IONA College Logo | Go to Home Page

computer lab in Ryan Library

Paolina Centonze CV

Education

Graduate

Ph.D. in Mathematics with a minor in Computer Science, at New York University (NYU) Tandon School of Engineering, Brooklyn, N.Y., May 2008.

Ph.D. thesis: An Algebra for Access Control. Ph.D. thesis advisor: Prof. Robert J. Flynn.

Master of Science Degree in Computer Science, at New York University (NYU) Tandon School of Engineering, Brooklyn, N.Y., May 2005.

Research M.S. degree thesis: Static Analysis for J2EE Role-Based Access Control Policy Validation. Advisor: Prof. Gleb Naumovich.

Undergraduate

Bachelor of Science Degree Summa Cum Laude in Computer Science with a Minor in Mathematics from St. John’s University, Queens, N.Y., May 2003. GPA: 3.98.

Professional Experience

08/12 – now
Assistant Professor, Tenure Track, Computer Science Department, Iona College, New Rochelle, N.Y.

08/11 – 08/12
Visiting Assistant Professor, Computer Science Department, Iona College, New Rochelle, N.Y.

05/10 – 08/10
Adjunct Professor, Computer Science Department, New York University (NYU) Tandon School of Engineering, Westchester Graduate Center, Hawthorne, N.Y.

05/05 – 04/10
Research Scientist and Software Engineer, IBM Thomas J. Watson Research Center, Yorktown Heights, N.Y. Initially hired as a Research Intern (acceptance rate less than 3 percent).

07/03 – 05/05
Graduate Research Assistant and Teaching Assistant at New York University (NYU) Tandon School of Engineering, Brooklyn, N.Y. Member of the Joint Study Agreement between the IBM T.J. Watson Research Center and the New York University (NYU) Tandon School of Engineering, Brooklyn, N.Y., to construct mathematical models of programs using IBM Research’s Watson Libraries for Analysis (WALA) static analysis engine.

Peer-Reviewed Publications

  1. Paolina Centonze. Cyber Security Risks and Analyses for Big Data Systems. International Journal of Computers and Technology (IJCT) (accepted for publication in the October 2017 volume).
  2. Chelsea Ramsingh and Paolina Centonze. Program Analysis for Database Injections. International Journal of Computers and Technology (IJCT). ISSN-2277-3061, Vol. 16, N. 6, pages (6977-6987), September, 2017.
  3. Stephen Rodriguez and Paolina Centonze. Multi-Layered Dynamic Encryption Security Scheme for Cloud Data Storage. International Journal of Computers and Technology (IJCT). ISSN-2277-3061, Vol. 16, N.3, pages (6233-6239), June 2017.
  4. Stephen Rodriguez and Paolina Centonze. Dynamic Encryption Key Security Scheme (DEKSS) for Mobile and Cloud Systems. Proceedings of the 4rd IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft) ), Buenos Aires, Argentina, May 22-23, 2017.
  5. Paolina Centonze. "Cloud Auditing and Compliance." Peer-reviewed book chapter, included in the following book: Security, Privacy, and Digital Forensics in the Cloud and Big Data Era, editors Lei Chen and Hassan Takabi, to be published by John Wiley and Sons (USA) and HEP (China) in November 9, 2017.
  6. Walter Squires and Paolina Centonze. Cross-platform Access-rights Analysis of Mobile Applications. Proceedings of the 3rd IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft 2016), Austin, Texas, May 16-17, 2016.
  1. Marco Pistoia, Omer Tripp, Paolina Centonze, Pietro Ferrara. Detection, Correction and Visualization of Security Vulnerabilities in Mobile Apps. Proceedings of the Third International Workshop on Mobile Development Lifecycle (MobileDeLi) in Pittsburgh, October 25-30, 2015.
  2. Paolina Centonze, Marco Pistoia, Omer Tripp. Access-rights Analysis in the Presence of Subjects. Proceedings of the 29th European Conference on Object-Oriented Programming (ECOOP), Prague, July 2015.
  3. Marco Pistoia, Omer Tripp, Paolina Centonze, Joseph W. Ligman. Labyrinth: Mobile Data-leakage Detection with Visually Configurable Confidentiality Sources. Proceedings of the 16th IEEE International Conference on Mobile Data Management (MDM), Pittsburgh, June 2015.
  4. Omer Tripp, Marco Pistoia, Paolina Centonze. Application and User-sensitive Privacy Enforcement in Mobile Systems. Proceeding of the Second ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft), Florence, Italy, May 2015.
  5. Karthik Sourirajan, Paolina Centonze, Mary Helander and Kaan Katircioglu. Carbon Management in Assembly Manufacturing Logistics. IBM Journal on Research and Development, Yorktown Heights, N.Y., Volume 53, Number 3, 2009.
  6. Anshul Sheopuri, Jose Gomes, Sai Zeng, Paolina Centonze and Ioana Boier-Martin. A Heuristic to Enable Auditing Decisions in Travel and Entertainment Expense Management. In Poster Proceedings of the Third Annual Machine Learning Symposium. The New York Academy of Sciences, New York, October 2008.
  7. Paolina Centonze. An Algebra for Access Control. Ph.D. Dissertation. New York University (NYU) Polytechnic Institute, Department of Mathematics, Brooklyn, N.Y., May 2008.
  8. Paolina Centonze, Robert J. Flynn and Marco Pistoia. Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, Fla., December 2007.
  9. Paolina Centonze, Gleb Naumovich, Stephen J. Fink and Marco Pistoia. Role-Based Access Control Consistency Validation. In Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2006), Portland, ME, July 2006 (IBM Research PIC Key Conference).
  10. Gleb Naumovich and Paolina Centonze. Static Analysis of Role-Based Access Control in J2EE Applications. ACM SIGSOFT Software Engineering Notes, 29(5):1-10, September 2004. Also in Proceedings of the Workshop on Testing, Analysis and Verification of Web Services (TAV-WEB 2004), co-located with ISSTA 2004, Boston, July 2004.
  11. Paolina Centonze. Static Analysis for J2EE Role-Based Access Control Policy Validation. Master of Science degree research thesis. NYU-Poly, Brooklyn, N.Y., May 2005.
  12. Paolina Centonze, Marco Pistoia and Lawrence Koved. Extracting Security Role Requirements From Enterprise Applications. Security and Privacy Technology Conference, IBM T.J. Watson Research Center, Hawthorne, N.Y., May 2004.
  13. Paolina Centonze, Gleb Naumovich, Stephen J. Fink and Marco Pistoia. Role-Based Access Control Consistency Validation. IBM Research Report, RC23876 (W0602-110), Yorktown Heights, N.Y., February 2006.

Peer-Reviewed Professional Full Day Course Tutorials and Presentations in Conference Proceedings

  1. Paolina Centonze. Cyber Security Skills Required in Academic Programs. To the 5th NSF National Women in Cyber Security (WiCyS) Conference, Chicago on March 23-24, 2018 (under submission).
  2. Paolina Centonze. Cyber Threats Attacks, Challenges and Analyses in the Dig Data Era. Full Day Professional Tutorial Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico. December 4-8, 2017.
  3. Chelsea Ramsingh and Paolina Centonze. Program Analysis for Database Injections. Presented a poster at The Proceedings of the 4rd NSF National Women in Cyber Security (WiCyS) Cyber Security Conference, Tucson, Ariz., March 30-31, 2017 (awarded also a student conference-ship, travel and hotel expenses).
  4. Paolina Centonze. Program Analysis and Machine Learning to Improve Security and Privacy. In the Tutorial Proceedings of the 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles. December 5-11, 2016.
  5. Paolina Centonze. Security and Privacy Analysis for Next Generation Malware. In the Tutorial Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC 2015), Los Angeles. December 7-11, 2015.
  6. Paolina Centonze. Cloud Security and Privacy. Peer-reviewed Conference Tutorial. Published in the Tutorial Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), New Orleans. December 2014.

U.S. Patent and Trademark Office

Granted

  1. Ryan Berg, Paolina Centonze, Marco Pistoia, and Omer Tripp. Static Analysis for Verification of Software Program Access to Secure Resources for Computer Systems (part N.2). Granted as Patent No. 8,793,800 by the United States Patent and Trademark Office, July 2014.
  2. Ryan Berg, Paolina Centonze, Marco Pistoia, and Omer Tripp. Static Analysis for Verification of Software Program Access to Secure Resources for Computer Systems (part N.1). Granted as Patent No. 8,683,599 by the United States Patent and Trademark Office, March 2014.
  3. Mondher Ben-Hamida, Chad Boucher, Paolina Centonze, Mary E. Helander, Kaan K. Katircioglu, and Karthik Sourirajan. Carbon management for sourcing and logistics (part N.2). Granted as Patent No. 8,346,595 by the United States Patent and Trademark Office, January 2013.
  4. Mondher Ben-Hamida, Chad Boucher, Paolina Centonze, Mary E. Helander, Kaan K. Katircioglu, and Karthik Sourirajan. Carbon management for sourcing and logistics (part N.1). Granted as Patent No. 8,606,621 by the United States Patent and Trademark Office, December 2013.
  5. Paolina Centonze, Yinnon Haviv, Roee Hay, Marco Pistoia, Adi Sharabani, and Omer Tripp. System, Method, and Apparatus for Simultaneous Definition and Enforcement of Access-Control and Integrity Policies. Granted as Patent No. 8,572,727 by the United States Patent and Trademark Office, October 2013.
  6. Paolina Centonz, Mohammed Mostafa, Marco Pistoia, Takaaki Tateishi. Automatic Optimization of String Allocations in a Computer Program. Granted as Patent No. 8,473,899 by the United States Patent and Trademark Office, June 2013.
  7. Ryan Berg, Paolina Centonze, Marco Pistoia, and Omer Tripp. Static Analysis for Verification of Software Program Access to Secure Resources for Computer Systems (part N.3). Granted as Patent No. 8,381,242 by the United States Patent and Trademark Office, Feb 2013.
  8. Paolina Centonze and Marco Pistoia. System and Method for the Automatic Identification of Subject-Executed Code and Subject-Granted Access Rights. Granted as Patent No. 8,332,939 by the United States Patent and Trademark Office, December 2012.
  9. Paolina Centonze and Marco Pistoia. System and Method for the Automatic Evaluation of Existing Security Policies and Automatic Creation of New Security Policies. Granted as Patent No. 8,230,477 by the United States Patent and Trademark Office, July 2012.
  10. Paolina Centonze and Marco Pistoia. System and Method for the Automatic Verification of Privilege-Asserting and Subject-executed Code. Granted as Patent No. 8,006,233 by the United States Patent and Trademark Office, August 2011.

Filed

  1. Paolina Centonze, Peter Malkin, and Marco Pistoia. System and Method of Optimized Unchangedobject Management. Filed at the United States Patent and Trademark Office, September 2010.
  2. Ioana Boier-Martin, Paolina Centonze, José Gomes, Anshul Sheopuri, and Sai Zeng. Apparatus, System, Method, and Computer Program Product for Analysis of Fraud in Transaction Data. Filed as Docket YOR9-2006-0646-US1 at the United States Patent and Trademark Office, November 2006.
  3. Paolina Centonze, José Gomes, and Marco Pistoia. Method and System for Run-time Identification of Software Authorization Requirements and Validation of Static Authorization Analysis. Status: Filed as Docket YOR920060113US1 at the United States Patent and Trademark Office, May 2006.
  4. Laurent Balmelli, Ioana Boier-Martin, Paolina Centonze, José Gomes, Man-Mohan Sing and Sai Zeng. Method and System for the Creation of Service Clients. Status: Filed as Docket YOR8-2005-0988 at the United States Patent and Trademark Office, May 2006.
  5. Paolina Centonze, Lawrence Koved and Marco Pistoia. System, Apparatus, and Method for Identifying Authorization Requirements in Component-Based Systems. Status: Filed as Docket YOR920040183US1 at the United States Patent and Trademark Office, May 2004.

Industrial and Academic Awards

May 1, 2016
Br. Arthur Loftus Outstanding Student Research Award for actively engaging in research and scholarly activity with undergraduate and graduate students. Presented by the Iona College President, Joseph E. Nyre, Ph.D., at the Honors Ceremony.

April 23, 2015
Academic Innovation Grant awarded by the Iona College President, Joseph E. Nyre, Ph.D., to achieve the National Centers of Academic Excellence in Cyber Operations (CAE-CO) designation, an NSA accreditation for the Computer Science with a Concentration in Cyber Security majors.

2004-2012
12 IBM Invention Achievement Awards.

September 2010, December 2008 and April 2007
IBM Invention Plateaus (total of three) for outstanding contributions to IBM’s Intellectual Property.

Jul 2006
IBM First Patent Filing Award.

May 2005
Selected for a Research Internship at IBM Research (acceptance rate less than 3 percent)

June 2004
Research Fellowship from at New York University (NYU) Tandon School of Engineering, Brooklyn, N.Y. (for one academic year, includes stipend and full-tuition remission scholarship)

May 2004
IBM Research Invention Achievement Award

June 2003
Research Fellowship from the New York State Center for Advanced Technology in Telecommunications (CATT), Brooklyn, N.Y. (for one academic year, includes stipend and full-tuition remission scholarship)

August 2001
St. John’s University Full-Tuition Presidential Scholarship (for three academic years)

April 2001
Unisys Corporation Scholarship

October 2000
Rice Foundation Technology Scholarship

October 2000
Received Certificate of Merit from New York State Senator Nicholas A. Spano

March 2003
Named to St. John’s University College of Professional Studies’ Honors Society

May 2003, August 2002 and May 2001
Named to the University Annual College of Professional Studies Dean’s Honor List of students awarded academic distinction for outstanding scholastic performances

May 2000 and December 1999
Named to the University Annual College of Professional Studies President’s Honor List of students awarded academic distinction for outstanding scholastic performances

Media Coverage

  • Featured on News 12 in a story on international "Ransom-ware" cyber attack. Iona College, New Rochelle, N.Y. May 2017.
  • Featured in the Winter 2016 issue, Iona College Magazine. Faculty Focus Interview. January 2016.

Joint Study Agreement between IBM T.J. Watson Research Center and Iona College

On September 2016, Dr. Centonze led the official Joint Study Agreement (JSA) between IBM T.J. Watson Research Center and Iona College to increase research collaboration between the two institutions and to allow Iona students to work at IBM T.J. Watson Center on cutting edge research projects. Dr. Paolina Centonze leads this project effort.

Cyber Security Curriculum Development

Dr. Paolina Centonze directed and led the design and development of the Concentration in Cyber Security programs (BA, BS, MS and 5-years) within the Computer Science Department at Iona College. These programs have been approved by the New York State of Education Department. Currently, Dr. Paolina Centonze is working to achieve the National Centers of Academic Excellence in Cyber Operations (CAE-CO) designation, an NSA accreditation for the Computer Science for the BS and BA in Computer Science with a Concentration in Cyber Security majors. Dr. Centonze is also developing a Master and a Certificate programs in Cyber Security.

Below is the list of the new courses that Dr. Centonze designed, developed and in most cases taught as part of the Cyber Security concentration programs.
  1. CS 455 Cyber Security Operations, Fall 2016.
  2. CS 456 Web and Mobile Application Security, Fall 2016.
  3. CS 475 (undergraduate) and CS 777 (graduate): Computer Networks & Networking Programming.
  4. CS 477 (undergraduate)-CS 779 (graduate): Networks Security. Designed the Syllabi in the Fall 2013 and updated in Fall 2015, Fall 2016.
  5. Developed the syllabi and course material for the Mobile Application Security courses CS 474 (undergraduate) and CS 775 (graduate) in the Spring 2013 and updated in the Fall 2015, Fall 2016. These two courses are taught regularly by Dr. Centonze.
  6. Developed the syllabi and course material for the Software Security courses CS 315 (undergraduate) and CS 615 (graduate) in the Spring 2013 and updated in the Fall 2015, and Fall 2017. These two courses are taught regularly by Dr. Centonze.
  7. Developed the syllabi and course material for the Web Application Security courses CS 472 (undergraduate) and CS 771 (graduate) in the Summer 2013 and updated in the Fall 2015 and taught in the Spring 2016. These courses are taught regularly by Dr. Centonze.
  8. Developed the syllabi for the Cryptography courses CS 409 (undergraduate) and CS 709 (graduate) in the Fall 2013 and updated in the Fall 2015.
  9. Contributed to develop the syllabi for the Database Security courses CS 422 (undergraduate) and CS 798 (graduate), Spring 2013.
  10. Developed the syllabi and course material for the Program Analysis for Security, courses CS 412 (undergraduate) and CS 712 (graduate) in the Summer 2014, updated in the Summer 2015 and Fall 2016. These courses are taught regularly by Dr. Centonze in the summer.
  11. Developed the syllabi and course material for the Cloud Security and Privacy courses CS 413 (undergraduate) and CS 713 (graduate) in the Summer 2014, updated in the Summer 2015 and Spring 2016. These courses are taught regularly by Dr. Centonze in the summer.

Academic Courses

Dr. Centonze teaches the following courses regularly (at least once a year) at Iona College, New Rochelle, N.Y.:
  1. Undergraduate course CS 474 and graduate CS 775, Mobile Application Security.
  2. Undergraduate course CS 315 and graduate CS 615, Software Security.
  3. Undergraduate course CS 472 and graduate CS 771, Web Application Security.
  4. Undergraduate course CS 201 and graduate course CS 500, Computer Science I.
  5. Undergraduate course CS 474 and graduate CS 775, Mobile Application Security.
  6. Undergraduate course CS 315 and graduate CS 615, Software Security.
  7. Undergraduate course CS 472 and graduate CS 771, Web Application Security.
  8. Undergraduate course CS 201 and graduate course CS 500, Computer Science I.
  9. Undergraduate course CS 412 and graduate course CS 712, Program Analysis for Security.
  10. Undergraduate course CS 413 and graduate course CS 713, Cloud Security and Privacy.
  11. Undergraduate course CS 140 Learning Community (LC) course.
  12. Undergraduate on-line course CS 140 Distance Learning (DL).
  13. Undergraduate course CS 140, Computers, Technology and Society, Iona College, New Rochelle, NY.
Additionally, Dr. Centonze has been teaching as Adjunct Professor at other Universities:
  1. Teach in person CISC 6800, Malware Analytics for the Computer and Information Science department at Fordham University, New York (Summer 2015, Summer 2016, Summer 2017).
  2. Designed, developed and taught CISC 6800, Malware Analytics on-line course for the Computer and Information Science department at Fordham University, New York (Summer 2015 and Summer 2016).
  3. Designed, developed and taught CS 9053, Introduction to Java, at New York University (NYU) Tandon School of Engineering, Brooklyn, N.Y. (Fall 2010 semester).
  4. Designed, developed and taught CS 9163, Application Security, at New York University (NYU) Tandon School of Engineering, Brooklyn, N.Y. (Fall 2010 semester).
  5. Teaching assistant of courses: Linear Algebra, Theory of Computation, Algorithms I and II, Software Engineering and Databases, years 2003-2005, at New York University (NYU) Tandon School of Engineering, Brooklyn, N.Y.

Symposia, Lectures and Seminars

  1. Paolina Centonze, John Rocco, James Lessard. Presented a lecture at the Learning In Retirement at Iona College (LIRIC). Lecture I: Cyber Security Awareness: Top Five Cyber Security Threats, Safety Tips, Statistics and Cyber Security Academic Programs. October 6, 2016, New Rochelle, N.Y.
  2. Paolina Centonze, John Rocco, James Lessard. Presented a lecture at the Learning In Retirement at Iona College (LIRIC). Lecture II Exploiting a System and How to Safely Use Social Networking Web Sites. October 13, 2016, New Rochelle, N.Y.
  3. Cyber Security and Ethical Hacking, lecture and hands-on lab tutorial sessions for the Salesian High School students, New Rochelle, N.Y., October 12, 2016. (This program is supported by the National Science Foundation under NSF-STEM. Award No. 1643737 led by Dr. Sunghee Lee).
  4. Cyber Security, Hacking and Safely Using Social Medias. Iona College Learning in Retirement at Iona College (LIRIC) seminars. Two seminars on October 6, and October 12, 2016. New Rochelle, N.Y.
  5. Ethical Hacking, four technical lab-tutorial sessions at the Second High School Science Symposium, (sponsored by Iona College and ConEdison Inc.), April 16, 2016. Organized by Dr. Sunghee Lee.

Technical Contributions and Professional Activities

  1. Reviewer of the book chapter: "Combining Static and Dynamic Analysis and Machine Learning for Automatic Detection of Security Vulnerabilities in Mobile Apps." Included in the following book: Mobile Application Development, Usability, and Security. Editor Sougata Mukherjea, to be published by the IGI Global publisher in 2016.
  2. Reviewer of the book chapter: "Confidentiality of Data in the Cloud: Conflicts Between Security and Cost." It will be included in book: Security, Privacy, and Digital Forensics in the Cloud and Big Data Era, editors Lei Chen and Hassan Takabi, to be published by John Wiley and Sons (USA) and HEP (China) in November 9, 2016.
  3. Reviewer of the book chapter: "Risk Management and Disaster Recovery in the Cloud." It will be included in the book: Security, Privacy, and Digital Forensics in the Cloud and Big Data Era, editors Lei Chen and Hassan Takabi, to be published by John Wiley and Sons (USA) and HEP (China) in November 9, 2016.
  4. Associate Reviewer for the IBM Journal on Research and Development (an IEEE Journal): reviewed three articles for volume 57, issue 6 of the journal (November/December 2013)
  5. Reviewer of the book Enterprise Java Security. Addison-Wesley, Boston, February 2004.

Professional Program Committee and Other Academic Activities

  1. Co-Chair of Work In Progress (WiP) and Poster Track of the Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico. December 4-8, 2017.
  2. Program Committee member of the Professional Tutorial Track of the Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC), San Juan, Puerto Rico. December 4-8, 2017.
  3. Program Committee member of the Technical Papers Track of the the 5th IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft). May 27-June 3, 2018, Gothenburg, Sweden.
  4. Co-Chair of the Tool Demos and Mobile Apps Track of the 4th IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft). May 22-23, 2017. Buenos Aires, Argentina.
  5. Program Committee member of the 4th IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft). May 22-23, 2017. Buenos Aires, Argentina.
  6. Program Committee Member of the Proceeding of the First Mobile! 2016, 1st International Workshop on Mobile Development. Co-located with SPLASH 2016! an ACM SIGPLAN conference, October 30- November 4th, 2016, Amsterdam, Netherlands.
  7. Program Committee Member of the Proceeding of the Tutorial of the 32nd Annual Computer Security Applications Conference (ACSAC 2015), Los Angeles. December 5-9, 2016.
  8. Program Committee Member of the Proceeding of the 3rd ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft), Austin, Texas, May 16-17, 2016.
  9. Leading the Student Participation in the Cyber Service-Learning Activities, part of the achievement for The National Centers of Academic Excellence in Cyber Operations Education Program (CAECyber Operations) starting Fall 2015 to current.
  10. Program Committee Member of the Faculty Development Applications at Iona College, Fall 2016 and Fall and Spring 2017.
  11. Freshman Advisor for Iona College since Fall 2015.
  12. Learning Community and Columba Cornerstone Advisor since Fall 2016.
  13. Faculty Advisor of the Computer Science Club at Iona College since Fall 2014.
  14. Organizer of a seminar for the Computer Science department. Guest: Jay Koven, a Ph.D. student in Cyber Security at the New York University (NYU) Tandon School of Engineering, Brooklyn, N.Y. A Methodology to Aid the Discovery of Information in Large Email Dataset Relevant to an Investigation. May 5, 2015.
  15. Program Committee Member of the ACM SIGPLAN 9th Workshop on Programming Languages and Analysis for Security (PLAS 2014), Uppsala, Sweden, July 2014.
  16. Associate Program Committee Member of the 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2014), Austria, Vienna, July 2014.
  17. Organizer of a Computer Science seminar. Guest: Dr. Marco Pistoia, manager, principal research staff member, master inventor at IBM T. J. Watson Research Center, Yorktown Height, N.Y. Introducing the importance of Cyber Security preparation in Academia. April 2013.
  18. Member of the Information Technology (IT) Committee, Iona College, New Rochelle, starting Fall 2012 semester to current.
  19. Member of the Search Faculty Committee, Computer Science department, Iona College, New Rochelle, starting Spring 2014 to current.
  20. Leading the Computer Science Web Page’s contents starting Spring 2015 to current.
  21. Lead of the Software Engineering research group at the New York University Polytechnic Institute, July 2003 – May 2005.

Selected Peer-Reviewed Research Publications and Presentations with Students

  1. Chelsea Ramsingh and Paolina Centonze. Program Analysis for SQL injections. Poster Presentation at the 3rd NSF Women in Cyber Security Conference (WiCyS 2017), Tucson, Ariz., March 31-April 1 (under submission).
  2. John Rocco and Paolina Centonze. Static Detection of Integrity and Confidentiality Anti-patterns in Mobile Applications. Work in Progress (WiP) accepted at the 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles. December 5-9, 2016.
  3. Stephen Rodriguez and Paolina Centonze. Dynamic Encryption Key Scheming Strategy (DEKSS): A New Security Model for Securing Customer Data within Cloud Services. Work in Progrss (WiP) accepted at the 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles. December 5-9, 2016.
  4. Paolina Centonze, John Rocco, James Lessard. Presented a lecture at the Learning In Retirement at Iona College (LIRIC). Lecture I: Cyber Security Awareness: Top Five Cyber Security Threats, Safety Tips, Statistics and Cyber Security Academic Programs. October 6, 2016, New Rochelle, N.Y.
  5. Monica Suleiman and Paolina Centonze. Role-Attribute-Based-Encryption (RABE) Access Control for Healthcare Cloud Systems. Published at the International Journal of Computers and Technology (IJCT). ISSN-2277-3061, Vol. 15, N.8, pages (6999-7007), June 2016.
  6. Vanessa Santana and Paolina Centonze. System Mechanisms and Analysis for Insecure Data Storage and Unintended Data Leakage for Mobile Applications. Published at the International Journal of Computers and Technology (IJCT). ISSN-2277-3061, Vol. 15, N.8, pages (7008-7020), June 2016.
  7. Michael G. Brown and Paolina Centonze. Exploiting Flaws in Big Data Systems. Published at the International Journal of Computers and Technology (IJCT). ISSN-2277-3061, Vol. 15, N.8, pages (6967-6975), May 2016.
  8. Walter Squires. Mobile Cross-Platform Permission Analysis for iOS and Android Applications. Peer-reviewed Student Research Competition (SRC). Proceedings of the 3rd IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft) Austin, Texas. May 16-17, 2016.
  9. Walter Squires, Paolina Centonze. Mobile Cross-Platform Permission Analysis for iOS and Android Applications. Proceedings of the 3rd IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft) Austin, Texas. May 16-17, 2016 (presentation, demo, paper).
  10. Vanessa Santana and Paolina Centonze. A Security Study and Comparative Analysis of Mobile Programming Languages and Their Security Mechanisms. Proceedings of the 3rd NSF National Women in Cyber Security (WiCyS) Cyber Security Conference, Dallas, March 31-April 1, 2016 (awarded also a studentconferenceship).
  11. Walter Squires and Paolina Centonze. Mobile Security Analysis. Peer-reviewed Work In Progress (WIP) presented at The 31st Annual Computer Security Applications Conference (ACSAC) in Los Angeles, December 7-11, 2015. (Note: Walter Squires also received a ACSAC 2015 Student Conferenceship).
  12. Walter Squires, Paolina Centonze. Deep Analysis for Mobile Applications. Poster presented at the 29th Annual National Conference on Undergraduate Research at the Eastern Washington University (NCUR), April 16-18, 2015, Eastern Washington University, Washington. (Note:Walter Squires received a very competitive and prestigious internship for the Secure Software Testing for Web and Mobile Applications RE at the University of North Texas, Summer 2015).
  13. William May, Paolina Centonze. Dynamic Analysis for Android Applications. In the Proceedings the 24th International Information Management Association Conference (IIMA), Iona College, New York, October 2013.
  14. William May, Paolina Centonze. Combining Static and Dynamic Analysis Permission for Android. 2013 Master's Level Graduate Research Conference. The College of Brockport, State University of New York, April, 2013.

Selected Student Thesis Research and Presentations

  1. Stephen Rodriguez and Paolina Centonze. Dynamic Encryption Key Scheming Strategy (DEKSS): A New Security Model for Securing Customer Data within Cloud Services.
  2. Chelsea Ramsingh. Program Analysis for SQL injections.
  3. Walter Squires, Paolina Centonze. Mobile Security Analysis for Android and iOS. Peer-reviewed poster presentation to the Seventh Annual Iona Scholars Day, April 12, 2016. Iona College, New Rochelle, N.Y.
  4. Walter Squires, Paolina Centonze. Mobile Security Analysis for Android and iOS. The Second Annual Science Symposium (sponsored by Iona College and ConEdison Inc.), April 16, 2016. Iona College, New Rochelle, N.Y.
  5. Michael Brown, Paolina Centonze. A Contemporary Comparison of Comprehensive Perimeter and Authentication Techniques for Hadoop and Big Data. Peer-reviewed poster presentation to the Seventh Annual Iona Scholars Day, April 12, 2016. Iona College, New Rochelle, N.Y.
  6. Michael Brown, Paolina Centonze. A Contemporary Comparison of Comprehensive Perimeter and Authentication Techniques for Hadoop and Big Data. The Second Annual Science Symposium (sponsored by Iona College and ConEdison Inc.), April 16, 2016. Iona College, New Rochelle, N.Y.
  7. Monica Suleiman, Paolina Centonze. Ensuring Confidentiality of Personal Health Records in Cloud Services by Using of Access Control. Peer-reviewed poster presentation to the Seventh Annual Iona Scholars Day, April 12, 2016. Iona College, New Rochelle, N.Y.
  8. Monica Suleiman, Paolina Centonze. Ensuring Confidentiality of Personal Health Records in Cloud Services by Using of Access Control. The Second Annual Science Symposium (sponsored by Iona College and ConEdison Inc.), April 16, 2016. Iona College, New Rochelle, N.Y.
  9. Vanessa Santana and Paolina Centonze, Security Study and Comparative Analysis of Mobile Programming Languages and their Security Mechanisms. Peer-reviewed poster presentation to the Seventh Annual Iona Scholars Day, April 12, 2016. Iona College, New Rochelle, N.Y.
  10. Walter Squires. Deep Analysis of Mobile Applications. Honors Thesis Defense. February, 2016. Iona College, New Rochelle, N.Y.
  11. Walter Squires, Paolina Centonze. Program Analysis for Android Mobile Applications. Peer-reviewed poster presentation at The Sixth Annual Iona Scholars Day April 14, 2015. Iona College, New Rochelle, New York.
  12. Walter Squires, Paolina Centonze. Permission Analysis for Android Applications. Presented at the First High School Science Symposium. New Rochelle, N.Y., Iona College, March 28, 2015.
  13. Kester Guischard, Paolina Centonze. Security Analysis to Identify iOS Over Privileged Applications. Peer-reviewed poster presentation at the Sixth Annual Iona Scholars Day, April 14, 2015 and at the First High School Science Symposium. New Rochelle, N.Y., Iona College March 28, 2015.

University, Industry and Conference Presentations

  1. Presenter of a Professional Tutorial: Program Analysis and Machine Learning to Improve Security and Privacy. In the Tutorial Proceedings of the 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles. December 5-11, 2016.
  2. Presented four lab tutorial-sessions to high school students on Ethical Hacking at the Second Science Symposium, (sponsored by Iona College and Con-Edison Inc.), New Rochelle, April 16, 2016.
  3. Presenter of a Professional Tutorial: Security and Privacy Analysis for Next Generation Malware. Published in the Tutorial Proceedings of the 31st Annual Computer Security Applications Conference (ACSAC), Los Angeles. December 7-11, 2015.
  4. Presenter of a Professional Tutorial: Cloud Security and Privacy. Published in the Tutorial Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC), New Orleans, December 7, 2014.
  5. Presenter of the paper and demo: Application and User-sensitive Privacy Enforcement in Mobile Systems. Accepted for Publication in the Proceeding of the 2nd ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft), Florence, Italy, May 16-24, 2015.
  6. Poster Presentation. Analysis of WikiCentral. IBM Academy of Technology (AoT) F2F. IBM T.J. Watson Research Center, Hawthorne, N.Y., June 2009. Joint work with Carlos Hoyos and Michael Cordes.
  7. Conference Presentation. Combining Static and Dynamic Analysis for Automatic Identification of Precise Access-Control Policies. 23rd Annual Computer Security Applications Conference (ACSAC 2007), Miami Beach, Fla., December 2007.
  8. Seminar Series. The Mathematical Theory of Partially Ordered Sets and Lattices and Its Applicability to Computer Science. IBM Thomas J. Watson Research Center, Hawthorne, N.Y., May-September 2007 (for a total of 12 seminars).
  9. University Seminar. Access Control Explorer (ACE). Department of Computer and Information Science. New York University (NYU), New York, NY, October 2007. Joint work with Julian Dolby, Emmanuel Geay, Marco Pistoia and Takaaki Tateishi.
  10. University Seminar. Static Analysis for Role-Based Access Control Policy Validation. University of Maryland, Electrical and Computer Engineering Department, College Park, Md., March 2007. Joint work with Stephen J. Fink, Robert J. Flynn and Marco Pistoia.
  11. University Seminar. Static Analysis for Role-Based Access Control Policy Validation. Programming Languages Research Group (PROLANGS), Rutgers University, Piscataway, N.J., February 2007. Joint work with Stephen J. Fink, Robert J. Flynn and Marco Pistoia.
  12. University Seminar. Role-Based Access Control Consistency Validation. Stevens Institute of Technology, Computer Science Department, Hoboken, N.J., May 2006. Joint work with Stephen J. Fink, Robert J. Flynn and Marco Pistoia.
  13. Conference Presentation. Role-Based Access Control Consistency Validation. ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2006), Portland, Maine, July 2006.
  14. University Seminar. A Unified Static Analysis Model for Stack- and Role-Based Authorization Systems. NYU-Poly, Department of Computer and Information Science, Brooklyn, N.Y., March 2006. Joint work with Robert J. Flynn and Marco Pistoia.
  15. University Seminar. Using Static Program Analysis for Stack-Inspection- and Role-Based Access Control Systems Security. École Normale Supérieure, Paris, October 2005. Joint work with Robert J. Flynn and Marco Pistoia.
  16. Industry Seminar. Automatic Verification of the Security Principle of Complete Mediation Using Static Analysis. IBM T.J. Watson Research Center, Hawthorne, N.Y., August 2005.
  17. Invited Industry Seminar. Using Program Analysis to Extend J2EE Access Control from Methods to Data. IBM T. J. Watson Research Center, Hawthorne, N.Y., September 2004.
  18. Workshop Presentation. Static Analysis of Role-Based Access Control in J2EE Applications. ACM TAV-WEB Workshop co-located with ISSTA Conference, Boston, July 2004.
  19. University Seminar. J2SE and J2EE Security. NYU-Poly, Brooklyn, N.Y., September 2003.

Skills and Interests

  • National Security Agency (NSA) Center of Academic of Excellence in Cyber Operation (CAE-CO) Accreditation Criteria
  • Partially ordered sets and lattices, Graph Theory
  • Theory of Computation, Algorithms, Abstract Interpretation, Program Analysis, Compilers
  • Language-Based Security
  • Cryptography
  • Cyber Security
  • Mobile Security Analysis
  • Cloud Security and Privacy
  • Malware Analysis
  • Machine Learning for Security
  • Programming languages: Java, PHP, JavaScript, Flex, SQL, Pascal, Fortran.
  • Mobile applications (iOS and Android) and their security implications
  • Databases: IBM DB2, JDBC, SQL, Alphablox
  • Web design and implementation: HTML, XML, CSS, Java, JavaScript, JSON, AJAX, Flash
  • Operating systems: Windows, UNIX, Mac OS
  • Applications: LaTeX, Microsoft Office

Immigration Status

Paolina Centonze is both an American and Italian citizen.

Spoken Languages

  1. English
  2. Italian (native)

Professional Affiliation

Association for Computing Machinery (ACM)