1-Information systems security;
• Privacy
• Identification
• Authorization
• Authentication

My studies focus on cryptographic tools, protocols and their verification and implementations; which are related privacy, identification and authentication problems. We have Information Systems Security Research Group; you can visit it and see the proposed, ongoing and finished projects.

2- Cloud Computing;
New age of ICT is Cloud Computing and it is so attractive for SME, big companies and all last users due that having feasibility reasons. These reasons are coming from the architectural specifications of cloud with its specific new problems. Therefore, security challenges of Cloud computing has been deserve much more attention.
• Identification of the entities (i.e. person, program or device) is the first requirement and for a next step should be their correctly authenticate without any conflict or inconsistency.
• Privacy; data is kept in more than one locations in globe. When using the system or after leave from it, no one can guarantee the privacy of your data. Therefore encryption of your data is important when you are using it and after leaving from the system.

3- Operating Systems;
With new ICT developments the ecosystem of our virtual world is continuously changing. To live inside it, we need some regulations. As we now that Operating systems organize the relations between entities and define required interfaces between them. It is the supervisor of the all entities and their interactions.
Therefore in my opinion, we need a new supervisor design to satisfy the managerial and security requirements of this heterogeneous global ICT integration.

4-Autonomous Systems for Security Problems of Next Generation of ICT;
Due to the characteristics of the current and future security problems of NGNs, we argue that the current standardization efforts may fall short of providing a comprehensive solution. The objectives of proposed solution approach are:
• Localization of the security problems, for assuring their effective detection and mitigation;
• Information sharing among NGN components, done according to need-to-know, segregation and fragmentation rules.
• Vulnerability, threat and risk analysis tools carrying out more effectively their assessments by exploiting real time information sharing.
• Creation and use of autonomic and self-adaptive components to assure the security, reliability and availability of the systems and networks.
The main tools of the proposed solution are autonomic and self-adaptive applications/systems. They should enable the choice of the more appropriate security solution for each circumstance, resulting in the improvement of the security, availability and reliability of the application and network services.
(Ref: “Challenges for the security analysis of Next Generation Networks”, Serap Atay, Marcelo Masera, Information Security Technical Report of Elsevier, 16 (2011) pages: 3-11.)

5- Data Analysis;
The relation between data analysis and disclosure of private information from open data is another important domain for security applications. For instance, social networks include lots of our personal descriptive actions, posts and images. Or, mobile applications and many public services collect our specific data such as location coordinates, our best friends, events and personal choices. We have to be aware of the risks and we can organize and manage our private data in this new social and virtual world.

We have “Information Systems Security Research Group, ISS-RG”, you can visit it an see the proposed, on going and finished projects.