ERCIM FMICS Member 2010–to date ERCIM WG on Formal Methods for Industrial Critical Systems (FMICS)

ERCIM STM Member 2010–to date
ERCIM Working Group on Security and Trust Management (STM)

External Reviewer – British Council 2018–to date
Reviewing funding applications for the Newton Fund Researcher Link programme

External Reviewer – EPSRC 2013–to date
Reviewing funding applications for the Engineering and Physical Sciences Research Council (EPSRC)   Academic Editor – Security and Communications Networks October 2012–to date   Distinguished Editorial Board Member – International Journal of Cyber Forensics and Advanced Threat Investigations August 2020–to date

Research interests

Security in the IoT and Software-defined Networking
The emergence of IoT and SDN systems has changed the computing landscape in recent years in a drastic manner bringing with it an unprecedented level of flexibility and complexity in how computing systems and networks can be designed, implemented, deployed and used.  This means new challenges as more and more business applications rely on such systems. Particularly, in terms of issues such as security, privacy and dependability.  In this area, my research is focused on understnading, at a fundamental scientific level, how these issues can be tackled to engineer more reliable and robust systems.

Security and Privacy Metrics and Datasets
With the ever increasing amount and variety of data generated by modern systems (often referred to as Big Data) and the tendency to advocate open datasets, it becomes important to deploy analysis methods, such as data mining, to understand the security and privacy implications of releasing data.  Big data may also reflect the state of the systems that generate or release them.  In this area, I am intersted in exploring analysis methods as well defining new metrics for measuring security and privacy.

Formal Specification of Security Properties
Computing systems that are risk-critical, such as components of avionic or defence systems, or cost-critical such as systems handling large-scale scientific experiments are required to have a high degree of security and reliability in the face of human error and external malicious intruders. Therefore, the use of robust formal methods, though expensive, is desirable in ensuring that such systems do not fail frequently and provide a minimum trustworthy behaviour for their users. My main interest here is the use of formal specification and analysis techniques in modelling and verifying critical systems and protocols.  In particular, I am interested in analyses driven by security and privacy properties.

Requirements Engineering
Requirement engineering is concerned with the analysis of the requirements of systems before the systems are designed or implemented. There are several requirements engineering methodologies, such as i*/Tropos and KAOS, which allow computer engineers to specify and analyse the requirements and properties of their to-build systems. My main research interests in this area are concerned with the capturing of security and dependability requirements of computing systems using formal expressions such as the linear temporal logic, the verification of security requirements and the derivation of specification and system designs from requirements.

Digital Forensics Analysis and Methods
Digital forensics can be defined as the art and science of applying computer science knowledge to aid the legal process. The main concern of a forensic analysis is to obtain digital evidence of illegal or fraudulent behaviour in a manner that preserves the quality of the evidence to stand defence in the court room. As in any forensic investigative process, investigating digital evidence may involve a number of phases, which include collecting, preserving, filtering and presenting the evidence. My interest in this area lies in combining classical security methods, such as security policies and security services, with digital forensics.