PhD, MSc, BSc, PGCert, MIEEE
Faculty of Architecture, Computing and Humanities
University of Greenwich
Old Royal Naval College, SE10 9LS, UK
email: e.panaousis (at) gre.ac.uk
I am an Associate Professor in Cyber Security and member of the IoT and Security (ISEC) research group.
Expertise: My core expertise is on cyber security strategy and privacy challenges. I employ mathematical modelling, optimisation and game theory to investigate strategic behaviours of defenders and attackers. My work derives optimal responses through novel theoretic models and development of corresponding decision support tools instantiated in realistic case studies. Towards the identification of robust defences against adversarial behaviour, my research also focuses on identifying current security levels, cybersecurity and privacy threats and vulnerabilities, as well as costs and benefits of different defending strategies (cyber controls, configurations and decisions). Benefitting from robust mathematical optimisation and game theoretic approaches, I compute optimal combinations of the available defending strategies to maximise the Utility of the Defender. In addition, I have expertise in network security innovations in areas such as anomaly-based intrusion detection and secure peer-to-peer communications. As a principal investigator and work package leader in several international research projects, I am collaborating with end user organisations in healthcare, power grid and insurance, as well as large businesses and SMEs and researchers from other disciplines (e.g. economics). I am also collaborating with a number of academics outside the UK and have built an international profile in the application of strategic thinking to cybersecurity and privacy.
Research positions and PhD supervision: I am actively seeking talented R&D engineers (postdoctoral researchers, software developers, graduate students with potential to pursue a PhD). Interested candidates, please email me with a copy of their CV and a cover letter.
Funding: Through successful research and development bids I have secured approximately £1M fund and contributed to another £1M, as detailed here.
Previous studies and experience: I have received the BSc degree in Informatics and Telecommunications from University of Athens, Greece, in 2006 and the MSc degree in Computer Science from Athens University of Economics and Business, Greece in 2008, and PhD degree in Mobile Communications Security from Kingston University London, UK in 2012. Prior to the University of Greenwich, I was a Senior Lecturer in Secure Systems at the University of Surrey and member of the Surrey Centre for Cyber Security (SCCS). I was also a Senior Lecturer of Cybersecurity and Privacy at the University of Brighton; invited researcher at Imperial College; postdoctoral researcher at Queen Mary University of London; and a Research and development consultant at Ubitech Technologies Ltd in the Surrey Research Park.
Teaching and project supervision: I teach Information Security in year 2. I am interested in supervising final year projects in the field of cyber.
Activities: After I successfully organised the 6th Conference on Decision and Game Theory for Security (GameSec 2015) in London, I served as the Technical Program Committee Chair (jointly with Tansu Alpcan, University of Melborune) of GameSec 2016 (7th Conference on Decision and Game Theory for Security). Gamesec is a small high quality peer-reviewed annual conference. It attracts original submissions in the area of analytical security and privacy with an emphasis on game and decision theory. I am also a reviewer for leading journals by the ACM, IEEE, Elsevier, registered expert with the European Commission and EPSRC reviewer. I have served as a guest-editors of special issues, as detailed here here. In addition, I have several years of expertise in preparing EU bids and have secured funds through successful FP7 and H2020 proposals.
Internet-of-Things Security and
in information and communication technologies and embedded
systems are the major reasons for the proliferation of the
Internet of Things (IoT). However, security and privacy issues
are a growing concern for consumers and manufacturers of IoT
technologies. I am investigating novel methodologies and models
that will guarantee the highest possible levels of protection
of users' data and devices in presence of different security
and privacy threats.
Security and Privacy Games.
"Game theory was developed to facilitate decision making
in the Cold War. The problems of cyber security are also
complex and adversarial. So why is game theory not a
standard tool of cyber security?"
Game theory can answer the question regarding how the defender
will react to the attacker, and vice versa, in cyber security
and privacy. The strategic interaction between them is captured
by a two-player game in which each player attempts to maximize
his or her own interests. The attacker’s strategy depends
heavily on the defender’s actions and vice versa. Thus, the
effectiveness of a defense mechanism relies on both of the
defender’s and attacker’s strategic behaviors. Using a
game-theoretic approach, tactical analysis is performed to
investigate the attack from a single node or multiple nodes.
Hence, game theory is useful to investigate the strategic
decision-making situations of the defender and/or to analyze
of the attackers. Besides Shannon’s maxim states "One ought to
design systems under the assumption that the enemy will
immediately gain full familiarity with them."
Security Economics. When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber
security investment challenge and this is considered as part of the Economics of Security field. Our work has investigated how to support optimal cyber security investments against commodity attacks developing a decision support tool.
We have shown that our decision support tool provides the same advice with the one advocated by the UK government with regard to the requirements for basic technical protection from cyber attacks in SMEs.