I have become very interested in software security engineering techniques and tools. This includes model-driven approaches to generating security solutions from high-level definitions, domain-specific languages to augment requirements and design notations to capture security properties and their cross-cutting impacts, and platform-level security including autonomic virtual machine monitoring and protection.

More details can be found off Mohamed Almorsy's home page here.

Models@Runtime-style Adaptive Software Security Support:

• Almorsy, M., Grundy, J.C., Ibrahim, A., Adaptable, Model-driven Security Engineering for SaaS Cloud-based Applications, Automated Software Engineering, Springer.

• -- Final publication available at http://link.springer.com DOI Author pre-published version PDF

Cloud Security Landscape Analysis:

• Ibrahim, A., Hamlyn-Harris, J. and Grundy, J.C., Emerging Security Challenges of Cloud Virtual Infrastructure, In Proceedings of the 2010 Asia Pacific Cloud Workshop 2010 (co-located with APSEC2010), Sydney, Nov 30 2010. PDF

• Almorsy, M., Grundy, J.C., and Mueller, I., An analysis of the cloud computing security problem, In Proceedings of the 2010 Asia Pacific Cloud Workshop 2010 (co-located with APSEC2010), Sydney, Nov 30 2010. PDF

Vulnerability analysis:

• Almorsy, M., Grundy, J.C. and Ibrahim, A., Automated Software Architecture Security Risk Analysis Using Formalized Signatures, 2013 IEEE/ACM International Conference on Software Engineering (ICSE 2013), San Franciso, May 2013, IEEE CS Press PDF

• Almorsy, M., Grundy, J.C. and Ibrahim, A. Supporting Automated Vulnerability Analysis using Formalized Vulnerability Signatures, 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Sept 3-7 2012, Essen, Germany, ACM Press PDF

Multi-tenancy security support:

• Almorsy, M., Grundy, J.C., Ibrahim, A., SMURF: Supporting Multi-tenancy Using Re-Aspects Framework, 17th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS 2012), Paris, France, July 2012, IEEE CS Press. PDF

• He, Q., Han, J., Yang, Y., Grundy, J.C., Jin, H., QoS-Driven Service Selection for Multi-Tenant SaaS, 5th IEEE Conference on Cloud Computing (Cloud 2012), IEEE CS Press, Waikiki, Hawai, USA, June 24-29 2012. PDF

• Almorsy, M. and Grundy, J.C. TOSSMA: A Tenant-Oriented SaaS Security Management Architecture, 5th IEEE Conference on Cloud Computing (CLOUD 2012), IEEE CS Press, Waikiki, Hawai, USA, June 24-29 2012. PDF

• Almorsy, M., Grundy, J.C. and Imbrahim, A. Collaboration-Based Cloud Computing Security Management Framework, In Proceedings of 2011 IEEE International Conference on Cloud Computing (CLOUD 2011), Washington DC, USA on 4 July – 9 July, 2011, IEEE. DOI PDF

IaaS Virtual Machine Monitoring and Protection:

• Ibrahim, A., Hamlyn-Harris, J., Grundy, J.C. and Almorsy, M., DIGGER: Identifying OS Kernel Objects for Run-time Security Analysis, International Journal on Internet and Distributed Computing Systems, vol 3, no. 1, January 2013, pp 184-194 PDF

• Ibrahim, A., Hamlyn-Harris, J., Grundy, J.C. and Almorsy, M., Supporting Operating System Kernel Data Disambiguation using Points-to Analysis, 27th IEEE/ACM International Conference on Automated Software Engineering (ASE 2012), Sept 3-7 2012, Essen, Germany, ACM Press. PDF

• Imbrahim, A., Hamlyn-Harris J., Grundy, J.C. and Almorsy, M., CloudSec: A Security Monitoring Appliance for Virtual Machines in the IaaS Cloud Model, In Proceedings of the 5th International Conference on Network and System Security (NCC 2011), Milan, Italy, September 5-7 2011, IEEE Press. DOI PDF