Cyber-Safe Lab

Cyber security has become the cornerstone of maintaining human trust in digital technologies and ensuring the resilience of modern societies. The Cyber-Safe Lab is dedicated to advancing and disseminating cyber security knowledge, tools, and techniques for securing systems, processes, and emerging technologies. With a strong interdisciplinary foundation, the lab’s mission is to advance the design and development of secure systems while exploring new frontiers across critical cyber security domains. The lab also plays a key role in educating students and supporting professionals in both the theoretical and practical aspects of cyber security.

Services

• Knowledge and awareness dissemination
• Advanced cryptology, including design and implementation
• Vulnerability assessment and penetration testing
• Threat modelling, risk analysis, and security reviews
• Compliance and conformance assessments
• Consultation, including, but not limited to, the above topics

Key research topics

Cryptology: Cryptology entails the study and development of mathematical techniques to secure digital communication and data. Research in our lab spans both theoretical and applied aspects of encryption, decryption, digital signatures, and key management. We focus on cryptographic hash functions, secret key algorithms, message authentication codes, public key cryptography, postquantum cryptography, multi-party computation, and privacy-preserving data analysis.

Security by design: The lab is active in conducting research related to security engineering and software security, including, but not limited to, software vulnerabilities disclosure, model-driven security engineering, quantitative software security analysis and empirical software engineering, software ecosystems, software security design, including security design principles and patterns, among other related areas.

Compliance, regulations, and security assurance: The lab has extensive experience in cyber security regulations enacted by the European Union. Examples include the General Data Protection Regulation (GDPR), the second network and information security (NIS2) directive, the Cybersecurity Act (CSA), and the Cyber Resilience Act (CRA). Within this domain, the lab's work ranges from legal and policy analyses to security requirements imposed by law and cyber security governance. The work area interacts with the security engineering and software security branch.

OT-IT security: This research domain addresses cyber security challenges in critical infrastructure arising from the integration of operational technology (OT) and information technology (IT) systems. The lab conducts research on OT-IT network segmentation, infrastructure and protocols assessment, as well as providing guides on the adoption and deployment of Industrial IoT in critical infrastructures. The lab also adopts recent advances in digital twins (DT) and artificial intelligence (AI) to enhance OT-IT integration and ensure intrusion/anomaly detection.

Biometric security: The lab’s biometric security domain focuses on improving and protecting technologies that use physical or behavioral traits for authentication with emphasis on fingerprints and face. The lab is also dedicated to ensuring the security of the biometric template itself, given that biometric authentication is continuously replacing passwords and tokens. Key areas include liveness detection (preventing spoofing attacks), template protection based on cancelable biometrics or irreversible transformation, privacy concerns, and demographic bias mitigation. 

Cyber-security training: Despite its strong emphasis on cybersecurity training, the lab also focuses on developing educational materials to promote awareness across various domains. These efforts aim to enhance diversity and inclusion in cybersecurity education through workshops and outreach initiatives, create resources that help identify and understand common vulnerabilities, and ensure data privacy and protection through effective training and awareness strategies.