Domenico Cotroneo
Domenico Cotroneo Professor · Software Reliability & Security
Domenico Cotroneo

Dependable & Secure Software Systems

I serve as a Professor within the College of Computing and Informatics at UNC Charlotte. My mission is to engineer software systems that remain secure, reliable and trustworthy, even in the face of unpredictable AI evolution.

Software Security for Critical Infrastructures Software Fault Injection & Failure Analysis Software Aging and Performance Degradation AI for Software Dependability Trustworthy AI Code Generation & Code Quality Resiliency of Cloud & HPC Systems

Short Bio

Prior to joining UNC Charlotte, I was a Professor at the University of Naples Federico II. I am an IEEE Senior Member and an active member of the IFIP WG 10.4 on Dependable Computing and Fault Tolerance. My research focuses on Software Reliability and Security for large-scale infrastructures. I leverage Fault Injection and Failure Analysis to mitigate system degradation. My recent work integrates AI, applying ML for system monitoring and ensuring the trustworthiness of AI-generated code.

I play a leading role in the community, serving on the Steering Committees for the premier conferences in the field: DSN and ISSRE. In a career spanning over two decades, I have mentored more than 17 PhD students and co-authored 200+ papers in top-tier international journals and conferences.

Interested in research?
I enjoy working with motivated students on topics at the intersection of dependability, security, and AI-driven software engineering.

Research Interests

Software Security for Critical Infrastructures

I work on the security of software running in critical environments: industrial control systems, OT networks, and cyber-physical infrastructures, including settings where AI is part of the defense. One idea I helped shape is "Do No Harm" security: a defensive action must be formally verified before it can touch a real-time process. I have also shown that hardware-enforced isolation via Virtual Machine Introspection keeps these mechanisms intact even when the kernel is compromised.

Critical infrastructure protection OT / ICS security "Do No Harm" security VMI

Software Fault Injection & Failure Analysis

I study how to test the dependability of a system against realistic software defects. My paper "On fault representativeness of software fault injection" was one of the first to propose a method that is statistically sound and, at the same time, simple enough to be used in industry. I also work on log analysis, looking for the patterns and root causes of failures in real production systems.

Fault injection Failure modes

Software Aging and Performance Degradation

I look at how system resources slowly degrade in long-running software. My paper "Software aging analysis of the Linux operating system" was one of the first to measure performance degradation even when no user workload is present. The result is simple but useful: aging is not only caused by heavy use, it is also driven by background processes and OS jitter, and rejuvenation strategies should account for that.

Workload behavior Performance degradation

AI for Software Dependability

I use Machine Learning and Data Mining to make dependability assessment and monitoring more data-driven. The focus is on automatic anomaly detection and failure prediction in large distributed systems. By applying unsupervised learning to large amounts of field failure data and system logs, I look for hidden error patterns that traditional rule-based approaches tend to miss.

Vulnerability detection Failure prediction

Trustworthy AI Code Generation & Code Quality

I study the reliability and security of code produced by Large Language Models such as GitHub Copilot and ChatGPT. Through empirical studies, I measure how often the generated code carries security vulnerabilities or code smells. The goal is to define validation methods and prompt engineering strategies that lower the risk of introducing defects in critical software, so that AI-assisted development can meet real industrial standards.

Code smells Trustworthiness of AI code generators

Resiliency of Cloud & HPC Systems

I work on resiliency in very large distributed environments. The focus is on diagnosing complex failure patterns in Cloud and HPC systems, understanding how errors propagate across many nodes, and validating resiliency strategies through data-driven analysis and stress testing.

Resiliency of cyber-physical systems Direct measurements Evaluation benchmarks

Publications

I have co-authored more than 200 publications in international journals and conferences on software reliability engineering, dependable and secure computing. A selected subset is listed below; the full, up-to-date list is available on Google Scholar and DBLP.

200+ Publications
17+ PhD students
DSN · ISSRE Steering committees
Google Scholar →

2026

  1. Reading Between the Lines: Context-Aware AI-Based Generation of Software Exploits C. Improta, P. Liguori, R. Natella, B. Cukic, D. Cotroneo Empirical Software Engineering, 2026

2025

  1. Quality In, Quality Out: Investigating Training Data’s Role in AI Code Generation C. Improta, R. Tufano, P. Liguori, D. Cotroneo, G. Bavota IEEE/ACM International Conference on Program Comprehension (ICPC), 2025

2024

  1. AI Code Generators for Security: Friend or Foe? R. Natella, P. Liguori, C. Improta, B. Cukic, D. Cotroneo IEEE Security & Privacy, 2024

2012

  1. On Fault Representativeness of Software Fault Injection R. Natella, D. Cotroneo, J. A. Duraes, H. S. Madeira IEEE Transactions on Software Engineering, 2012

PhD Students

Current PhD Students

  • Roberta De Luca: Vulnerability Detection of AI-Generated Code / Security
  • Giuseppe De Rosa: Neural Software Fault Injection
  • Francesco Altiero: Software Security in OT Scenarios

Selected Past PhD Students

  • Marcello Cinque: Professor at University of Naples, Reliability of RT systems
  • Catello Di Martino: General Manager, Nokia Cognitive Digital Mine
  • Pietro Liguori: Assistant Professor at University of Naples, Trustworthy Code Generation

Over the past years, I have supervised more than 17 PhD students in the area of dependable and secure software systems.

Interested in a PhD?

If you are passionate about dependable systems, security, and AI-driven software engineering, I welcome inquiries from motivated students who are considering a PhD.

When contacting me, please briefly describe your background and interests.

Teaching

Current Courses (UNCC)

  • Introduction to Data Mining (ITCS 3162): Foundations of data exploration, preprocessing, ML pipelines, clustering, classification, and model evaluation.
  • Software Design and Implementation (ITCS 6112): Modern software engineering principles, software design, patterns, testing, and secure coding practices.

Past Courses (University of Naples Federico II)

  • Dependable Systems / Fault Tolerance
  • Operating Systems
  • Workload Characterization & Performance Evaluation
  • Foundations of Computer Engineering
  • Software Security for Industrial Systems

For Students

Do difficult things. It’s the only way to grow. Anyone can do what’s easy. The difficult things are the ones that challenge you, that reveal who you truly are. Don’t be afraid: jump in, make mistakes, get back up. Beauty in life is hidden inside the difficult things.

Roberto Benigni

Contact

Email
d.cotroneo AT charlotte dot edu
Office
Woodward Hall 205D,
Phone: (704) 687-1912
Computer Science Department,
College of Computing and Informatics,
University of North Carolina at Charlotte
Profiles
Google Scholar