I am currently (since October 2009) a Postdoctoral Research Assistant within the Information Security Group, at Royal Holloway, University of London. I'm mostly working there with Jason Crampton, on the topic of Access Control models. I'm part of the ITA project, and so I collaborate with people from IBM Watson and people from the Imperial College, and we try to come up with novel ideas in the domain of risk based access control.
I did my undergraduate studies at the Magistère d'Informatique (MIAIF) of the University Paris 6 - Pierre and Marie Curie (UPMC). This was a quite general, selective program in Computer Science. I then attended the DEA Programmation in 2004, which now corresponds to the Master MPRI, and I had there a theoretical training in various programming paradigms, and in software verification.
After my DEA, I started a PhD with Thérèse Hardin and Mathieu Jaume, at the LIP6, the computer science lab of the UPMC, on the topic of the formalisation and comparison of access control systems. I defended my PhD in September 2007, the document (in French) is available below [6]. Some parts of my thesis has been published in French [7,12,13,14] and in English [1,3,4,11]. Within the scope of my PhD, I've also worked on the implementation of a formally proved external access control monitor for a database, in French [2,9], and on the usage of Term Rewriting Systems in the context of Access Control [5,8].
Right after my PhD, I joined the rCOS group, at the United Nations University - International Institute for Software Technology, in Macau, China, for a Postdoctoral Fellowship under the supervision of Zhiming Liu. I've worked there with the whole group, and in particular with Volker Stolz, on the topic of formal methods for component-based model-driven development. I was working (and still try to, when I have time) on the rCOS tool, a UML-based tool [10,15,17], but I also had the opportunity to work on different subjects, like Fault Tolerance [16], and Robustness Testing [18,19].
I joined the Information Security Group in October 2009, and I'm working since then on the topic of Risk Based Access Control. This work takes place within the ITA project, which aims at coming up with novel ideas in the domain of security. Among other works, Jason Crampton and I have defined an Auto-Delegation mechanism, which has been accepted for publication at the STM workshop, and which will also be published in the internal conference of the ITA project.
| [19] | B. Lei, X. Li, Z. Liu, C. Morisset, and V. Stolz. State based robustness testing for components. Journal of Science of Computer Programming, 2010. To appear. [ bib ] |
| [18] | B. Lei, Z. Liu, C. Morisset, and X. Li. State based robustness testing for components. Electr. Notes Theor. Comput. Sci., 260:173-188, 2010. [ bib ] |
| [17] | Z. Liu, C. Morisset, and V. Stolz. rCOS: theory and tools for component-based model driven development. Technical Report 406, UNU-IIST, Feb. 2009. Keynote to appear in Proc. 3rd Intl. Symp. on Fundamentals of Software Engineering, FSEN 2009, Lecture Notes in Computer Science. [ bib | .pdf ] |
| [16] | M. Zhang, Z. Liu, C. Morisset, and A. Ravn. Design and verification of fault-tolerant components. In M. Butler, C. Jones, A. Romanovsky, and E. Troubitsyna, editors, Methods, Models and Tools for Fault Tolerance, volume 5454 of Lecture Notes in Computer Science, pages 57-84. Springer Verlag, 2009. [ bib | DOI ] |
| [15] | Z. Chen, C. Morisset, and V. Stolz. Specification and validation of behavioural protocols in the rCOS modeler. In 3rd. Intl. Symp. on Fundamentals of Software Engineering (FSEN 2009), pages 387-401. Springer, 2009. [ bib | DOI | .pdf ] |
| [14] | L. Habib, M. Jaume, and C. Morisset. Formal definition and comparison of access control models. Journal of Information Assurance and Security, 4:372-378, 2009. [ bib ] |
| [13] | L. Habib, M. Jaume, and C. Morisset. A formal comparison of the Bell & LaPadula and RBAC models. In Fourth International Symposium on Information Assurance and Security IAS'08, pages 3-8. IEEE CS Press, 2008. [ bib | .pdf ] |
| [12] | M. Jaume and C. Morisset. Un Cadre Sémantique Pour le Contrôle d'accès. TSI (Technique et Science Informatiques), 27(8):951-976, 2008. [ bib | .pdf ] |
| [11] | P. Ayrault, M. Carlier, D. Delahaye, C. Dubois, D. Doligez, L. Habib, T. Hardin, M. Jaume, C. Morisset, F. Pessaux, R. Rioboo, and P. Weis. Secure Software within Focal. In Computer & Electronics Security Applications Rendez-vous, 2008. [ bib | .pdf ] |
| [10] | Z. Liu, C. Morisset, and V. Stolz. A component-based access control monitor. In International Symposium on Leveraging Applications of Formal Methods, Verification and Validation, volume 17 of Communications in Computer and Information Science. Springer, 2008. [ bib | .pdf ] |
| [9] | J. Blond and C. Morisset. Un moniteur de référence sûr d'une base de données. Technique et Science Informatiques (TSI), 26(9):1091-1110, 2007. [ bib | .pdf ] |
| [8] | C. Morisset and A. S. de Oliveira. Automated detection of information leakage in access control. In Workshop on Security and Rewriting Techniques (SecReT'07), 2007. [ bib | .pdf ] |
| [7] | M. Jaume and C. Morisset. Contrôler le contrôle d'accès. In AFADL'07, Approches Formelles dans l'Assistance au Développement de Logiciels, Namur, Belgique, 2007. [ bib | .ps ] |
| [6] | C. Morisset. Sémantique des systèmes de contrôle d'accès. PhD thesis, Université Pierre et Marie Curie - Paris 6, 2007. [ bib | .pdf ] |
| [5] | T. Hardin, M. Jaume, and C. Morisset. Access control and rewrite systems. In Proceedings of the 1st International Workshop on Security and Rewriting Techniques (SecReT'06), Venice, Italy, July 2006. [ bib | .ps ] |
| [4] | M. Jaume and C. Morisset. A formal approach to implement access control. Journal of Information Assurance and Security, 2:137-148, June 2006. [ bib | .pdf ] |
| [3] | M. Jaume and C. Morisset. Towards a formal specification of access control. In Proceedings of the LICS-Affiliated Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis, 2006. [ bib | .pdf ] |
| [2] | J. Blond and C. Morisset. Formalisation et implantation d'une politique de sécurité d'une base de données. In T. Hardin and P. Moreau, editors, Journées Francophones des Langages Applicatifs (JFLA). INRIA, Janvier 2006. [ bib | .ps ] |
| [1] | M. Jaume and C. Morisset. Formalisation and implementation of access control models. In Information Assurance and Security (IAS'05) International Conference on Information Technology, ITCC, pages 703-708. IEEE CS Press, 2005. [ bib | .pdf ] |