I am hiring!

Interested in doing research on System security, Internet of Things, trust technology or web security? Then please send me an e-mail. I am always looking for good candidates for PhD, junior or senior researcher and also as a professor.

Find more info about our new results on behavioural biometrics here.

Find more info about the CINI Cyber Security National Lab i am involved with, by clicking on its logo Cyber Security National Lab .

Applications to the CyberChallenge CTF 2024 are open.


  • Dec 2023
    Our paper OAuth 2.0 Redirect URI Validation Falls Short, Literally" has been presented at ACSAC 2023 by Elsevier.
  • July 2023
    Our paper AppBox: A Black-Box Application Sandboxing Technique for Mobile App Management Solutions" has been presented at IEEE ISCC 2023.
  • Feb. 2023
    Our paper "A Survey of Human-Computer Interaction (HCI) & Natural Habits-based Behavioural Biometric Modalities for User Recognition Schemes" has been accepted at Pattern Recognition Journal published by Elsevier.
  • Dec. 2022
    Our paper "AI-enabled IoT Penetration Testing: State-of-the-art and Research Challenges" has been accepted at Enterprise Information Systems Journal published by Taylor & Francis.

  • link on the name of the project you are interested


    MOSES is a modified version of AndroidOS that supports Bring Your Own Device (BYOD) applications. It allows the creation of secure containers, via sofwtare, on which different profiles can run regulated by configuarable fine-grained security policies. Two video showing how MOSES works can be found here.


    CRêPE (Context-Related Policy Enforcement) is a modified version of AndroidOS that support contexts, both logical and physical defined contexts. Also, it supports efficient context-related policy enforcement on mobile platforms. A context-related policy is a policy which enforcing requires the awareness of the user/device context.


    Trishul is a system primarily designed to enforce policies associated with data/information. While most of existing IFC enforcement systems associate IFC policies to applications, we associate them to data. Thus an information flow control policy can be enforced by any application dealing with that piece of data. At the core of the architecture is a Java Virtual Machine (JVM) implementation that supports information flow control. Trishul addresses direct and implicit flows plus a new indirect way of leaking information we pointed out in a related publication.


    Turtle F2F is a free and open source anonymous peer-to-peer network project facilitating free speech and sharing information by combining encryption with peer-to-peer (P2P) technology. Like no other anonymous P2P software, it allows users to share files and otherwise communicate without fear of legal sanctions or censorship. The basic idea behind Turtle is to build a P2P overlay on top of pre-existing trust relationships among Turtle users. Each user acts as node in the overlay by running a copy of the Turtle client software. Unlike existing P2P networks, Turtle does not allow arbitrary nodes to connect and exchange information. Instead, each user establishes secure and authenticated channels with a limited number of other nodes/friends controlled by people he or she trusts (friends). There is also a wikipage dedicated to the project. Turtle F2F inspired also a more professional implementation of the system, called RetroShare that has a relatively enthusiast community of users mainly in France.

    RFID Guardian

    the RFID Guardian: a mobile battery-powered device that offers personal RFID security and privacy management. The main focus of our project is to create an industry standard, open source, RFID security product based on our current RFID Guardian. The HW and SW specifications can be found here. While a video describing the whole project can be found here.