I'm a directeur de recherche (Cybersecurity)/Directeur d'études at Institut Mines-Télécom/IMT Atlantique (formerly Telecom Bretagne) in Rennes, France. I was previously a Statutory Lecturer in Computer Science at University College Cork.

My research interests include distributed/network access controls, trust, security analysis, security risk management, cyber-physical security and user-experience. I'm on the editorial boards of the Journal of Computer Security and the International Journal of Information Privacy, Security and Integrity; PC Chair of the 2019 IFIP WG 11.3 Conference of Data and Applications Security (DBSec) and a past PC chair of ESORICS, NSPW and CSF.

My current PhD students are Imran Khan (UCC), Thomas Cledel (IMT), Edwin Bourget (IMT), Raphaël Larsen (IMT) and post-doc researcher Vivien Rooney (IMT). PhD and postdoc alumni from my old security group in Cork include Thomas Quillinan, Hongbin Zhou, Barry Mulcahy, Wayne Mac Adams, William Fitzgerald, Olgierd Pieczul, Ultan Neville, Fatih Turkmen, Jonathan Petit and Benyamin Aziz.

Recent Publications

  • Foley, S. N., & Rooney, V. M. (2018). A Grounded Theory approach to security policy elicitation. Information and Computer Security Journal, in Press.
  • Neville, U. M., & Foley, S. N. (2018). Reasoning About Firewall Policies Through Refinement and Composition. Journal of Computer Security, 26(2), 207–254. Retrieved from http://simonfoley.org/pubs/jcs2018.pdf [link]
  • Rooney, V. M., & Foley, S. N. (2018). On online consent maturity model: moving from acceptable use towards ethical practice. In New Security Paradigms Workshop (NSPW 2018). ACM press. Retrieved from http://simonfoley.org/pubs/nspw2018.pdf [link]
  • Bourget, E., Cuppens, F., Cuppens-Boulahia, N., Dubus, S., Foley, S. N., & Laarouchi, Y. (2018). Probabilistic Event Graph to Model Safety and Security for Diagnosis Purposes. In Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Bergamo, Italy, July 16-18, 2018, Proceedings (pp. 38–47). https://doi.org/10.1007/978-3-319-95729-6_3 [link]
  • Rooney, V. M., & Foley, S. N. (2018). What you can change and what you can’t: human experience in computer network defenses. In In proceedings Nordic Conference on Secure IT Systems. Springer LNCS 11252.
  • Foley, S. N., Autrel, F., Bourget, E., Cledel, T., Gruenwald, S., Rubio-Hernan, J., … Vanhulst, K. (2018). Science hackathons for cyber-physical system security research: Putting CPS testbed platforms to good use. In In proceedings ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC at ACM CCS). ACM press. Retrieved from http://simonfoley.org/pubs/acmCPSSPC.pdf [link]
  • Cledel, T., Foley, S. N., Cuppens, N., Cuppens, F., Dubois, F., Laarouchi, Y., & Comte, G. L. (2018). Towards the evaluation of end-to-end resilience through external consistency. In In proceedings 10th International Symposium on Cyberspace Safety and Security (CSS). Springer LNCS 11161.
  • Foley, S. N. (2017). Getting security objectives wrong: a cautionary tale of an Industrial Control System. In International Workshop on Security Protocols. Retrieved from http://simonfoley.org/pubs/spw2017.pdf [link]
  • Pieczul, O., Foley, S. N., & Zurko, M. E. (2017). Developer-centered security and the symmetry of ignorance. In New Security Paradigms Workshop (NSPW 2017). Retrieved from http://simonfoley.org/pubs/nspw2017.pdf [link]
  • Rooney, V. M., & Foley, S. N. (2017). What users want: adapting qualitative research methods to security policy requirements elicitation. In Proceedings of the International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017. Retrieved from http://simonfoley.org/pubs/secpre2017.pdf [link]
  • Kahn, M. I., O’Sullivan, B., & Foley, S. N. (2017). A semantic approach to frequency based anomaly detection of insider access in database management systems. In International Conference on Risks and Security of Internet and Systems.
  • Kahn, M. I., Foley, S. N., & O’Sullivan, B. (2017). On database intrusion detection: Query analytics based model of normative behavior to detect insider attacks. In 7th International Conference on Communication and Network Security.
  • Kahn, M. I., & Foley, S. N. (2016). Detecting anomalous behavior in DBMS logs. In International Conference on Risks and Security of Internet and Systems (CRiSIS2016).
  • Neville, U., & Foley, S. N. (2016). Reasoning About Firewall Policies Through Refinement and Composition. In IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec2016). Retrieved from http://simonfoley.org/pubs/dbsec2016-FW.pdf [link]
  • Pieczul, O., & Foley, S. N. (2016). Runtime detection of zero-day vulnerability exploits in contemporary software systems. In IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec2016). Retrieved from http://simonfoley.org/pubs/dbsec2016-struts.pdf [link]
  • Pieczul, O., & Foley, S. N. (2016). The evolution of a security control. In International Workshop on Security Protocols, to appear. Retrieved from http://simonfoley.org/pubs/secprot2016.pdf [link]