Traditional identity based computer security is based on the assumption that interactions are governed by a common set of social, moral or legal laws that can be effectively enforced. However, emerging open and highly dynamic computing environments, such as cloud computing, pervasive computing or mobile ad-hoc networks, challenge this assumption, because identity conveys no a priori information about the likely behaviour of another principal when the fundamental laws cannot be effectively enforced, e.g., when the other principal is located in a different legal jurisdiction. Moreover, identity based security mechanisms cannot authorise an operation without authenticating the other party, which means that no interactions can take place unless both parties are known to each others' authentication framework. In view of the failure to establish a common public key infrastructure (PKI) during the past decades, it appears highly unlikely that a global authentication infrastructure will emerge within the foreseeable future. It is therefore necessary to develop new ways to secure interactions in open dynamic systems, which do not rely exclusively on the authenticated identity of the interacting parties.
I am currently involved in research in two areas: Computer Security and Distributed Systems. My current research focuses on security in pervasive computing, particularly on the development of models, policies and mechanisms to support secure collaboration in open dynamic systems, such as pervasive computing environments, sensor networks and the Internet. I am particularly interested in the problem of securing interactions between parties who do not necessarily share a common security infrastructure, e.g., sharing resources and information in open smart environments, across multiple organizations or across the Internet.
I believe that the utility of new security models or the expressiveness of new abstractions for specifying security policies can only be validated through real life experiments, i.e., it is generally necessary to develop the fundamental mechanisms and infrastructure needed to support the proposed models and policy languages . It is my experience that such experiments provide valuable experience and insights that facilitates further development of both security models and abstractions for specifying security policies. Moreover, practical experiments generally help understand the full impact and possible limitations of the proposed security model, policies and mechanisms.
My research methodology is therefore to a large degree based on empirical work, where the proposed models, policies and mechanisms are implemented to provide proof of concept and allow validation of the main research proposal.
I have been involved with a number of projects, both large scale projects funded by the European Union or national funding bodies, and smaller projects, mostly unfunded, that have been executed in collaboration with local industry or simply with one or more students, e.g. as M.Sc. Thesis projects. An overview of these projects is presented on my projects page.
A list of my publications is available from my Publications Page.