Mattia MongaUniversity of Milan | UNIMI · Department of Computer Science
Mattia Monga
Associate professor
About
136
Publications
16,919
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,591
Citations
Introduction
Additional affiliations
July 2005 - September 2005
July 2003 - October 2003
January 1999 - December 2002
Publications
Publications (136)
There can be many reasons why students fail to answer correctly to summative tests in advanced computer science courses: often the cause is a lack of prerequisites or misconceptions about topics presented in previous courses. One of the ITiCSE 2020 working groups investigated the possibility of designing assessments suitable for differentiating bet...
In this report we investigate how pupils tackle an interactive problem-solving task recently proposed in the Bebras Challenge. The task comes across as fun and simple and we proposed it to all pupils from fourth grade up. We analyzed the data collected, produced by 18,486 participating teams while interacting with the local Bebras platform. The qua...
Every year the Bebras challenge proposes small tasks to students, based on CS concepts. In Italy, in 2021 for the first time, it was possible to choose whether to participate in the challenge individually or in teams of two students. The team size was expected to affect the performance of students; in particular working in pairs was expected to inc...
Computer programs are part of our daily life, we use them, we provide them with data, they support our decisions, they help us remember, they control machines, etc. Programs are made by people, but in most cases we are not their authors, so we have to decide if we can trust them. Programs enable computers and computer-controlled machines to behave...
In the Italian Bebras Challenge on Informatics and Computational Thinkings, an interactive online platform is used to display attractive tasks to teams of pupils, and evaluate the answers they submit. We instrumented the platform in order to collect also data concerning the interactions of pupils with the system. We analyzed this data according to...
A Bebras short task, a tasklet, is designed to provide a source for exploring a computational thinking concept: at the end of the contest it could be used as a starting point to delve deeper into a computing topic. In this paper we report an experience which aims at taking full advantage of the potential of Bebras tasklets. A math teacher asked her...
Although programming is often seen as a key element of constructionist approaches, the research on learning to program through a constructionist strategy is somewhat limited, mostly focusing on how to bring the abstract and formal nature of programming languages into “concrete”, possibly tangible objects, graspable even by children with limited abs...
Teaching informatics with a socio-constructivist approach is the theme of the Professional Development (PD) proposal for teachers we present in this paper. This proposal is built upon the expertise we developed in the last few years by designing and delivering enrichment activities to school students, where constructivist strategies are used to let...
In order to bring informatics, its ideas and ways of thinking of major educational value to all primary and secondary school students, the Italian Inter-universities Consortium for Informatics (CINI), in collaboration with the academic associations who gather together researchers in informatics (GRIN) and computer engineering (GII), has recently pr...
The microservices architectural style is changing the way in which software is perceived, conceived and designed. Thus, there is a call for techniques and tools supporting the problem of specifying and verifying communication behavior of microservice systems. We present a formal semantics based on Petri nets for microservices based process flows sp...
Bebras, an international challenge organized on an annual basis in several countries (50 in 2016), has the goal of promoting informatics and computational thinking through attractive tasks. We analyzed Bebras tasks by considering the Computational Thinking (CT) skills each task promotes, starting from the operational definition of CT developed by t...
This paper discusses how a few changes in some computational thinking tasks proposed during the Bebras challenge affected the solvers' performance. After the 2016 challenge held in November in our country (Italy), we interviewed some participants on the difficulties they had faced and we modified some of the tasks accordingly. We then proposed the...
We describe an extra-curricular learning unit for students of upper secondary schools, focused on the discovery of greedy strategies. The activity, based on the constructivistic methodology, starts by analyzing the procedure naturally arising when we aim at minimizing the total number of bills and coins used for giving change. This procedure is use...
We present a new classification method for Bebras tasks based on the ISTE/CSTA operational definition of computational thinking. The classification can be appreciated by teachers without a formal education in informatics and it helps in detecting the cognitive skills involved by tasks, and makes their educational potential more explicit.
When a piece of software is loaded on an untrusted machine it can be analyzed by an attacker who could discover any secret information hidden in the code. Software protection by continuously updating the components deployed in an untrusted environment forces a malicious user to restart her or his analyses, thus reducing the time window in which the...
Recently, several actions aimed at introducing informatics concepts to young students have been proposed. Among these, the “Hour of Code” initiative addresses a wide audience in several countries worldwide, with the goal of giving everyone the opportunity to learn computer science. This paper compares Hour of Code with an alternative, yet similar,...
The recent extensive availability of ‘cloud’ computing platforms is very appealing for the formal verification community. In fact, these platforms represent a great opportunity to run massively parallel jobs and analyze ‘big data’ problems, although classical formal verification tools and techniques must undergo a deep technological transformation...
This paper analyses the results of the 2014 edition of the Italian Bebras/Kangourou contest, exploiting the Item Response Theory statistical methodology in order to infer the difficulty of each of the proposed tasks starting from the scores attained by the participants. Such kind of analysis, enabling the organizers of the contest to check whether...
In order to introduce informatic concepts to students of Italian secondary schools, we devised a number of interactive works
hops conceived for pupils aged 10--17. Each workshop is intended to give
pupils the opportunity to explore a computer science topic:
investigate it firsthand, make hypotheses that can then be tested in
a guided context during...
In this paper, after discussing the state of computer science
education in Italy, we report our experiments in introducing
informatic concepts to students of Italian secondary schools through
a mix of tangible and abstract object manipulations: a strategy
which we call \emph{algomotricity}. The goal we set ourselves was to
let pupils discover the f...
Most applications of wireless sensor networks (WSNs) rely on data about the positions of sensor nodes, which are not necessarily known beforehand. Several localization approaches have been proposed but most of them omit to consider that WSNs could be deployed in adversarial settings, where hostile nodes under the control of an attacker coexist with...
Aspect-oriented concepts are currently exploited to model systems from the beginning of their development. Aspects capture potentially cross-cutting concerns and make it easier to formulate desirable properties and to understand analysis results than in a tangled system. However, the complexity of interactions among different aspectualized entities...
The recent extensive availability of "big data" platforms calls for a more
widespread adoption by the formal verification community. In fact, formal
verification requires high performance data processing software for extracting
knowledge from the unprecedented amount of data which come from analyzed
systems. Since cloud based computing resources ha...
Dealing with complex systems often needs the building of huge reachability graphs, thus revealing all the challenges associated with big data access and management. It also requires high performance data processing tools that would allow scientists to extract the knowledge from the unprecedented amount of data coming from these analyzed systems. In...
In this paper we report on our experiments in teaching computer science concepts with a mix of tangible and abstract object manipulations. The goal we set ourselves was to let pupils discover the challenges one has to meet to automatically manipulate formatted text. We worked with a group of 25 secondary school pupils (9-10th grade), and they were...
We describe a teaching activity about word-processors we proposed to a group of 25 pupils in 9th/10th grades of an Italian secondary school. While the pupils had some familiarity with word-processor operations, they had had no formal instruction about the automatic elaboration of formatted texts. The proposed kinesthetic/tactile activities turned o...
The growing availability of distributed and cloud computing frameworks make
it possible to face complex computational problems in a more effective and
convenient way. A notable example is state-space exploration of discrete-event
systems specified in a formal way. The exponential complexity of this task is a
major limitation to the usage of consoli...
The importance of computer science education in secondary, and even primary school, has been pointed out by many authors. But too often pupils only experience ICT, both at home and at school, and confuse it with computer science. We organized a game-contest, the Kangourou
of
Informatics, with the aim to attract all pupils (not only the talented one...
th edition of the SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. In fact, software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field. As a...
Wireless Sensor Networks (WSNs) support data collection and distributed data processing by means of very small sensing devices
that are easy to tamper and clone: therefore classical security solutions based on access control and strong authentication
are difficult to deploy. In this paper we look at the problem of assessing the reliability of node...
Wireless Sensor Networks (WSN) support data collection and distributed data processing by means of very small sensing devices that are easy to tamper and cloning: therefore classical security solutions based on access control and strong authentication are difficult to deploy. In this paper we look at the problem of assessing security of node locali...
We propose a framework that provides a programming interface to perform complex dynamic system-level analyses of deployed production systems. By leveraging hardware support for virtualization available nowadays on all commodity machines, our framework is completely transparent to the system under analysis and it guarantees isolation of the analysis...
Wireless Sensor Networks (WSN) support data collection and distributed data processing by means of very small sensing devices that are easy to tamper and cloning: therefore classical security solutions based on access control and strong authentication are difficult to deploy. In this paper we look at the problem of assessing security of node locali...
The 6th edition of the SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. In fact, software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field....
The knowledge of node positions is a core concept in any Wireless Sensor Network context. Several localization algorithms were devised, but secure localization of sensor nodes is still a challenging task to achieve with a high level of performance. In fact, location information might be the target of different kinds of malicious attacks and several...
Wireless sensor networks had a big diffusion in the last few decades and they are used in many application domains. Services built on them require to handle a big amount of data, and a fundamental requirement is their quality, highly affected by the security of the whole system. Some encryption techniques can be adopted, but it is also necessary to...
Most software quality research has focused on identifying faults (i.e., information is incorrectly recorded in an artifact). Because software still exhibits incorrect behavior, a different approach is needed. This paper presents a systematic literature ...
Software is at core of most of the business transactions and its smart integration in an industrial setting may be the competitive advantage even when the core competence is outside the ICT field. As a result, the revenues of a firm depend directly on several complex software-based systems. Thus, stakeholders and users should be able to trust these...
Increasingly, web applications handle sensitive data and interface with critical back-end components, but are often written by poorly experienced programmers with low security skills. The majority of vulnerabilities that affect web applications can be ascribed to the lack of proper validation of user's input, before it is used as argument of an out...
Aspect-oriented programming (AOP) fosters the coding of tangled concerns in separated units that are then woven to- gether in the executable system. Unfortunately, the oblivi- ous nature of the weaving process makes dicult to gure out the augmented system behavior. It is dicult, for ex- ample, to understand the eect of a change just by reading the...
Aspect-oriented concepts are currently exploited to model systems from the beginning of their development. Aspects capture potentially crosscutting concerns and make it easier to formulate desirable properties and to understand analysis results than in a tangled system. However, the complexity of interactions among different aspectualized entities...
This paper describes an approach (SPY) to recovering the specification of a software component from the observation of its run-time behavior. It focuses on components that behave as data abstractions. Components are assumed to be black boxes that do not allow any implementation inspection. The inferred description may help understand what the compo...
This paper proposes an approach for the specification of the behavior of software components that implement data abstractions. By generalizing the ap- proach of behavior models using graph transformation, we provide a concise spec- ification for data abstractions that describes the relationship between the internal state, represented in a canonical...
Modern worms can spread so quickly that any countermeasure based on human reaction might not be fast enough. Recent research has focused on devising algorithms to automatically produce signature for polymorphic worms, required by Intrusion Detection Systems. However, polymorphic worms are more complex than non-mutating ones as they also require the...
One of the Holy Grails of Computer Science for many decades has been to make the power of computer programming accessible to more and more people. The earliest "high level" languages, FORTRAN and COBOL, were intentionally designed to be written and understood ...
Specification recovery is a necessary step of many reverse engineering and reuse efforts. This paper deals with recovering the semantic part of a component's interface. It focuses on stateful components that provide data abstractions. Recovery is achieved by following a black-box strategy, i.e. by observing the component's dynamic behavior. Among t...
The theme of this year of the International Conference on Software Engineering is about "Developing Dependable Software", acknowledging the fact that our lives depend directly on several complex software-based systems. The Internet connects and enables a growing list of critical activities from which people expect services and revenues. They should...
The automatic identification of security-relevant flaws in binary executables is still a young but promising research area. In this paper, we describe a new approach for the identification of vulnerabilities in object code we called smart fuzzing. While conventional fuzzing uses random input to discover crash conditions, smart fuzzing restricts the...
We call ldquomodularrdquo firm a network of small interacting firms, exchanging artifacts (atoms) and information (bits) to accomplish a common goal. In this paper we propose a method to assess how effective is the information exchange among firm modular units. We propose to model a modular firm as a set of units that interact through well-defined...
The significance of code normalization in self-mutating malware, is discussed. Code normalization reduces different instances of the same malware into a common form that can enable accurate detection of malware. A malware adopt several common strategies to achieve code mutation and applies these transformations randomly to control-flow graph. Metam...
AspectJ aims at managing tangled concerns in Java sys- tems. Crosscutting aspect definitions are woven into the Java bytecode at compile-time. Whether the better mod- ularization introduced by aspects is real or just apparent remains unclear. While aspect separation may be useful to focus the programmer's attention on a specific concern, the oblivi...
Traditional support tools for software engineers, normally based on a client–server architecture, are unsuitable to deal with the new issues emerging from the current (and future) cooperative work scenarios (where connectivity is intrinsically transient, the number of interacting partners dynamically changes, etc.). This paper presents a quantitati...
Recent advances in wireless networks enable decentralized cooperative and nomadic work scenarios where mobile users can interact in performing some tasks without being permanently online. Scenarios where connectivity is transient and the network topology may change dynamically are considered. Connectivity among nodes does not require the support of...
Aspect-oriented concepts are currently introduced in all phases of the software development life cycle. However, the complexity of interactions among different aspects and between aspects and base entities may reduce the value of aspect-oriented separation of cross-cutting concerns. Some interactions may be intended or may be emerging behavior, whi...
Next generation malware will by be characterized by the intense use of polymorphic and metamorphic techniques aimed at circumventing the current malware detectors, based on pattern matching. In order to deal with this new kind of threat, novel techniques have to be devised for the realization of malware detectors. Recent papers started to address s...
Software value assessment is not an easy task. Many techniques have been proposed in the past, qualitative and quantitative, based on human eval- uation or on measureable metrics. This paper pro- poses a quantitative technique based on the con- cept that "modularization is value", applied to the Debian package database. This (software imple- mented...
Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and patch maintenance. ...
E-learning has the potential to offer significant advantages over traditional classroom learning. It however requires a complete redefinition of the dynamics of interaction between the various actors of a classroom. Moreover, in this context, the authoring of instructional material requires much more time than in traditional learning. Therefore, a...