Interests

Formal methods, logics, protocol verification and model checking.

Reverse bio

Starting February 2020, I am Associate Professor in Computer Security at the IT-University of Copenhagen. Previously, I worked as a Postdoc in Carsten Shürmann’s group at the IT-University of Copenhagen, working on the Meta-CLF project. I obtained my Ph.D. at the Technical University of Denmark, under supervision of Flemming Nielson and Hanne Riis Nielson, working on formal methods, security protocol verification and model checking, and before that I did my B.Sc. and M.Sc. at the University of Padova, Italy, graduating under supervision of Paolo Baldan.

Current events

• Presenting “Responsible disclosure programmes” at the Cyber security summer school 2022
• Presenting “Security protocols as choreographies” at GuttmanFest 2022

Teaching

• Ethical Hacking, Spring 2021-2024
• Discrete Mathematics, Fall 2017-2023
• Advanced Security, Fall 2020-2022
• Security 2, Fall 2018, Spring 2019
• Security, Spring 2018
• Critical Systems, Fall 2017
• Critical Systems, Fall 2016
• Ethical Hacking Club (Facebook group)
• Supervising Theses and Projects

Tools

MathComp-Analysis is a formalization of mathematical analysis. I contribute a formalization of probability theory.

AIF-Omega is an abstraction based verification tool for security protocols where participants have state that is beyond a single session.

SetPi (Now being merged with AIF-Omega) is an extension of the Applied Pi-calculus with support for persistent state, expressible in terms of names that can grow and shrink over time.

CPNunf is an unfolder for contextual Petri nets, an extension of this formalism with semantics to support concurrent read access to shared resources

Publications

Conference papers

1. Alessandro Bruni, Eike Ritter, Carsten Scürmann: Skolemization for Intuitionistic Linear Logic. IJCAR 2024
2. Reynald Affeldt, Alessandro Bruni, Pierre Roux, Takafumi Saikawa: Yet another formal theory of probabilities in Coq. TYPES 2024 slides abstract
3. Reynald Affeldt, Alessandro Bruni, Ekaterina Komendantskaya, Natalia Ślusarz, Kathrin Stark: Taming Differentiable Logics with Coq Formalisation. arXiv preprint 2024
4. Karl Norrman, Vaishnavi Sundararajan, Alessandro Bruni: Extended Formal Analysis of the EDHOC Protocol in Tamarin. ICETE (Selected Papers) 2021 (published 2023)
5. Alessandro Bruni, Marco Carbone, Rosario Giustolisi, Sebastian Moedersheim, Carsten Schürmann: Security Protocols as Choreographies. Protocols, Strands, and Logic - Essays Dedicated to Joshua Guttman on the Occasion of his 66.66th Birthday
6. Ieva Daukantas, Alessandro Bruni, Carsten Schürmann: Trimming Data Sets: a Verified Algorithm for Robust Mean Estimation. PPDP 2021
7. Karl Norrman, Vaishnavi Sundararajan, Alessandro Bruni: Formal Analysis of EDHOC Key Establishment for Constrained IoT Devices. SECRYPT 2021
8. Rosario Giustolisi, Alessandro Bruni: Privacy-Preserving Dispute Resolution in the Improved Bingo Voting. E-VOTE-ID 2020
9. Karl Norrman, Vaishnavi Sundararajan, Alessandro Bruni: Formal Analysis of EDHOC Key Establishment for Constrained IoT Devices. CoRR abs/2007.11427 (2020)
10. Carsten Schürmann, Alessandro Bruni; Technical and Socio-Technical Attacks on the Danish Party Endorsement System. E-VOTE-ID 2019
11. Theis Grønbech Petersen, Thorvald Sahl Jørgensen, Alessandro Bruni and Carsten Schürmann; “Formal Verification of Ephemeral Diffie-Hellman Over COSE (EDHOC)”. Security Standardisation Research, Third International Conference, 2018 [Preprint]
12. Alessandro Bruni, Rosario Giustolisi, Carsten Schürmann; Automated Analysis of Accountability. 20th Information Security Conference (ISC), 2017 [Slides]
13. Eva Drewsen, Alessandro Bruni, Carsten Schürmann; Towards a Mechanized Proof of Selene Receipt-Freeness and Vote-Privacy. Second International Joint Conference on Electronic Voting, 2017 [Slides]
14. Peter Brottveit Bock, Alessandro Bruni, Agata Murawska and Carsten Schürmann: Representing Session Types. Dale Miller’s Festschrift, 2016
15. Michael Denzel, Alessandro Bruni and Mark Ryan. Smart-Guard: Defending User Input from Malware. The 13th IEEE International Conference on Advanced and Trusted Computing, 2016
16. Sebastian Mödersheim and Alessandro Bruni. AIF-ω: Set-Based Protocol Abstraction with Countable Families. Principles of Security and Trust, 2016 [Preprint]
17. Alessandro Bruni, Sebastian Mödersheim, Flemming Nielson and Hanne Riis Nielson. Set-pi: Set Membership Pi-calculus. Computer Security Foundations, 2015 [Extended version with corrections]
18. Alessandro Bruni, Michal Sojka, Flemming Nielson and Hanne Riis Nielson. Formal Security Analysis of the MaCAN Protocol. Integrated Formal Methods, 2014
19. Vigo, Roberto, Alessandro Bruni, and Ender Yüksel. Security Games for Cyber-Physical Systems. Secure IT Systems. Springer Berlin Heidelberg, 2013. 17-32.
20. Baldan, P., Bruni, A., Corradini, A., König, B., & Schwoon, S. On the computation of McMillan’s prefix for contextual nets and graph grammars. Graph Transformations, 2010. 91-106.

Journal papers

1. Baldan, P., Bruni, A., Corradini, A., König, B., Rodríguez, C., & Schwoon, S. Efficient unfolding of contextual Petri nets. Theoretical Computer Science, 2012.

Posters and Workshop Papers

1. Alessandro Bruni, Sebastian Mödersheim, Flemming Nielson, Hanne Riis Nielson. Verification of Stateful Protocols, Set-based Abstractions in the Applied π-Calculus. Secure IT Systems, 2014.
2. Alessandro Bruni, Markulf Kohlweiss, Myrto Arapinis, Mark D. Ryan, Eike Ritter, Flemming Nielson, and Hanne Riis Nielson. “Proving Stateful Injective Agreement with Refinement Types”. Cryptoforma Workshop, 2015. [Paper]

Thesis

1. Alessandro Bruni. Analysis of Security Protocols in Embedded Systems. PhD thesis, DTU, 2016. [Link]

Popular media appeareances

• Lektor: Hardwarebegrænsninger er ingen undskyldning for dårlig IoT-sikkerhed
• IoT’s store udfordring: »Det er svært at sælge sikkerhed på bagkant«
• Dark web er ikke kun for aktivister og kriminelle – DR Nyheder
• Rodcertifikater udløber i år: Hardware i perfekt stand kan holde op med at virke – Version2
• It-forsker skal styrke cybersikkerhed i Danmark – Altinget
• ITU-forsker bliver leder af OWASP i København – Version2
• Slut med kringlede kodeord: Ny login-teknik kommer til Android – DR Nyheder

Past events

• 5 May 2022: presenting at V2 security “There are no excuses for insecure IoT - Here’s why”
• 26-27 Nov 2018: Paper accepted at Standardization Security Research “Formal Verification of Ephemeral Diffie-Hellman Over COSE (EDHOC)”, with Theis Grønbech Petersen, Thorvald Sahl Jørgensen, and Carsten Schürmann
• 24-27 Oct 2017: Paper accepted at E-Vote-ID 2017 Towards a Mechanized Proof of Selene Receipt-Freeness and Vote-Privacy, with Eva Drewsen and Carsten Schürmann
• 3 Sep 2017: First International Workshop on Trends in Mechanized Secruity Proofs
• 7-8 Aug 2017: EASSS Summer school Presenting the analysis of security protocols in AIF-omega, with case studies in automotive
• 30 May 2017: Oresund Security Day ‘17, Resolution in linear logic, joint work with Eike Ritter and Carsten Schürmann
• 07 Sep. 2016: “Selene in Celf: Formalising Voting Protocols in Linear Logic”, Invited talk at the University of Luxembourg [Slides]
• 16 Sep. 2016: Presenting AIF-ω at Lamas Sing 2016, [Slides].
• 26 Apr. 2016: Giving a talk at MF#K, on F* and the verification of security protocols [Slides]
• Jan 2016: “AIF-ω: Set-Based Protocol Abstraction with Countable Families” accepted at POST-2016