Securing the next wave of safety‑critical systems
We are living in an era that is witnessing tremendously fast-paced technological advancements. And more than often, our lives depend on these technologies. For example, today’s medical devices use machine learning/AI to deliver highly precise diagnoses and personalized treatments. Industrial systems leverage cloud services and AI for remote monitoring and control, while IoT devices stream massive volumes of real-time, privacy-sensitive data to power safety-critical operations.
While these innovations boost efficiency and convenience, security often takes a backseat. Many industries still retrofit legacy security measures onto these modern systems, assuming security measures that protected legacy systems are sufficient to protect their modernised versions as well. In doing so, they overlook the new risks created when modern technologies intersect with legacy infrastructure, leaving a far larger attack surface exposed. This oversight leaves critical systems vulnerable, offering adversaries new security gaps to exploit, and in the worst cases, can potentially endanger human lives.
In my research, I focus on identifying new security gaps that emerge when new technologies intersect with legacy infrastructure, assessing the feasibility of exploitation, understanding the potential impact if those gaps are exploited, and recommending practical countermeasures. During my PhD, I explored some of the (then) latest web technologies, such as the HTTP/2 protocol and Netflix’s interactive video streaming. In my Postdoctoral work, I leaned more toward safety‑critical systems, where the stakes are much higher, and the consequences of a breach can directly affect human lives. Such systems include ML-enabled medical devices, cloud-connected industrial control systems, and privacy-sensitive IoT applications.
In my research, I focus on identifying new security gaps that emerge when new technologies intersect with legacy infrastructure, assessing the feasibility of exploitation, understanding the potential impact if those gaps are exploited, and recommending practical countermeasures. During my PhD, I explored some of the (then) latest web technologies, such as the HTTP/2 protocol and Netflix’s interactive video streaming. In my Postdoctoral work, I leaned more toward safety‑critical systems, where the stakes are much higher, and the consequences of a breach can directly affect human lives. Such systems include ML-enabled medical devices, cloud-connected industrial control systems, and privacy-sensitive IoT applications.