Senior lecturer at the School of Computing, University of Portsmouth. I completed my Ph.D. degree in Computer Science from Dublin City University in 2003. Afterwards, I held several research positions at University College Cork, Imperial College London and Rutherford Appleton Laboratory in Oxford, before joining the University of Portsmouth in 2010.
My research in the field of computer and information security spans more than 20 years, and my research interests are focused on areas related to formal analysis of security properties, engineering secure network and IoT systems, security requirements at the engineering level, trust management and digital forensic analysis and formalisation. I have published over 100 articles, papers, reports and book chapters in these areas.
I am a member of several international working groups including the Cloud Computing Security Alliance, ERCIM Formal Methods for Industrial and Critical Systems, ERCIM Security and Trust Management and IFIP WG 11.3 on Data and Application Security and Privacy. I am also an Associate Editor of Wiley’s Security and Communications Networks (SCN) journal.
Security in the IoT and Software-defined Networking
The emergence of IoT and SDN systems has changed the computing landscape in recent years in a drastic manner bringing with it an unprecedented level of flexibility and complexity in how computing systems and networks can be designed, implemented, deployed and used. This means new challenges as more and more business applications rely on such systems. Particularly, in terms of issues such as security, privacy and dependability. In this area, my research is focused on understnading, at a fundamental scientific level, how these issues can be tackled to engineer more reliable and robust systems.
Security and Privacy Metrics and Datasets
With the ever increasing amount and variety of data generated by modern systems (often referred to as Big Data) and the tendency to advocate open datasets, it becomes important to deploy analysis methods, such as data mining, to understand the security and privacy implications of releasing data. Big data may also reflect the state of the systems that generate or release them. In this area, I am intersted in exploring analysis methods as well defining new metrics for measuring security and privacy.
Formal Specification of Security Properties
Computing systems that are risk-critical, such as components of avionic or defence systems, or cost-critical such as systems handling large-scale scientific experiments are required to have a high degree of security and reliability in the face of human error and external malicious intruders. Therefore, the use of robust formal methods, though expensive, is desirable in ensuring that such systems do not fail frequently and provide a minimum trustworthy behaviour for their users. My main interest here is the use of formal specification and analysis techniques in modelling and verifying critical systems and protocols. In particular, I am interested in analyses driven by security and privacy properties.
Requirement engineering is concerned with the analysis of the requirements of systems before the systems are designed or implemented. There are several requirements engineering methodologies, such as i*/Tropos and KAOS, which allow computer engineers to specify and analyse the requirements and properties of their to-build systems. My main research interests in this area are concerned with the capturing of security and dependability requirements of computing systems using formal expressions such as the linear temporal logic, the verification of security requirements and the derivation of specification and system designs from requirements.
Digital Forensics Analysis and Methods
Digital forensics can be defined as the art and science of applying computer science knowledge to aid the legal process. The main concern of a forensic analysis is to obtain digital evidence of illegal or fraudulent behaviour in a manner that preserves the quality of the evidence to stand defence in the court room. As in any forensic investigative process, investigating digital evidence may involve a number of phases, which include collecting, preserving, filtering and presenting the evidence. My interest in this area lies in combining classical security methods, such as security policies and security services, with digital forensics.