Imperial College London


Faculty of EngineeringDepartment of Computing




+44 (0)20 7594 8237s.demetriou Website CV




Ms Lucy Atthis +44 (0)20 7594 8259




353ACE ExtensionSouth Kensington Campus





I aspire to design a trustworthy Internet of Things (IoT). In contrast with traditional ubiquitous computing, IoT devices use new user-interaction modalities, are more complex, and are interconnected. Thus they introduce new attack surfaces which can result in financial, emotional and physical harm to individuals: the Mirai botnet exploited myriads of insecure IoT devices to bring down a swathe of popular online services; adversaries took advantage of vulnerable smart baby monitors to scream at babies; intelligent vehicles were remotely attacked allowing an adversary to take control of steering, brake and transmission functions.

My work has focused on smartphone security, which is the de facto user interface to consumer-facing smart environments and devices. I have unearthed design flaws in real-world systems, which affect millions of users. In particular, I discovered new side channels on Android, found connectivity issues with wireless devices and exposed remote code execution threats. In response I designed new security mechanisms that can be directly integrated into popular smartphone operating systems, application markets and network routers.

Throughout my career, I fostered collaborations between more than 40 researchers across 11 international high-caliber institutions from both industry and academia. My work resulted in publications in top-tier systems and security conferences but also had industry impact. Google introduced security enhancements to Android after we unearthed system flaws; Samsung and Hewlett-Packard Enterprise recognized my work with prizes while some of the technology I invented resulted in patents. I continue building on my collaborations with industry and academia to help solve more pressing real-world problems in emerging consumer-facing IoT devices and environments.

I'm currently the Director of the Applications and Systems Security Lab (apss)  at the Department of Computing at Imperial College London. At apss, we leverage a multitude of techniques to study mobility (localization, navigation etc.) and security aspects (confidentiality, integrity, authentication and authorization) in emerging application domains. In particular, we utilize access control, optimization, machine learning and natural language processing among others to tackle prevalent threats and challenges in an ever-connected world.

Authentication, Authorization and Access Control

show research

GOAL: Study of effective and efficient authentication, authorization and access control mechanisms.

Operating systems rely on authentication to verify that subjects (the users and programs) sharing the platform and OS resources are who they claim to be. Lack or weak authentication can result in untrusted parties having access to privileged operations. Authorization schemes determine the privileges a subject has on the system. To enforce the authorization constraints and to help manage the distribution, revocation and enforcement of privileges in a particular context or system, we design effective and efficient access control schemes. Modern operating systems employ a variety of such access control schemes, such as discretionary access control, mandatory access control and application permission models.


Mobile Devices and IoT Systems Security

show research

GOAL: Study of adversarial capabilities and development of novel defense strategies for smartphone and IoT systems.

With smartphone penetration soaring and the rapid advancements in internet connected devices, mobile and IoT device security guarantees are needed more than ever. Adversaries can leverage the fact that mobile devices are equipped with a multitude of sensing and their always present nature to launch sophisticated inference attacks to violate users’ confidentiality and the platforms’ integrity. This research thrust aims to study such adversarial capabilities in smartphone and IoT systems in consumer and enterprise settings.


Mobile Sensing and Localisation

show research

GOAL: Study of novel sensor fusion solutions for outdoor positioning and security for AI in connected and autonomous vehicles.

Mobile devices are equipped with numerous sensors which allow them to offer efficient and effective personalized services and applications. For example, connected and autonomous vehicles (CAVs) feature advanced sensing capabilities, including multiples of range sensors (Lidar and Radar), 360° cameras, onboard GPUs, and high-speed connectivity: Tesla Motors uses a forward radar, a front-facing camera, and multiple ultrasonic sensors to enable its Autopilot feature; Google’s and Apple’s version of CAV uses Lidar and cameras to support autonomous driving; Ford and Uber are also actively experimenting with CAVs.

These advanced capabilities open up a plethora of exciting opportunities for next generation services related to better localization and navigation and traffic optimization. At the same time, their reliance on sensing data and machine learning algorithms for route prediction, collision avoidance and object detection and recognitions, introduces new attack surfaces. Given the widening gap between autonomy and security in this application domain, in tandem with their safety repercussions, there is an impending need for novel solutions that can guarantee trusted outcomes from such sensor-fusion and machine learning algorithms.