sapienza logo

Emilio Coppa

Sapienza University of Rome

Info


Research interests:
I like to study how programs run. During my PhD, I have analyzed programs to improve or predict their performance. After the PhD, I have used program analyses to find bugs/vulnerabilties on real-world applications or to perform reverse engineering, e.g., in the context of malware. I am also fascinated by low-level (attack) techniques such as Return-Oriented Programming.

Position:
Assistant professor at DIAG. Member of SEASON Lab.
Member of CIS Sapienza research center for Cyber Intelligence and Information Security.
Local organizer of CyberChallenge.IT at Sapienza.

Email:
coppa [at] diag.uniroma1.it
Office:
DIAG, Via Ariosto 25, Rome - 1st floor, room B111




Thesis Opportunities


Our research group is always looking for bright and motivated students. We are working on several research projects involving software security topics, such as fuzzing, symbolic execution, binary analysis, and reverse engineering techniques. If you are looking for an idea for your thesis or a project for your honors program, feel free to contact me via email :)


Education


Oct 2020 - Present
Assistant Professor at Sapienza University of Rome.


Jan 2016 - Sep 2020
PostDoc at Sapienza University of Rome
with Prof. Camil Demetrescu (demetres [at] dis.uniroma1.it).


Oct 2012 - Dic 2015
Ph.D. in Computer Science at Sapienza University of Rome.
Advisor: Prof. Irene Finocchi (finocchi [at] di.uniroma1.it).


Apr 2015 - Jul 2015
Visitor at TU Darmstadt.
Prof. Patrick Eugster (peugster [at] cs.purdue.edu).


Oct 2010 - Oct 2012
Master of Science in Engineering in Computer Science (taught in English) at Sapienza University of Rome. Final grade: 110/110 summa cum laude.
Thesis Advisor: Prof. Camil Demetrescu (demetres [at] diag.uniroma1.it).


Sept 2007 - Oct 2010
Bachelor of Science in Engineering in Computer Science at Sapienza University of Rome. Final grade: 110/110.
Thesis advisor: Prof. Camil Demetrescu (demetres [at] diag.uniroma1.it).


Projects


aprof: input-sensitive profiler

aprof - Input-sensitive profiling

aprof is a Valgrind tool for performance profiling designed to help developers discover hidden asymptotic inefficiencies in the code. From one or more runs of a program, aprof measures how the performance of individual routines scales as a function of the input size, yielding clues to its growth rate.
Related papers: [CDF-PLDI12] [CDFM-CGO14] [CDF-TSE14] [C-VAL14]


hadoop internals

Hadoop Internals - Diagrams

This project contains several diagrams describing Apache Hadoop internals (2.3.0 or later).


nearestfit: mapreduce progress indicator

NearestFit - Predicting MapReduce performance

The NearestFit progress indicator targets accuracy of progress predictions for MapReduce jobs in the presence of data skewness and super-linear computations. This is achieved combining performance profiling, machine learning techniques, and data streaming algorithms.
Related papers: [CF-SOCC15]


memsight

MemSight - Reasoning on symbolic pointers

A new approach to symbolic memory that reduces the need for concretization, hence offering the opportunity for broader state explorations and more precise pointer reasoning.
Related papers: [CDD-ASE17] [BCE-STVR19]


symnav

SymNav - Visually assisting symbolic execution

A prototype tool that visualizes the state of a symbolic execution analysis by plotting relevant data on a sunburst (that represent the symbolic execution tree), and on the control flow graph of the program. Furthermore, the tool allows the user to interact and refine the analysis, allowing him to interactively prune the symbolic execution tree
Related papers: [AGB-VIZSEC19]


fuzzysat

Fuzzy-SAT - Approximate solving

Fuzzy-SAT is an approximate solver that can efficiently solve queries generated by concolic execution using techniques borrowed from the fuzzing domain.
Related papers: [BCD-ICSE21], [FUZZOLIC-COSE21]


fuzzolic

Fuzzolic - Fuzzing + Concolic

Fuzzolic is a new concolic executor based on QEMU. It can be paired with a coverage-guided fuzzer, such as AFL++, to find bugs in real-world programs.
Related papers: [BCD-ICSE21], [FUZZOLIC-COSE21]


Publications


My latest publications:
  • [{{ p.id }}] {{ a.given }} {{ a.family }}, and. {{ p.title }}. {{ p['container-title'] }} ({{ p['collection-title'].replace('\'', '20') }}), {{ p.issued['date-parts'][0][0] }}. [DOI] [DOI] [PDF] [SLIDES] [PROJECT SITE] [BIBTEX]


Teaching


  • [2021-2022] Web Security and Privacy (Web Security module): professor. website.
  • [2021-2022] Cybersecurity (Web Security module): professor. website.
  • [2020-2021] Advanced techniques for finding bugs in real-world software: professor. website.
  • [2020-2021] Computer System Architecture (Sistemi di Calcolo): professor. website.
  • [2020-2021] Computer and Network Security: professor. website.
  • [2019-2020] Computer System Architecture (Sistemi di Calcolo): adjunct professor. website.
  • [2018-2019] Computer System Architecture (Sistemi di Calcolo I): adjunct professor. website.
  • [2017-2018] Computer System Architecture (Sistemi di Calcolo I): adjunct professor. website.
  • [2016-2017] Computer System Architecture (Sistemi di Calcolo I): teaching assistant. website.
  • [2015-2016] Fondamenti di Informatica II: teaching assistant.