|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
I am a lecturer in the Information Security Group at Royal Holloway, University of London. I did my PhD in the School of Computer Science and Information Systems at Birkbeck, University of London under the supervision of Professor George Loizou. I still maintain close links with Birkbeck, where I am an Associate Research Fellow.
I am on the programme committees of SACMAT 2006, ESORICS 2006 and FMSE 2006, and the paper review committee of ACSAC 2006.
|
|
|
|
|
|
My research concentrates on role-based access control models, particularly role-based administration and separation of duty. I have developed a role-based administrative model based around the concept of administrative scope. In September 2004 I presented this work in the CERIAS Seminar Series at Purdue University. (The slides and video of the presentation are available.) My recent paper at CCS 2005 proved that there exist fundamental connections between my role-based administrative model and ARBAC97, developed by Professor Ravi Sandhu at George Mason University.
I have recently developed a scheme for the specification and enforcement of separation of duty constraints. This has been extended to the specification of constraints in workflow systems and the development of a role-based access control model for such systems. My most recent work in this area has focused on the problem of constraint satisfiability.
I am also interested in the use of antichains (sets of pairwise incomparable elements in a partially ordered set) for modelling certain types of access control policies. I proved in my PhD thesis that there exist two natural orderings on the set of antichains in a partially ordered set. I am currently working on a model for separation of duty policies, which extends work in my thesis and makes use of both orderings.
|
|
|
|
|
|
|
|
||||
|
|
||||
| Journal papers | |
| A logic of access control (with G. Loizou and G. O'Shea). The Computer Journal, 44(2), 137-149, 2001. | |
| Authorisation and antichains (with G. Loizou). Operating Systems Review, 35(3), 6-15, 2001. | |
| The completion of a poset in a lattice of antichains (with G. Loizou). International Mathematical Journal, 1(3), 223-238, 2001. | |
| Administrative scope: A foundation for role-based administrative models (with G. Loizou). ACM Transactions on Information and System Security, 6(2), 201-231, 2003. | |
| Access control in a distributed object environment using XML and roles (with H. Khambhammettu). South African Computer Journal, 31, 2-8, 2003. | |
| RGFGA: An efficient representation and crossover for grouping genetic algorithms (with S. Swift and A. Tucker). Evolutionary Computation, 13(4), 477-500, 2005. | |
| The interpretation and utility of three cohesion metrics for object-oriented design (with S. Counsell and S. Swift). ACM Transactions on Software Engineering and Methodology, 15(2), 123-149, 2006. | |
| Applying hierarchical and role-based access control to XML documents. To appear in Computer Science and System Engineering Journal. | |
| Conference papers | |
| Administrative scope and role hierarchy operations (with G. Loizou). In Proceedings of 7th ACM Symposium on Access Control Models and Technologies (SACMAT02), pages 145-154, 2002. | |
| Specifying and enforcing constraints in role-based access control. In Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT03), pages 43-50, 2003. | |
| Access control in a distributed object environment using XML and roles (with H. Khambhammettu). In Proceedings of 3rd Annual Information Security South Africa Conference (ISSA 2003), pages 75-87, 2003. | |
| On permissions, inheritance and role hierarchies. In Proceedings of 10th ACM Conference on Computer and Communications Security (CCS 2003), pages 85-92, 2003. | |
| Authorization and certificates: Are we pushing when we should be pulling (with H. Khambhammettu). In Proceedings of the IASTED International Conference on Communication, Network, and Information Security, pages 62-66, 2003. | |
| The consistency of task-based authorization constraints in workflow systems (with K. Tan and C. Gunter). In Proceedings of 17th IEEE Computer Security Foundations Workshop, pages 155-169, 2004. | |
| An algebraic approach to the analysis of constrained workflow systems. In Proceedings of 3rd Workshop on Foundations of Computer Security (FCS'04), pages 61-74, 2004. | |
| Applying hierarchical and role-based access control to XML documents. In Proceedings of ACM Workshop on Secure Web Services 2004, pages 41-50, 2004. | |
| A reference monitor for workflow systems with constrained task execution. In Proceedings of 10th ACM Symposium on Access Control Models and Technologies, pages 38-47, 2005. | |
| ICARUS: Intelligent coupon allocation for retailers using search (with A. Shi, S. Swift and A. Tucker). In Proceedings of 2005 IEEE Congress on Evolutionary Computation, pages 182-189, 2005. | |
| Understanding and developing role-based administrative models. In Proceedings of 12th ACM Conference on Computer and Communications Security, pages 158-167, 2005. | |
| Data structures for constraint enforcement in role-based systems (with H. Khambhammettu). In Proceedings of IASTED International Conference on Communication, Network and Information Security, pages 140-145, 2005. | |
| The secondary and approximate authorization model and its application to Bell-LaPadula policies (with W. Leung and K. Beznosov). In Proceedings of 11th ACM Symposium on Access Control Models and Technologies, 111-120, 2006. | |
| On key assignment for hierarchical access control (with K. Martin and P. Wild). In Proceedings of 19th Computer Security Foundations Workshop, pages 98-111, 2006. | |
| Discretionary and mandatory access controls for role-based administration. To appear in Proceedings of 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, 2006. | |
| Access control and authorization constraints for WS-BPEL (with E. Bertino and F. Paci). To appear in Proceedings of 2006 IEEE International Conference on Web Services, 2006. | |
| Delegation in role-based access control (with H. Khambhammettu). To appear in Proceedings of 11th European Symposium on Research in Computer Security, 2006. | |
| Book chapters | |
| Information security (with K. Paterson, F. Piper and M. Robshaw). In Handbook of Security, 358-379, 2006, Perpetuity Press. | |
| PhD thesis | |
| Authorization and Antichains, PhD Thesis, Birkbeck College, University of London, April 2002. |
|
| Technical reports | |
| Evaluating and improving access control (with G. Loizou and G. O'Shea). Technical report BBKCS-99-11, 1999. | |
| Conflict of interest policies: A general approach (with G. Loizou). Technical report BBKCS-00-07, 2000. | |
| Two partial orders on the set of antichains (with G. Loizou). Technical report BBKCS-00-09, 2000. | |
| The structural complexity of conflict of interest policies (with G. Loizou). Technical report BBKCS-00-13, 2000. | |
| SARBAC: A new model for role-based administration (with G. Loizou). Technical report BBKCS-02-09, 2002. | |
| On the satisfiability of constraints in workflow systems. Technical report RHUL-MA-2004-1, 2004. | |
| Understanding and developing role-based administrative models. Technical report RHUL-MA-2005-6, 2005. | |
| Miscellaneous | |
| XML, Information Security Technical Report, 9(3), September 2004. (Editor) | |
| Web Services, Information Security Technical Report, 10(1), March 2005. (Editor) | |
Several other technical reports dating from my days at Birkbeck can be found here.
|
|
|
|
|
|
My office hours are 10:00 - 12:00 and 14:00 - 16:00 every Tuesday, although I will not necessarily be in the office if I have no meetings arranged. I am also happy to arrange meetings outside my office hours. Please e-mail me first to arrange an appointment if you want to see me.
| e-Mail address |
|
||
| Postal address |
Information Security Group Royal Holloway, University of London Egham Surrey TW20 0EX |
||
| Office phone | +44 (0)1784 443117 | ||
| Departmental fax | +44 (0)1784 430766 |
| Top of page |