My early security research explored problems in multilevel security and non-interference. Much of this research focussed on capturing and verifying mandatory-security requirements in terms of information-flow semantics and models. In more recent years my research has diversified, with results covering topics that include security properties, security risk management, security configuration, trust and distributed security and socio-technical security.

Some recent and ongoing projects