Cleanse

Cleanse

Overview

The Cleanse Co-Innovation Lab - CLoud nativE ApplicatioN SEcurity - is a joint investment between Dedagroup and FBK for the sharing of its promoters’ strong competencies, with the aim to anticipate the emerging security requirements of cloud-native software systems built from modular, distributed components that continuously interact with each other and with external modules to organizations. Needs that will also become increasingly pressing as a result of new technologies, such as AI, and regulatory obligations, such as NIS2 or EU AI Act.

The lab will be concerned not only with developing methodologies and application solutions for security by design, but also with building those layers of security that will bridge the gaps that still exist in this area, and which are due to the distributed nature of native cloud software and external to the corporate perimeter in the case of public cloud use. Cleanse’s main objectives and areas of activity include:

  • DevSecOps & Secure Coding: defining software development processes that integrate security into the DevOps lifecycle, and providing tools for secure coding, automated vulnerability detection, and continuous compliance with security standards.
  • Digital Identity and Distributed Service Security: leveraging expertise from FBK’s Cybersecurity Center to develop solutions for identity, access management, and security in distributed cloud architectures, ensuring trust and reliability in digital interactions.
  • AI Enhanced Security: exploring the use of AI techniques to strengthen security—such as intelligent anomaly detection and AI based automated code verification—while ensuring that the AI components themselves remain secure and trustworthy.
  • Continuous Technology Transfer: Cleanse acts as a constant bridge between advanced research and industrial practice, with a specific focus on security.

Cleanse operates with a joint FBK–Dedagroup team, where cybersecurity researchers from FBK work alongside Dedagroup software engineers who bring deep understanding of customer needs and constraints in critical sectors. The lab positions itself as a frontier environment for security by design: a strategic investment that allows Dedagroup to experiment with and adopt new security solutions early in its products—ensuring high and up to date security standards for clients—while providing FBK with a real world testing environment to validate research and generate tangible impact, contributing to a more secure and trustworthy digital ecosystem.

GitHub Cleanse

Details

Related Publications

  • Giovanni Corti, Gianluca Sassetti, Amir Sharif, Serena Elisa Ponta, Matteo Rizzi, Pietro De Matteis, Luca Piras, Roberto Carbone, Silvio Ranise
    A First Appraisal of NIS2 and CRA Compliance Leveraging Open Source Tools
    In: IEEE 33rd International Requirements Engineering Conference Workshops (REW) (DOI)
  • Isaia Tonini, Giacomo Nalli, Luca Piras, Pietro De Matteis, Stelios Kapetanakis, Silvio Ranise
    Towards a Systematic Approach to Memory Safety: A Case Study Integrating Techniques and Practices Over the Software Development Life Cycle (SDLC)
    In: Advances on P2p, Parallel, Grid, Cloud and Internet Computing the 20th International Conference on P2p, Parallel, Grid, Cloud and Internet Computing (3PGCIC-2025). Online Conference (DOI)
  • Andrea Bisegna, Roberto Carbone, Laura Cristiano, Pietro De Matteis, Silvio Ranise
    Towards Continuous Risk Assessment and Conformance Checking of IdM Deployments
    In: Proceedings of 2025 10th IEEE European Symposium on Security and Privacy Workshops (EuroSPW) (DOI)
  • Stefano Berlato, Matteo Rizzi, Matteo Franzil, Silvio Cretti, Pietro De Matteis, Roberto Carbone
    Work-in-Progress: A Sidecar Proxy for Usable and Performance-Adaptable End-to-End Protection of Communications in Cloud Native Applications
    In: Proceedings of 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (DOI)

Related Theses

  • Carlo Sorrentino (Bachelor's Thesis, University of Trento, 2025)
    Automazione di supporto alla selezione di immagini Docker sicure
    Supervisor: Domenico Siracusa | Co-supervisors: Pietro De Matteis, Luis Augusto Dias Knob
  • Niccolò Lechthaler (Bachelor's Thesis, University of Trento, 2025)
    Towards the Parametrization of Security Testing Tools for IdM Implementations: The MIG-T Case Study
    Supervisor: Silvio Ranise | Co-supervisors: Andrea Bisegna, Laura Cristiano, Pietro De Matteis
  • Mattia Maramotti (Bachelor's Thesis, University of Trento, 2025)
    Testing as a Service for the Security and Compliance of Identity Management Solutions: Enhancing MIG A Scalable Abstract Architecture for Conformance Verification of Network Protocol Implementations
    Supervisor: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone, Laura Cristiano, Pietro De Matteis
  • Isaia Tonini (Bachelor's Thesis, University of Trento, 2025)
    Memory safety: dalla teoria alla pratica. Guida per una corretta gestione della memoria
    Supervisor: Silvio Ranise | Co-supervisors: Pietro De Matteis, Stefano Berlato
  • Lorenzo Zarantonello (Bachelor's Thesis, University of Trento, 2025)
    Design and Implementation of an AI-Powered Database for Security Testing in IdM Protocols: The MIG-T Case Study
    Supervisor: Silvio Ranise | Co-supervisors: Andrea Bisegna, Laura Cristiano, Pietro De Matteis
  • Claudio Foroncelli (Bachelor's Thesis, University of Trento, 2025)
    Cryptography Bill of Materials. Inventory, Analysis and Risk Assessment of Cryptographic Components in Software
    Supervisor: Silvio Ranise | Co-supervisors: Alessandro Tomasi, Pietro De Matteis, Luca Piras, Luis Augusto Dias Knob
  • Ilaria Rocchi (Master's Thesis, University of Trento, 2025)
    Deriving Compliance Insights from Enriched Software Bills of Materials
    Supervisor: Domenico Siracusa | Co-supervisors: Pietro De Matteis, Luca Piras
  • Filippo De Grandi (Bachelor's Thesis, University of Trento, 2024)
    BAS Tools - Implementation of an Attack Pattern to Mimic a Threat Actor
    Supervisor: Domenico Siracusa | Co-supervisors: Matteo Rizzi, Salvatore Manfredi, Pietro De Matteis
  • Matteo Bregola (Bachelor's Thesis, 2024)
    Comprehensive Analysis of Breach and Attack Simulation Tools
    Supervisor: Silvio Ranise | Co-supervisors: Pietro De Matteis, Matteo Rizzi, Salvatore Manfredi
  • Simone Vigasio (Bachelor's Thesis, University of Trento, 2024)
    Evaluation of an AI Approach for Static Code Analysis Based on the VULBERTA Model
    Supervisor: Domenico Siracusa | Co-supervisor: Pietro De Matteis
  • Roberto Savi (Bachelor's Thesis, University of Trento, 2024)
    Integrating Pentesting Tools for Identity Management Protocols into DevSecOps: The MIG-T Use Case
    Supervisor: Silvio Ranise | Co-supervisors: Andrea Bisegna, Roberto Carbone, Laura Cristiano, Pietro De Matteis

Involved People

Luca Piras

Luca Piras

Pietro De Matteis

Pietro De Matteis