Managing risks in IoT applications – New PhD candidate at IOTAP


Joseph Bugeja

In August, Joseph Bugeja joined IOTAP as PhD candidate in computer science. His main research interest is to identify and manage risks in ”smart environments” like smart homes and buildings.

Joseph, what is your research interest?

My main research interests are in cyber security, spanning over privacy, access control, risk assessment, vulnerability identification and exploitation, secure software development, protocol analysis, and compliance. I have a special interest in applying information security models, software design patterns, and machine learning algorithms to identify and manage risks in Smart Environments and other Internet of Things (IoT) applications.

Why is there such a strong interest in IoT?

With surveys estimating that the number of connected devices will likely exceed several billion in the coming years, the IoT represents a major transformation that has the potential to affect everyone and every business. While more and more IoT applications are entering our daily lives, cyber security risks pertaining to IoT are increasing and mutating rapidly. Mundane objects, ranging from fridges to coffee machines, are ‘waking up’ and becoming aware of their spaces, sharing the information that they accumulate and processing information from outside sources in a multitude of different ways.

IoT is expected to bring economic and social benefits, such as improved health care, efficient use of resources, business innovations, and more. Along these potential benefits, the ubiquity and pervasiveness of IoT devices creates many new security and privacy dilemmas for citizens as well as government and business enterprises.

Smart devices could hold a digital trove of personal information about their users, detailing aspects about financial circumstances, religious preferences, health, and more. IoT devices gather frequent, often continuous, data from the real world, which is advantageous from an analytics point of view, but a user might not be comfortable with disclosing that data to a third party even if that data is not of a sensitive or confidential nature. With the sheer volume of data generated directly or indirectly by users of smart devices, there will be plenty of opportunities for attackers to monetize and exploit the data, leading to various security and privacy issues. Detailed personal information could be shared to insurance companies, employers, criminals, and other data brokers, without the user ever having the opportunity to notice, control and manage this dissemination.

The inclusion of security and privacy controls in the software development process has often been left as an afterthought at the eleventh hour exposing the user to unnecessary risks. With the advancement of IoT, many privacy and security questions are still left unanswered or are in their embryonic stage representing possibly critical risks that previously were not there.

Which IOTAP projects will you be involved in?

I will primarily be dedicated to studying the information security and privacy aspects within the context of the iSMASH project. This project involves Smart Homes, which represents a lucrative application area of the IoT that is increasingly gaining momentum. The Smart Homes area embodies an emerging digital battlefield for information security, posing serious challenges to researchers and companies alike to enhance consumer privacy and security. I will also be working on the CoSIS project, which entails intelligent surveillance systems. In this project, I will also be participating mostly from an information security and privacy perspective. Other ancillary work could also include researching different public and semi-public spaces.

Why did you want to come to Malmö University?

Having been in the industry for more than a decade and having worked on all Information Security domains, ranging from governance and risk management to software development security and compliance, I felt that I can leverage the on-the-ground experience gained in this sector to recognize limitations, formulate critical questions and help contribute to the advancement of knowledge in this field. Recognizing that the IoT will expand and change the security landscape significantly, I felt that dedicating myself fully to researching this dynamic field could contribute in diverse ways to ensuring that IoT evolves into a more secure place.

Malmö University, in particular the Department of Computer Science, happens to offer a doctoral position on Internet of Things and People (IOTAP) that is completely focused on the issues described above and it is also in close collaboration with the industry and public sector. Given all this, I did not have any hesitation in applying for this doctoral post. Sweden is also a pioneer in science and technology; it is the birthplace of many successful innovative companies, and it is also a very international and peaceful country with a beautiful countryside and a rich local culture. Weighing all this, I did not have any second thoughts in applying for this position.

Read more:

» White paper “A new framework for preventing XSS attacks” published in the Information Security Magazine

» The Hyperion Security Project, where Joseph contributes

» Contact Joseph Bugeja

Bookmark the permalink.

Comments are closed