Security in Convoluted Systems
I'm an educator, researcher and consultant in cyber security. I was previously a professor at Department of Information Security and Communication Technology at NTNU, a Directeur de Recherche/Directeur d'études at Institut Mines-Télécom/ IMT Atlantique and a Statutory Lecturer in Computer Science at University College Cork.
My research interest lies in the development of robust techniques for security in contemporary systems. These systems are convoluted arrangements of frameworks, software stacks, services, business processes, humans and more. It is in this complexity, that mistakes are often made and that security threats emerge. Interests include distributed system security, trust, security risk management and socio-technical security. I've served on the editorial boards of the Journal of Computer Security and the International Journal of Information Privacy, Security and Integrity; and a past PC chair of DBSec ESORICS, NSPW and CSF.
Recent Publications
- Hallett, J., Foley, S. N., Manda, D., Gardiner, J., Jonckers, D., Joosen, W., & Rashid, A. (2022). Threat-Driven Dynamic Security Policies for Cyber-Physical Infrastructures. In Critical Information Infrastructures Security - 17th International Conference, CRITIS 2022, Munich, Germany, September 14-16, 2022, Revised Selected Papers (Vol. 13723, pp. 9–26). Springer. Retrieved from https://simonnfoley.github.io/pubs/critis2022.pdf [link]
- Khan, M. I., Foley, S. N., & O’Sullivan, B. (2020). Towards Privacy-anomaly Detection: Discovering Correlation between Privacy and Security-anomalies. In E. M. Shakshuki & A.-U.-H. Yasar (Eds.), The 17th International Conference on Mobile Systems and Pervasive Computing (MobiSPC 2020) / The 15th International Conference on Future Networks and Communications (FNC-2020) / The 10th International Conference on Sustainable Energy Information Technology, Leuven, Belgium, August 9-12, 2020 (Vol. 175, pp. 331–339). Elsevier. https://doi.org/10.1016/j.procs.2020.07.048 [link]
- M.I. Khan, S. N. F., & O’Sullivan, B. (2020). Quantitatively Measuring Privacy in Interactive Query Settings Within RDBMS Framework. Frontiers of Big Data: Cybersecurity and Privacy. Retrieved from https://doi.org/10.3389/fdata.2020.00011 [link]
- Kahn, I. M., Foley, S. N., & O’Sullivan, B. (2019). Computing the Identification Capability of SQL Queries for Privacy Comparison. In Proceedings 5th ACM International Workshop on Security and Privacy Analytics (IWSPA@CODASPY 2019). ACM press.
- M.I. Kahn, B. O. S., S.N. Foley. (2019). PriDe: A Quantitative Measure of Privacy- Loss in Interactive Querying Settings. In 10th IFIP International Conference on New Technologies, Mobility and Security.
- Foley, S. N., & Rooney, V. M. (2019). Social Constructionism in security protocols: A position on human experience, psychology and security. In Proceedings of the 27th International Workshop on Security Protocols, in press. Springer LNCS. Retrieved from https://simonnfoley.github.io/pubs/spw2019.pdf [link]
- Foley, S. N., & Rooney, V. M. (2019). Social Constructionism in security protocols: Transcript of discussion. In Proceedings of the 27th International Workshop on Security Protocols, in press. Springer LNCS. Retrieved from https://simonnfoley.github.io/pubs/spw2019t.pdf [link]
- Cledel, T., Foley, S. N., Cuppens, N., Cuppens, F., Dubois, F., Laarouchi, Y., & Comte, G. L. (2018). Towards the evaluation of end-to-end resilience through external consistency. In In proceedings 10th International Symposium on Cyberspace Safety and Security (CSS). Springer LNCS 11161.
- Bourget, E., Cuppens, F., Cuppens-Boulahia, N., Dubus, S., Foley, S. N., & Laarouchi, Y. (2018). Probabilistic Event Graph to Model Safety and Security for Diagnosis Purposes. In Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, 2018, Proceedings (pp. 38–47).
- Neville, U. M., & Foley, S. N. (2018). Reasoning About Firewall Policies Through Refinement and Composition. Journal of Computer Security, 26(2), 207–254. Retrieved from https://simonnfoley.github.io/pubs/jcs2018.pdf [link]
- Rooney, V. M., & Foley, S. N. (2018). An online consent maturity model: moving from acceptable use towards ethical practice. In New Security Paradigms Workshop (NSPW 2018). ACM press. Retrieved from https://simonnfoley.github.io/pubs/nspw2018.pdf [link]
- Foley, S. N., & Rooney, V. M. (2018). A Grounded Theory approach to security policy elicitation. Information and Computer Security Journal, 26(4), 454–471. https://doi.org/10.1108/ICS-12-2017-0086 [link]
- Rooney, V. M., & Foley, S. N. (2018). What you can change and what you can’t: human experience in computer network defenses. In In proceedings Nordic Conference on Secure IT Systems. Springer LNCS 11252. Retrieved from https://simonnfoley.github.io/pubs/nordsec2018.pdf [link]
- Foley, S. N., Autrel, F., Bourget, E., Cledel, T., Gruenwald, S., Rubio-Hernan, J., … Vanhulst, K. (2018). Science hackathons for cyber-physical system security research: Putting CPS testbed platforms to good use. In In proceedings ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC at ACM CCS). ACM press. Retrieved from https://simonnfoley.github.io/pubs/acmCPSSPC.pdf [link]
- Kahn, I. M., O’Sullivan, B., & Foley, S. N. (2018). Towards Modelling Insiders Behaviour as Rare Behaviour to Detect Malicious RDBMS Access. In In proceedings of Workshop on Big Data Analytic for Cyber Crime Investigation and Prevention @ BigData 2018. IEEE Press.
- Pieczul, O., Foley, S. N., & Zurko, M. E. (2017). Developer-centered security and the symmetry of ignorance. In New Security Paradigms Workshop (NSPW 2017). Retrieved from https://simonnfoley.github.io/pubs/nspw2017.pdf [link]
- Foley, S. N. (2017). Getting security objectives wrong: a cautionary tale of an Industrial Control System. In International Workshop on Security Protocols. Retrieved from https://simonnfoley.github.io/pubs/spw2017.pdf [link]
- Rooney, V. M., & Foley, S. N. (2017). What users want: adapting qualitative research methods to security policy requirements elicitation. In Proceedings of the International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017. Retrieved from https://simonnfoley.github.io/pubs/secpre2017.pdf [link]
- Kahn, M. I., O’Sullivan, B., & Foley, S. N. (2017). A semantic approach to frequency based anomaly detection of insider access in database management systems. In International Conference on Risks and Security of Internet and Systems.
- Kahn, M. I., Foley, S. N., & O’Sullivan, B. (2017). On database intrusion detection: Query analytics based model of normative behavior to detect insider attacks. In 7th International Conference on Communication and Network Security.
- Kahn, M. I., & Foley, S. N. (2016). Detecting anomalous behavior in DBMS logs. In International Conference on Risks and Security of Internet and Systems (CRiSIS2016).
- Neville, U., & Foley, S. N. (2016). Reasoning About Firewall Policies Through Refinement and Composition. In IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec2016). Retrieved from https://simonnfoley.github.io/pubs/dbsec2016-FW.pdf [link]
- Pieczul, O., & Foley, S. N. (2016). Runtime detection of zero-day vulnerability exploits in contemporary software systems. In IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec2016). Retrieved from https://simonnfoley.github.io/pubs/dbsec2016-struts.pdf [link]
- Pieczul, O., & Foley, S. N. (2016). The evolution of a security control. In International Workshop on Security Protocols, to appear. Retrieved from https://simonnfoley.github.io/pubs/secprot2016.pdf [link]