I am an Associate Professor, Teaching Stream in the Department of Computer and Mathematical Sciences at University of Toronto Scarborough. I teach courses in computer security, web development and entrepreneurship. My research interest focuses on computer security including web security and language-based security.
Prior to joining to the University of Toronto in 2017, I was 9 years at Carnegie Mellon University Qatar as a Postdoc at first and then as an Assistant Teaching Professor.
Undergraduate - University of Toronto Scarborough
Undergraduate - Carnegie Mellon University Qatar
Executive Education - Carnegie Mellon University Qatar
Postgraduate - Telecom-Bretagne, France
- Web security
- Language-based security
- Access control, usage control and information flow in distributed systems
- Data-mining for security
This research project is supported by the Qatar National Research Fund (QNRF)
Selected PublicationsSee the complete list of publications on Google Scholar.
- Carnegie Mellon Qatar Hackathon (CarnegieApps 2013 and 2014)
- Publication Chair for IFIP International Information Security and Privacy (SEC'14)
- Local Arrangement Chair for the International Conference on Logic for Programming, Artificial Intelligence and Reasoning (LPAR'08)
- Local Arrangement Chair for the Asian Computing Science Conference (ASIAN'07)
- Modeling and Analysis of Information Security (MAIS’2014)
- Advanced Intrusion Detection and Prevention Workshop (AIDP'14)
- IFIP International Information Security and Privacy (SEC'16, SEC'15, SEC'14)
- IEEE Annual Conference on Privacy, Security and Trust (PST'13, 12)
- IEEE Conference on Risks and Security of Internet and Systems (CRISIS'13, 12, 11, 10)
- Workshop on Autonomous and Spontaneous Security (SETOP'13, 12, 11, 10, 09)
- Workshop on Data Privacy Management (DPM'10, 09)
- Open Web Application Security Project (OWASP) Qatar chapter meeting in Doha, June 2012
- 6th INTERPOL’s Group meeting – MENA Region conference in Doha, March 2012
- Hackathon for the Social Good in the Arab World in Abu Dhabi, UAE, October 2011
- Gulf Programming Competition (GPC) member of the Steering Committee (2012-2016)
- Open Web Application Security Project (OWASP) Qatar chapter member (2007-2016)
- See the "Ph.D Overview" and "Previous Teaching" sections for more details.
- Cooperative Intrusion Detection Framework.
- Management of the technical documentation
- Development of the information system
- See "Ph.D" section for more details
- DEA PS (Diplôme d'Etude Approfondie en Programmation et Systèmes)
- Maitrise d'Informatique
- License d'Informatique
- DEUG MIAS (Diplôme D'Etude Universitaire Général en Mathématiques, Informatique et Applications aux Sciences)
- Access Control Models and Architectures
- Usage control, Provisional Authorizations and Obligations
- Digital Rights Management, Rights Expression Languages and Trusted Computing
- Specific Access Control Models for XML documents
An Information System (IS) is an interconnection of resources including users, data and methods organized to collect, process, and transmit these data. The evolution of IS brings new security requirements that existing access control languages and models fail to support. In this thesis, we introduce new concepts that go beyond access control and we propose a security framework able to deal with these concepts. In the first part of this work, we introduce the concepts of contextual access control, usage control and obligations. In the second part of the work, we study security requirements when IS interacts with others. In this perspective, Digital Rights Management systems (DRM) bring interesting concepts. We propose two new models called FORM and OPA that open the scope of DRM. The Federated Rights Expression Model (FORM) provides adequate mechanisms to control any kind of content such as user identities, methods and data. The Onion Policy Administration Model (OPA) is a super-distribution model that aims at controlling the distribution of a content. In the last part of the work, we study XML rights expression models. Since information is more structured with XML, it is necessary to restrict the access to some confidential information. We propose a fine-grained access control model for XML documents that focuses on preventing from non-disclosure of information carried by meta-data themselves and from the relationship between these data. This thesis opens new perspectives on the security management of digital contents in heterogeneous and highly distributed information systems.