Our research aims to engineer adaptive systems that continue to satisfy their security and privacy requirements and that are forensically ready. We study cyber security, privacy, and digital forensics in the context of systems’ social or business environment. Our aim is to exploit, support, or mitigate the interplay between security technologies and human behaviour.

Another topic of our research is concerned with the development of service-based systems in which we have proposed a UML-based approach to support design of service compositions based on the discovery and use of available services. This work has also been extended to support proactive and reactive discovery and replacement of services during runtime of service compositions due to unavailability or malfunctioning of participating services; changes in the structure, functionality, quality, or context of participating services; changes in the context of the application that uses a service; or availability of “better” services.

We have also developed techniques to support the identification of “good” and “bad” services and have proposed a framework for trustworthy services (Google Academic Research Award). Another area of our research is concerned with trust management in cloud computing based on opinion models (EU-FP7 OPTIMIS project).

Our research projects include: Adaptive Security and Privacy (ERC), Adaptive Information Security (QNRF), Privacy Dynamics (EPSRC), and Monetize Me (EPSRC), which are multi-disciplinary collaborations between software engineering, social psychology, business, and law.