Majid Mollaeefar
Cybersecurity | Privacy Enthusiast.
About Me
I am a highly skilled and experienced cybersecurity specialist with a focus on risk management, IT security, risk assessment and analysis, data protection, and compliance regulations. My extensive research background has equipped me with strong analytical skills, including the ability to design and conduct studies, analyze data, and present findings to a wide range of audiences.
Experience
Cybersecurity Specialist
Fondazione Bruno Kessler (FBK), Trento, Italy | Nov 2018 – Present
- Developed the Multi-Stakeholder Risk Minimization methodology to balance privacy, security, and cost considerations in risk mitigation strategies.
- Led the DPIA for the Trace4Safe contact tracing system, ensuring GDPR compliance and identifying security risks in real-world systems.
- Conducted threat analyses for critical systems, including the EU Digital Identity Wallet and E-Voting protocols, identifying vulnerabilities and proposing countermeasures.
- Designed and developed AutoSecGPT, an AI-powered tool automating Threat Analysis and Risk Assessment (TARA) processes for automotive cybersecurity, compliant with ISO/SAE 21434.
- Created PILLAR, an AI-driven privacy threat modeling tool that automates privacy risk analysis using LINDDUN and generates comprehensive DFDs and privacy reports.
- Contributed to European HORIZON research proposals, focusing on AI robustness, cybersecurity, and privacy protection.
- Played a key role in the JuLIA European project, formulating risk-aware strategies for AI use in judicial systems.
- Supervised and mentored students at the University of Trento, guiding them in cybersecurity research and privacy-enhancing technologies.
Junior Information Security Specialist
Arian Holding, Tehran | Feb 2017 – Jan 2018
- Conducted gap analyses to improve the company’s information security posture, achieving ISO 27001 compliance.
- Drafted and implemented ISMS documentation, improving governance and security standards.
- Led employee training initiatives, reducing internal cybersecurity incidents by 20%.
Education
Ph.D. Cybersecurity Posture
University of Genova, Genova, Italy
Nov 2018 - Nov 2022
Dissertation: “Automating the Quantification and Mitigation of Risks for Multiple Stakeholders” (pdf)
Advisor: Prof. Silvio Ranise
Publications
| # | Title | Year |
|---|---|---|
| PILLAR: an AI-Powered Privacy Threat Modeling Tool
Majid Mollaeefar, Andrea Bissoli, Silvio Ranise.
arXiv (pdf)
|
2024 | |
| Modeling and Assessing Coercion Threats in Electronic Voting
Riccardo Longo, Majid Mollaeefar, Umberto Morelli, Chiara Spadafora, Alessandro Tomasi, Silvio Ranise.
19th International Conference on Risks and Security of Internet and Systems (CRiSIS).
|
2024 | |
| Protecting Digital Identity Wallet: A Threat Model in the Age of eIDAS 2.0
Amir Sharif, Zahra Ebadi Ansaroudi, Giada Sciarretta, Daniela Pöhn, Majid Mollaeefar, Wolfgang Hommel, and Silvio Ranise.
19th International Conference on Risks and Security of Internet and Systems (CRiSIS).
|
2024 | |
| A Risk-based Approach to Trustworthy AI Systems for Judicial Procedures.
Majid Mollaeefar, Eleonora Marchesini, Roberto Carbone, and Silvio Ranise.
4th Ital-AI Workshop AI Responsabile e Affidabile. (pdf)
|
2024 | |
| The DPIA of an Enterprise Contact Tracing Solution: Lessons Learned at the Crossroads of Cybersecurity and Data Protection
Majid Mollaeefar, Roberto Carbone, and Silvio Ranise.
To be submitted. Unpublished version (pdf)
|
2024 | |
| Identifying and Quantifying Trade-offs in Multi-Stakeholder Risk Evaluation with Applications to the Data Protection Impact Assessment of the GDPR
Majid Mollaeefar, and Silvio Ranise.
Journal of Computers & Securit. (pdf)
|
2023 | |
| Multi-Stakeholder Cybersecurity Risk Assessment for Data
Protection.
Majid Mollaeefar, Alberto Siena, and Silvio Ranise.
17th International Conference on Security and Cryptography (SECRYPT 2020). (pdf)
|
2020 | |
| 3 | A novel encryption scheme for colored image based on high level chaotic
maps.
Majid Mollaeefar, Amir Sharif, and Mahboubeh Nazari.
Journal of Multimedia Tools and Applications
|
2017 |
| 4 | A novel method for digital image steganography based on a new
three-dimensional chaotic map.
Sharif, Amir, Majid Mollaeefar, and Mahboubeh Nazari.
Journal of Multimedia Tools and Applications
|
2017 |
| 5 | An improved method for digital image fragile watermarking based on chaotic
maps.
Nazari, Mahboubeh, Amir Sharif, and Majid Mollaeefar.
Journal of Multimedia Tools and Applications
|
2017 |
| 6 | A novel method for image encryption using chaotic maps.
Amir Sharif, Majid Mollaeefar, M. Habibi, and M. Nazari.
3rd international conference on applied research in computer and information
technology.
|
2016 |
| 7 | An improved method for image encryption based on high level chaotic maps
and improved gravity model.
Majid Mollaeefar, Amir Sharif, M. Habibi, and Mahboubeh Nazari.
International Congress on Technology, Communication and Knowledge (ICTCK).
|
2015 |
Developed Tools
AutoSecGPT
Description: AutoSecGPT is an AI-powered tool designed to help teams produce better threat models for their automotive applications. Aligned with the ISO/SAE 21434 standard, AutoSecGPT supports security teams by facilitating the entire cybersecurity engineering process—from threat identification to risk assessment. The ISO/SAE 21434 standard emphasizes the importance of identifying and assessing cybersecurity risks to anticipate and prepare for potential attack scenarios. Threat modeling, a critical activity in the software development lifecycle, is often overlooked or poorly executed, and the AutoSecGPT objective is to address this gap. Some features of the tool are:
- Works with different LLMs such as OpenAI to analyze threat scenarios
- Identify security threats specific to automotive systems
- Generate detailed threat scenarios and descriptions to facilitate risk understanding
- Visualize threat scenarios through attack graphs, enabling users to better understand threat causes
- Conduct likelihood and impact assessments to prioritize threats and propose mitigation controls
- Supports Threat Analysis and Risk Assessment (TARA) as per ISO/SAE 21434
Program Language: Python, Javascript, HTML
Access: Publicly available. Link . For a detailed demonstration of the tool watch the Demo
PILLAR
Description: PILLAR (Privacy risk Identification with LINDDUN and LLM Analysis Report) is an AI-powered tool developed to automate and enhance privacy threat modeling. Built on the LINDDUN framework, PILLAR leverages Large Language Models (LLMs) to automatically generate Data Flow Diagrams (DFDs), identify privacy threats, and prioritize risks. PILLAR is especially useful for industries dealing with sensitive data and needing to comply with regulations such as GDPR. By simplifying privacy threat modeling, PILLAR ensures that organizations can efficiently identify, mitigate, and manage privacy risks throughout the system development lifecycle. Key features include:
- Automates privacy threat modeling using LINDDUN and LLMs
- Generates DFDs from natural language descriptions
- Simulates multi-agent collaboration for more comprehensive threat analysis
- Assesses the impact of identified privacy threats and suggests control measures based on the privacy patterns
- Generates a comprehensive Report on the privacy threat modeling of the application
Program Language: Python
Access: Publicly available. GitHub Link . Try it out at this Website.
Multi-Stakeholder Risk Assessment Tool
Description: It is a risk assessment tool that enables risk analysts to perform a risk evaluation in a multi-stakeholder manner for a given system. The tool has a two-fold purpose:
- Evaluate and quantify risk levels for all involved stakeholders
- Solving the risk minimization problem, which is a multi-objective optimization problem
Program Language: This tool is written in Java and partially in Scala, it works with JSON files, all inputs and outputs.
Access: Publicly available. Link
Privacy Assessment GPT
Description: It is an AI-powered tool aiming to support privacy threat modeling and risk assessment by leveraging LLMs. Some features of the tool are:
- Works with different LLMs such as Open AI and Mistral
- Identify privacy threats based on LINDDUN threat categories together with potential consequences
- Generate threat scenarios and propose controls for the identified threats
- Generate different mitigation levels and interact the user for risk assessment in the form of generating a questionnaire
- and many more
Program Language: Python.
Access: Not publicly available yet. It is an ongoing project and if you are intersted, please contact me for more details .
Supervised Internship & Theses
Past Students:
|
Exploring LLMs for privacy threats assessment
Andrea Bissoli (Internship, University of Trento, July 2024)
|
|
|
Transferability of Adversarial Machine Learning Attacks
Stefano Camposilvan (Bachelor's Thesis, University of Trento, May 2024)
|
|
|
Towards Risk Assessment of Adversarial Machine Learning
Mattia Bressan (Bachelor's Thesis, University of Trento, November 2023)
|
Contact
Fondazione Bruno Kessler, Via Sommarive 18, Trento, 38123, Italy.
Email: m[surname]@fbk.eu