Majid Mollaeefar

Core Expertise

I am a highly skilled and experienced cybersecurity specialist with a focus on risk management, IT security, risk assessment and analysis, data protection, and compliance regulations. My extensive research background has equipped me with strong analytical skills, including the ability to design and conduct studies, analyze data, and present findings to a wide range of audiences.

Cybersecurity Specialist

Fondazione Bruno Kessler (FBK), Trento, Italy

April 2023 – Present

Leading cybersecurity initiatives focusing on AI-powered threat analysis, privacy assessments, and risk management strategies for critical systems including automotive cybersecurity and digital identity solutions.

Cybersecurity Researcher (Ph.D. Career)

Fondazione Bruno Kessler (FBK), Trento, Italy

November 2018 – November 2022

Developed innovative methodologies for multi-stakeholder risk assessment, conducted Data Protection Impact Assessments (DPIA), and created AI-powered tools for automated threat analysis and privacy risk modeling.

Junior Information Security Specialist

Arian Holding, Tehran

February 2017 – January 2018

Conducted comprehensive gap analyses to achieve ISO 27001 compliance, drafted and implemented ISMS documentation, and delivered training programs to enhance organizational security awareness.

Ph.D. in Cybersecurity

University of Genova, Genova, Italy

November 2018 - November 2022

Dissertation: "Automating the Quantification and Mitigation of Risks for Multiple Stakeholders"

View Thesis

2025

A comparative benchmark study of LLM-based threat elicitation tools

Dimitri Van Landuyt, Majid Mollaeefar, Mario Raciti, Stef Verreydt, Abdulaziz Kalash, Andrea Bissoli, Davy Preuveneers, Giampaolo Bella, Silvio Ranise

Journal of Future Generation Computer Systems (FGCS) Journal

2025

Multi-entity Control-based Risk Assessment: A European Digital Identity Wallet Use Case

Majid Mollaeefar, Amir Sharif, Zahra Ebadi Ansaroudi, Giada Sciarretta, Francesco Antonio Marino, Silvio Ranise

The 30th Nordic Conference on Secure IT Systems (Nordsec25) Conference

PDF

2025

PILLAR: LINDDUN Privacy Threat Modeling using LLMs

Majid Mollaeefar, Andrea Bissoli, Dimitri Van Landuyt, Silvio Ranise

International Workshop on Privacy Engineering (IWPE'25) Workshop

PDF

2024

Modeling and Assessing Coercion Threats in Electronic Voting

Riccardo Longo, Majid Mollaeefar, Umberto Morelli, Chiara Spadafora, Alessandro Tomasi, Silvio Ranise

19th International Conference on Risks and Security of Internet and Systems (CRiSIS) ConferenceBest Paper 🏆

2024

Protecting Digital Identity Wallet: A Threat Model in the Age of eIDAS 2.0

Amir Sharif, Zahra Ebadi Ansaroudi, Giada Sciarretta, Daniela Pöhn, Majid Mollaeefar, Wolfgang Hommel, Silvio Ranise

19th International Conference on Risks and Security of Internet and Systems (CRiSIS) Conference

2024

A Risk-based Approach to Trustworthy AI Systems for Judicial Procedures

Majid Mollaeefar, Eleonora Marchesini, Roberto Carbone, Silvio Ranise

4th Ital-AI Workshop AI Responsabile e Affidabile Workshop

PDF

2023

Identifying and Quantifying Trade-offs in Multi-Stakeholder Risk Evaluation with Applications to the Data Protection Impact Assessment of the GDPR

Majid Mollaeefar, Silvio Ranise

Journal of Computers & Security Journal

PDF

2020

Multi-Stakeholder Cybersecurity Risk Assessment for Data Protection

Majid Mollaeefar, Alberto Siena, Silvio Ranise

17th International Conference on Security and Cryptography (SECRYPT 2020) Conference

PDF

2017

A novel encryption scheme for colored image based on high level chaotic maps

Majid Mollaeefar, Amir Sharif, Mahboubeh Nazari

Journal of Multimedia Tools and Applications Journal

2017

A novel method for digital image steganography based on a new three-dimensional chaotic map

Sharif, Amir, Majid Mollaeefar, Mahboubeh Nazari

Journal of Multimedia Tools and Applications Journal

2017

An improved method for digital image fragile watermarking based on chaotic maps

Nazari, Mahboubeh, Amir Sharif, Majid Mollaeefar

Journal of Multimedia Tools and Applications Journal

2016

A novel method for image encryption using chaotic maps

Amir Sharif, Majid Mollaeefar, M. Habibi, M. Nazari

3rd International Conference on Applied Research in Computer and Information Technology Conference

2015

An improved method for image encryption based on high level chaotic maps and improved gravity model

Majid Mollaeefar, Amir Sharif, M. Habibi, Mahboubeh Nazari

International Congress on Technology, Communication and Knowledge (ICTCK) Conference

AutoSecGPT

Description: An AI-powered tool designed to automate threat modeling for automotive applications, aligned with ISO/SAE 21434 standard. AutoSecGPT supports security teams by facilitating the entire cybersecurity engineering process—from threat identification to risk assessment.

Key Features:

• Works with different LLMs such as OpenAI to analyze threat scenarios
• Identifies security threats specific to automotive systems
• Generates detailed threat scenarios and descriptions to facilitate risk understanding
• Visualizes threat scenarios through attack graphs
• Conducts likelihood and impact assessments to prioritize threats
• Supports Threat Analysis and Risk Assessment (TARA) as per ISO/SAE 21434

Languages: Python, JavaScript, HTML

View on GitHub Watch Demo

PILLAR

Description: Privacy risk Identification with LINDDUN and LLM Analysis Report (PILLAR) is an AI-powered tool developed to automate and enhance privacy threat modeling. Built on the LINDDUN framework, PILLAR leverages Large Language Models (LLMs) to automatically generate Data Flow Diagrams (DFDs), identify privacy threats, and prioritize risks.

Key Features:

• Automates privacy threat modeling using LINDDUN and LLMs
• Generates DFDs from natural language descriptions
• Simulates multi-agent collaboration for comprehensive threat analysis
• Assesses the impact of identified privacy threats
• Suggests control measures based on privacy patterns
• Generates comprehensive reports on privacy threat modeling

Language: Python

View on GitHub Try Live Demo

Multi-Stakeholder Risk Assessment Tool

Description: A comprehensive risk assessment tool that enables risk analysts to perform risk evaluation in a multi-stakeholder manner for a given system. The tool addresses the complexity of balancing different stakeholders' interests in risk management decisions.

Purpose:

• Evaluate and quantify risk levels for all involved stakeholders
• Solve the risk minimization problem as a multi-objective optimization challenge
• Identify trade-offs between conflicting stakeholder interests
• Support decision-making with quantitative risk data

Languages: Java, Scala

Data Format: JSON

View on GitHub

DIWAR

Description: Digital Identity Wallet Analysis and Risk assessment (DIWAR) is a control-based risk assessment tool specifically designed for Digital Identity Wallet ecosystems. It integrates DREAD factors with entity-specific control attribution to quantitatively evaluate threats and prescribe targeted mitigations aligned with each entity's responsibilities.

Key Features:

• Entity-specific risk assessment for Issuers, Verifiers, and Wallet Providers
• Control-based evaluation using the (modified) DREAD model (Damage, Reproducibility, Exploitability, Affected users, Detectability)
• Multi-level control implementation (Basic, Intermediate, Advanced)
• Qualitative risk matrix with color-coded severity levels
• Interactive threat and control visualization
• Role-specific security control recommendations

Language: Python

Framework: Streamlit

View on GitHub

Past Students:

Agentic Threat Modeling

Daniele Calvo

Bachelor's Thesis, University of Trento, May 2025

Exploring LLMs for privacy threats assessment

Andrea Bissoli

Bachelor's Thesis, University of Trento, July 2024

Transferability of Adversarial Machine Learning Attacks

Stefano Camposilvan

Bachelor's Thesis, University of Trento, May 2024

Towards Risk Assessment of Adversarial Machine Learning

Mattia Bressan

Bachelor's Thesis, University of Trento, November 2023