Research

It is often the case that information security researchers attempt to design systems, which at a theoretical level perform well, but they suffer from a number of limitations when taking the underlying characteristics of their operational platforms into account. If a system or a product is to be considered secure, it is necessary, but not sufficient, for the design to be theoretically sound; however, the implementation of the design is also vitally important, as attackers will target the weakest links and the most easily accessible parts of a system. Therefore, one of the main objectives of my multidisciplinary research is to bridge the gap between information security theory and practice, particularly for smart cards, IoTs, RFIDs, mobile devices, embedded systems, smart contracts, avionics and drones, cyber-physical interfaces, and cloud execution environments. There is a strong potential for research impact in these areas; in particular from the growing interest around interconnected devices (IoT and industrial control systems), Critical National Infrastructure, and vehicular and avionics security. More recently, my research involves memory controller attacks and countermeasures along with micro-architectural attacks, building automated fuzzing framework for ARM IoT devices, and mobile phone forensics.