Research Overview
There is an ever-growing need to assure the security of critical software-dependent systems, and the information that they use, store, and communicate, in the face of cyber-attacks and failures. As systems grow larger and more complex they invariably become more susceptible to an array of unforeseen security vulnerabilities. Security should therefore be considered at all stages of their development. The current approach of having security retrofitted or "bolted-on" to the systems that we build is not sufficient. Instead, we need to consider the increasingly critical security requirements for these systems and design them with security "baked-in" so that the evidentiary basis for security assurance can be generated and reasoned about alongside the system it supports. This presents a range of complex challenges. My research is motivated by the need for the advancement of rigorous and practical approaches to address increasingly critical issues in designing, implementing, evaluating, and assuring the safe, secure, and reliable operation of software-dependent systems. To this end, I conduct research that spans the areas of cybersecurity, software engineering, distributed systems, and formal specification and verification. I am interested in exploring new ideas, techniques, and tools that can support cybersecurity evaluation and assurance activities and advance security-by-design approaches leading to improved system security and higher system confidence.
Areas of Application
I am focused on applying these approaches in a variety of applications areas including, but not limited to, critical infrastructure (e.g., maritime port systems and operations, smart energy grids/infrastructures), IoT-enabled eHealth, industrial control systems, and more.
Research Interests, Areas, and Themes
Cybersecurity Evaluation and Assurance & Security-By-Design
My primary research interest is in developing cybersecurity evaluation and assurance solutions for a broad range of software-dependent systems. I believe there are important research opportunities in studying the challenges and critical issues in designing and implementing safe, secure, and reliable software-dependent systems within a variety of emerging and pervasive application areas, including but not limited to critical infrastructure (e.g., maritime port systems and operations, smart energy grids/infrastructures), the Internet of Things (IoT), cyber-physical systems, and more. I am especially interested in developing methods, techniques, and tools for performing automated analyses of these large and complex systems to obtain actionable information that can be used to establish—at early stages of system development—verifiable evidence and sound argumentation demonstrating that the system operates at a level of security commensurate with the potential risks and associated losses incurred if the system experiences an attack or failure.
Formal Methods
I am an advocate for the development and adoption of formal methods for the specification and verification of software-dependent systems. In particular, I am interested in studying and developing theory and applications for algebraic approaches, methods, and techniques for developing systems with high standards of safety, security, and reliability whenever such approaches can be demonstrably effective.
Software Engineering
I have a broad interest in software engineering, including requirements engineering and model-based development approaches. More specifically, I am interested in developing new ideas, techniques, and tools for establishing software architectures, design patterns, and middleware that aid in the design and implementation of safe, secure, and reliable systems.
Distributed Multi-Agent Systems
I believe that exploring the interplay between the communicating and concurrent behaviour and the knowledge of agents in distributed systems through modelling and simulation can offer a number of important research opportunities. Particularly, I am interested in addressing the challenges in developing mathematical frameworks to support reasoning about agent behaviour and agent knowledge in these systems. I am interested in investigating the application of such frameworks in a variety of application areas, and in developing intrinsically resilient systems through the identification, analysis, and mitigation of security vulnerabilities, such as implicit component interactions.
Covert Communication Channels
I am interested in the modelling, detection, construction, and mitigation of covert communication channels. In particular, I am interested in developing a complete theory of covert channel communication that can advance the current understanding of covert channels, and serve as the basis for developing effective and efficient mechanisms for strengthening the designs of systems so that they are more robust against covert channels.