Cloud Security Verification
We design an architecture for the verification of infrastructure clouds with respect to security goals. How can automated tools tackle the complexity of cloud topology?
MORE INFO
Cloud topologies are complex!
Whereas ideal topologies of infrastructure clouds are usually shown in a well-ordered model, we discovered that actual production infrastructure have very complex topologies. How can we approach their complexity in tool-supported analysis?
MORE INFO
Infrastructure Cloud Information Flow Analysis
We pursue the information flow analysis of virtualized infrastructures by graph coloring. Analyzing VM connections, network and storage we ask: How can we discover isolation breaches hidden in the actual configuration?
MORE INFO
Smart Identity Card
European countries establish eID systems, while often debating the privacy benefits anonymous credential systems provide. Are these advanced systems feasible and efficient enough on a standard eID card?
MORE INFO
Information Security
Confidentiality, integrity and availability of information and information systems.
Applications of cryptography (e.g., anonymous credential systems) and formal methods (e.g., model checking).News: Position paper accepted at ACM DIS'12, Designing Wellbeing Workshop.
News: New slides on Attribute-based Credentials and Cloud Security.
Current Research: Cloud Security and Privacy
I'm Lecturer in Security, Privacy and Trust (Assistant Professor) at the Newcastle University. I'm a member of the Systems Research Group and the Centre for Cybercrime and Computer Security (CCCS).
Before that, I've been a tenured research scientist at the Information Security and Cryptography group of IBM Research - Zurich as well as IBM's Research Relationship Manager for Privacy.
Research Interests
- Information Security - Cloud security assurance and verification
[Cloud Security Verification] [Security Assurance for Virtualized Environments] - Identity & Privacy - in eID systems and social networks
[Smart Identity Card] [PET Crypto] [Identity 2.0] [Federated Identity Management] - Applied Rigorous Methods - Applications of cryptography (e.g., anonymous credentials) and formal methods (e.g., model checking applied to cloud topology or compositional reasoning).
- I love interdisciplinary work, in particular in relation of security and privacy to psychology, neurology and behavioral economics.
PhD Positions in Security and Privacy
Cloud Security Verification
We pursue the verification of security properties of infrastructure clouds. See talks at EU CSP'12 or ACM CCSW'11.
We consider two domains:
- Topology of the infrastructure, that is, how VMs, hosts, networks and storages are inter-connected, and
- Dynamics of re-configuration, that is, how administrators can change the topology and privileges with cloud operations.
- We compare the actual state of the configuration with a desired state specified in formal language.
Smart Identity Card
I've been leading an initiative to establish anonymous credential systems on electronic identity cards, more generally on the Java Card platform. We coined this Smart Identity Card, and contributed it to the FP7 EU project PrimeLife. Whereas we follow the same goal of strong authentication combined with privacy, the Java Card's trust model, limited access to crypto primitives and resource constraints make this a challenge. The system must be secure in face of untrusted terminals and, thus, cannot easily delegate computation to a more powerful device and still achieve practical response times with secure keys. Nevertheless, we were the first to establish a practical and autonomous anonymous credential system on a standard Java Card (on a JCOP 41/v2.2 to be precise).
Image Gallery
.png)
