Information Security.  This course provides an introduction to information security. It is designed to help students develop the foundations and skills necessary to understand the vulnerabilities and threats affecting the digital environment. Additionally, it aims to cover the methods and models used for the protection of important information. The course entails the following high-level content:

  • The Digital Environment
  • Objectives for Information Security
  • Models for Threat and Risk Analysis
  • Models for Information Security
  • Protection mechanisms and Security Policies
  • Ethical perspectives on Information Security

More information:


An Investigation of Vulnerabilities in Smart Connected Cameras

Joseph Bugeja, Désirée Jönsson, and Andreas Jacobsson

Abstract — The Internet of Things is enabling innovative services promising added convenience and value in various domains such as the smart home. Increasingly, households, office environments and cities, are being fitted with smart camera systems aimed to enhance the security of citizens. At the same time, several systems being deployed suffer from weak security implementations. Recognizing this, and to understand the extent of this situation, in this study we perform a global vulnerability assessment using the Shodan search engine and the Common Vulnerabilities and Exposures database. This is done to detect smart connected cameras exposed on the Internet alongside their sensitive, potentially private, data being broadcasted. Furthermore, we discuss whether the discovered data can be used to compromise the safety and privacy of individuals, and identify some mitigations that can be adopted. The results indicate that a significant number of smart cameras are indeed prone to diverse security and privacy vulnerabilities.

An Analysis of Malicious Threat Agents for the Smart Connected Home

Joseph Bugeja, Andreas Jacobsson, and Paul Davidsson

Abstract Smart connected home systems aim to enhance the comfort, convenience, security, entertainment, and health of the householders and their guests. Despite their advantages, their interconnected characteristics make smart home devices and services prone to various cybersecurity and privacy threats. In this paper, we analyze six classes of malicious threat agents for smart connected homes. We also identify four different motives and three distinct capability levels that can be used to group the different intruders. Based on this, we propose a new threat model that can be used for threat profiling. Both hypothetical and real-life examples of attacks are used throughout the paper. In reflecting on this work, we also observe motivations and agents that are not covered in standard agent taxonomies.

Full paper:

On Privacy and Security Challenges in Smart Connected Homes

Joseph Bugeja, Andreas Jacobsson, and Paul Davidsson

Abstract Smart homes have become increasingly popular for IoT products and services with a lot of promises for improving the quality of life of individuals. Nevertheless, the heterogeneous, dynamic, and Internet-connected nature of this environment adds new concerns as private data becomes accessible, often without the householders’ awareness. This accessibility alongside with the rising risks of data security and privacy breaches, makes smart home security a critical topic that deserves scrutiny. In this paper, we present an overview of the privacy and security challenges directed towards the smart home domain. We also identify constraints, evaluate solutions, and discuss a number of challenges and research issues where further investigation is required.

Full paper:

A Pragmatic, Policy Driven Framework for Protection Against Cross-Site Scripting

Joseph Bugeja and Geraint Price

Abstract — As many companies are still struggling to introduce security components such as antivirus, firewalls and spam filters, the security threat landscape has evolved into a much more sophisticated and dangerous environment questioning the effectiveness of traditional protection measures. Cross-Site Scripting (XSS) —according to OWASP—are the most “prevalent and pernicious” Web application security vulnerability. In this paper, we  describe XSS attacks and suggest ways how they can be mitigated.

Full paper:

Manuscripts Reviewed

  • International Journal of Information Security and Privacy
  • International Symposium on Intelligent Distributed Computing 
  • Future Generation Computer Systems