systems. Dartmouth College.
- Instructor. Security and Architecture of Distributed Systems. Polytechnic of Turin.
- Teaching Assistant. Organizational Models and Strategies for e-Business. Polytechnic of Turin.
Research Interests
- Usable Security
- Next Generation Public Key Systems
- Cryptograpy and Systems
- Communication Privacy
- Peer-to-peer Systems
- Identity Management
- Econometrics of Security
- Network Measurements
Hometown
Modena, Italy
Affiliations
- NYU-Poly PKI Lab, Director
- CRISSP, Co-Director
- Member of ACM
Grants
Securing the Railway IT Infrastructure. A proposal to I3P., (Investigator)
In this project we considered several areas requiring further research to better protect the rail infrastructure of the U.S. The research included the following areas: Toxic by Inhalation (TIH) routing, Positive Train Control (PTC), NJ Transit-Amtrak policy composition.
Portable PKI System Interface for Internet Enabled Operating Syst, (Principle Investigator)
In this project we proposed to study, design and implement an highly usable API for PKI operations. More specifically we investigated, developed and standardized a new API specification that will enable developers to easily integrate and/or implement PKI functionalities in Applications and Operating Systems. In contrast to existing all-purpose cryptographic libraries, our work will focus on providing an abstraction layer capable of integrating existing protocols (e.g., SCEP, PRQP) into simple high-level PKI-specific calls. In particular, we will simplify the interactions between End-Entities and Certification Authorities (CAs) and how to integrate authorization information processing in secure communication among peers.
Interoperability and Usability for PKI Management, (Co-Principle Investigator)
In this project we focused on three different but related topics: making PKI technology usable, integrating it with the rest of the enterprise infrastructure, and interoperating it with other public key infrastructures external to the enterprise. We designed, implement, and release LibPKI, an easy-to-use high level open-source PKI library and API specification. Also, we developed and prototype the PKI Resource Query Protocol (PRQP) and promote it in the real world via an RFC. The protocol is a current Working Item at IETF in the PKIX working group. We also developed and promoted this technology within the communities whose applications require them, and provide educational and support forums for the engineers integrating them.
General / Collaborative Research
My current research interests are in Usable Security. In particular I focus my interests on several aspects of it: users, technology deployers/adopters, and developers. Most recently, my work is focused on the design of a new support system for Trust Infrastructures in distributed environments, i.e. the Internet. In particular, this research project is aimed at lowering today's trust deployment barriers by means of combining different technologies in a novel fashion: DHT-based peer-to-peer networking, Public Key Cryptography, and Federated Identities. Preliminary work, publications, and discussions with academia and industry partners have been, so far, an extremely valuable source of positive feedback. In the future, I envision this work to spawn several important research projects that might change Security, Usability, and Trust in the future always-connected environment.
Journal Articles
- Massimiliano Pala and Shereyas Cholia and Scott A. Rea and Sean W. Smith. Securing the Grid via Borderless PKIs, In Cloud, Grid and High Performance Computing: Emerging Applications., IGI Global
- Massimiliano Pala and Sean W. Smith. Finding the PKI Needles in the Internet haystack. In International Journal of Computer Security, IOS Press, Vol. 18, No. 3, 2010, pp. 397–420, DOI: 10.3233/JCS-2009-0366
- Massimiliano Pala and Shreyas Cholia and Scott A. Rea and Sean W. Smith. Interoperable PKI Data Distribution in Computational Grids. In International Journal of Grid and High Performance Computing (IJGHPC), Volume 1, Issue 2, pages 56-73. January-March 2009
- M. Pala, M. Marian, N. Moltchanova, A.Lioy. PKI past, present and future. In International Journal on Information Security, Springer Verlag, Vol. 5, No. 1, January 2006, pp. 18-29, ISSN:1615-5262
Other Publications
List of Selected Peer-Reviewed publications:
- Massimiliano Pala and Sara Sinclair and Sean W. Smith. PorKI: Portable PKI Credentials via Proxy Certificates, In 7th European PKI Workshop on Public Key Infrastructures, Athens, Greece, September 2010
- Massimiliano Pala. A Proposal for Collaborative Internet-scale trust infrastructures deployment: the Public Key System (PKS), In 9th Symposium on Identity and Trust on the Internet (IDTrust 2010), NIST, Gaithersburg, MD, April 2010.
- Massimiliano Pala and Yifei Wang. On the Usability of User Interfaces for Secure Website Authentication in Browsers, In EuroPKI 2009: Proceedings of the 6th European PKI Workshop on Public Key Infrastructures, Pisa, Italy, September 2009
- Massimiliano Pala. The PKI Resource Query Protocol (PRQP). Internet Draft, PKIX WG, Experimental, IETF Archive
- Massimiliano Pala and Scott A. Rea. Usable Trust Anchor Management. In 8th Symposium on Identity and Trust on the Internet (IDtrust 2009), NIST, Gaithersburg, MD, April 2009.
- Massimiliano Pala and Sean W. Smith. Peaches & Peers. In EuroPKI-2008: Proceedings of the 5th European PKI workshop on Public Key Infrastructure, vol. 5057/2008 of Lecture Notes in Computer Science, pp. 223–238, Springer-Verlag. ISBN:978-3-540-69484-7
- Massimiliano Pala, Scott A. Rea, Shreyas Cholia, and Sean W. Smith. Extending PKI interoperability in Computational Grids. In Proceedings of the 8th IEEE International Symposium on Cluster Computing and the Grid (CCGrid 2008), pp. 645–650, IEEE Computer Society, May 2008
- Massimiliano Pala and Sean W. Smith. AutoPKI: a PKI Resources Discovery System. In EuroPKI-2007: Proceedings of the 4th European PKI Workshop on Public Key Infrastructure, vol. 4582/2007 of Lecture Notes in Computer Science, pp. 154-169, Springer-Verlag. ISBN: 978-3-540-73407-9, DOI: 10.1007/978-3-540-73408-6
- Massimiliano Pala and Antonio Lioy. Fighting e-mail abuses: the EMPE approach. In EuroPKI-2006: Proceedings of the 3rd European PKI Workshop on Public Key Infrastructure, vol. 4043/2006 of Lecture Notes in Computer Science, pp.130-144, Springer-Verlag. ISBN: 3-540-35151-5, DOI: 10.1007/11774716 11
- Gianluca Ramunno, Massimiliano Pala, Marco Aime, and Antonio Lioy. Motivations for a Theoretical Approach to WYSIWYS. In CMS-2005: Proceedings of IFIP International Conference on Communications and Multimedia Security, Vol. 3677/2005 of Lecture Notes in Computer Science, pp. 289-290, Springer-Verlag. ISBN: 3-540-28791-4, ISSN: 0302-9743
- Massimiliano Pala, Marius Marian, Natalia Moltchanova, and Antonio Lioy. The EuroPKI Experience. In EuroPKI 2004: Proceedings of the 1st European Workshop on Public-Key Infrastructures, Vol. 3093/2004 of Lecture Notes in Computer Science, pp. 14-27, Springer-Verlag. ISBN: 3-540-22216-2, ISSN: 0302-9742
- Massimiliano Pala, Diana Berbecaru, and Antonio Lioy. System Description Language. In POSITIF Project, March, 2006, Available On-line: http://www.positif.org/isdl.html
Biography
Update: After a great experience at NYU Poly, I decided to move on and pursue a career in the industry as VP of Engineering at Penango, Inc. Thanks to all of my students who inspired me to be a better advisor each day more.
I received my Ph.D. from the Poilitecnico di Torino in Computer Engineering in March 2007. In 2011, I joined the Politechnic Institute of NYU as research professor in the Computer Science and Engineering (CSE) department. I also hold the assistant director position at the Center for Interdisciplinary Studies in Security and Privacy (CRISSP). Following my doctorate, I joined Dartmouth College as a Post-Doctoral Research Fellow with the Institute for Security Technology Studies (ISTS). During my graduate studies, I worked at the PKI/Trust Lab at Dartmouth College for six months where I contributed to the work of Prof. Sean Smith and his collaborators. Before then, I worked for several companies as PKI/Security consultant. In 1998, I started the OpenCA project and I still continue its development and management. In addition to my Ph.D., I hold a Laurea (equiv. to BS and MS) in Computer Engineering from the University of Modena, Italy.