ICT is affecting our everyday personal and working live to unprecedented depth and scale.   Solutions to securely combine the ever-growing ecosystem of online services are available, but they are notoriously difficult to get right.  Many security-critical protocols and services have been designed and developed only to be found flawed years later their deployment.  These flaws are usually due to the complex and unexpected interactions of the protocols and services as well as to the possible interference of malicious agents.  Since these weaknesses are very difficult to spot by traditional verification techniques (e.g., manual inspection and testing), security-critical systems are a natural target for automated verification techniques.

The Security & Trust Research Unit develops cutting-edge security solutions in the following areas:
- Web-based Authentication and Authorization Protocols:  browser-based authentication and authorization protocols, protocols for strong authentication;
- Mobile Security: security of mobile operating systems and applications, authentication and authorization models and solutions for mobile apps;
- Security of Cloud-based and Service-oriented Applications and Infrastructures: models and policies for content protection and release, design-time and run-time analysis and enforcement of access control policies.