Dr. Liliana Pasquale - Assistant Professor, Software Engineering

Dr Liliana Pasquale is an Assistant Professor at University College Dublin, whose research aims to build software systems that guarantee satisfactory security properties: confidentiality of data; data integrity; and, ensuring the lawful treatment of this data in order to satisfy data protection regulations. Dr Pasquale also works to develop “forensic-ready” software systems, which collect data that can show the footprint of an attacker and allow security experts to diagnose how an attack occurred.

"I joined Lero right after I finished my PhD at Politecnico di Milano (Italy), and I am now a funded investigator leading, together with Lero’s Chief Scientist Professor Bashar Nuseibeh, the security and privacy research hub. Lero has given me great experience working with industry partners, as our projects are highly motivated by industry needs. At Lero, I really learned how to select a good research venue and how to carry out research collaboratively, especially because in our group we always worked with others: during meetings everybody was involved in the data writing. So the aspects of Lero that were really beneficial for my career was the exposure to industry and the collaborative research environment.

In Lero, I learned the importance of doing research activities that can also have an impact on the public. Lero gives you the opportunity to perform Education and Public Engagement (EPE) activities, such as coding activities with children or collaborations with non-profit organisations. When I moved to Dublin I began collaborating with CyberSafeIreland: an NGO that works to safeguard children online. Our research investigates how mobile apps and social media are collecting data about children, without verifying their age. We looked into the top 10 social media apps used by children, and verified whether they put in place any age verification mechanisms.

In 2019, Lero was selected to participate in a €15m European Commission cybersecurity research project: CyberSec4Europe, and I oversee the Irish team. This project brings together partners from European institutions to create a pilot for the development of a European Union cybersecurity research centre. So far, four pilots have been funded, working to understand the best practices for running a research centre on security. Lero is the only partner in Ireland involved in this major international research programme, which helps to place Ireland as one of the leading EU countries in cybersecurity research.

I am now an Assistant Professor at University College Dublin. One of the things in UCD that I have really enjoyed is developing my own module, called Secure Software Engineering. To develop the module, I researched job postings from software companies and investigated the particular skills they look for in a security engineer, trying to create a curriculum that would be very close to industry requirements, and I really enjoyed doing this. Last year was my first year running the module, and I had very good feedback from the students.

"In Lero, I learned the importance of doing research activities that can also have an impact on the public. Lero gives you the opportunity to perform Education and Public Engagement (EPE) activities, such as coding activities with children or collaborations with non-profit organisations."

Lero is like a big family. There was a very friendly environment and that’s very important in order to do good research. I think sometimes a very competitive environment can put you down, but a friendly environment is important for personal growth, especially for younger researchers. I worked closely with Prof. Bashar Nuseibeh, who always gave me valuable career advice. Also, Lero has annual meetings where we have conducted several activities over the years and showcased posters. One year, we presented our CVs and we had the opportunity to discuss them with experts to get feedback on how to progress in our careers, which was very valuable.

My advice to any researchers starting in Lero is talk to your peers about your research;don’t be shy. There are a lot of opportunities to talk about your research with people, even on your coffee breaks. Also, when it comes to publishing papers, don’t focus on numbers, but focus on quality: quality of publication and quality of venues, because in the end these are what count when it comes to getting positions. It’s better to have less papers in the best venues than having a lot of papers in suboptimal venues.

It is an exciting time to be researching software security because software is pervading our society. Software is being used in critical services such as electricity, distribution, transportation, and also in areas like autonomous vehicles and smart cities. It is becoming increasingly important to make systems safe; as software is used more and more in society, attacks are increasing. Attackers are able to not only exploit service vulnerabilities, but can also exploit these vulnerabilities using other opportunities, such as physical proximity to smart devices and also using social engineering skills. Because the attacks are increasing, it’s becoming more and more important to secure systems, but there is an increasing need for multidisciplinary research, because security problems cannot be tackled only from a software perspective. I think this is the future of the research area: to consider security from a multi-disciplinary perspective and to undertake integrated research, taking into account the social, cyber and the physical dimensions together. For example, I’m collaborating with civil engineers to understand the integrated cyber-critical risks of smart infrastructure, such as a smart bridge. Carrying out multidisciplinary research can be challenging because we need to talk to people from different domains who, in a sense, speak a different language. It can also be difficult to get multidisciplinary research published, because venues are very focused on a specific domain. However, I think the priority is to do good research, and this is what will matter in the long run.”