If you made any changes in Pure these will be visible here soon.

Personal profile

Scholarly biography

I am Professor of Software Systems Engineering and founding Director of the Centre for Secure, Intelligent and Usable Systems (CSIUS) at the University of Brighton.

I am also Fellow of the Higher Education Academy (HEA) and a Professional Member of the British Computer Society (BCS). I have been visiting researcher at the National Institute of Informatics (NII), Japan, and a visiting fellow at the British Telecom (BT), U.K and the University College London, U.K. I was visiting professor at the University of the Aegean, Greece and I am visiting professor at the University of Ionian, Greece.

I have published more than 150 papers (h-index 30) and I have secured more than £3M to support research and knowledge transfer. My funding portfolio includes grants from the European Union (FP7, Horizon2020), EPSRC, the Royal Academy of Engineering, the Higher Education Funding Council of England (HEFCE), and the Japanese National Institute of Informatics. I have also received funding from the Knowledge Transfer Partnership/Technology Strategy Board and the European Regional Development Fund for knowledge transfer and from industrial cources including British Telecom, ELC, Powerchex, and FORD.

My 'Powerchex KTP' project was finalist for the best 2012 UK National Knowledge Transfer Partnership TSB award.

I have strong experience of acting as evaluator for national and international funding bodies including the EPSRC, HEA, the EU, the Research Council of Norway, the Innovation Fund of Denmark, and the Austrian Research Council, and I have  been invited subject expert for events organised by the EU, NATO and TSB.

Research interests

The need to secure and esnure the privacy of software systems and the relevant infrastructure, has been recognised as a major challenge not just for the further usage of technology but also for the further advancement of human society. As such, a number of fundamental research challenges have been identified for relevant disciplines such as security engineering, privacy engineering, software engineering, and information systems.

My research interests lie in the intersection of privacy, security and software engineering.

My long-term research goal is to effectively analyse, understand and improve security and privacy of software systems for large, open and dynamic environments. In doing so, I have pioneered work in developing ontologies, languages, models, processes, methodologies and automated testing and optimisation techniques that consider security and privacy as integral aspects of the software systems development process.

In particular, my research focuses on the following areas:

  • Security and Privacy Requirements Engineering. My work in this area is concerned with the development and precise definition of modelling languages, methodologies and ontologies to support elicitation, modelling and analysis of security, trust, and privacy requirements. I have developed the Secure Tropos methodology, one of the first methodologies in the literature that implements the idea of security and privacy by design and integrates security, privacy and engineering techniques under one methodological approach.
  • Data Privacy Management and GDPR. I am interested in developing platforms and solutions that facilitate visual analysis of privacy requirements and needs and assist the creation, monitoring and enforcement of Privacy Level Agreements. Moreover, my work is focused in the analysis and development of innovative data privacy governance platforms, which facilitate scoping and processing of data and data breach management and support organisations towards GDPR and regulatory compliance.
  • IoT, 5G, Cyber-Physical, and Cloud Computing Security. My work in this area is focused on developing novel models, methodologies and analysis techniques that guarantee the highest possible levels of protection within IoT, 5G and Cloud computing environments, in the presence of different security and privacy threats.
  • Model-Based Security/Privacy Engineering. My work in that area focuses on the development and analysis of methods, processes, and architectures for secure and privacy-aware systems. At the requirements level, I focus on the development of processes that enable the elicitation and modelling of security and privacy requirements and analyse them in terms of security and privacy properties, relevant threats and vulnerabilities. At the architectural level, I focus on developing software architecture techniques to ensure that socio-technical systems satisfy security, trust and privacy requirements and that developed architectures reduce potential risks.
  • Security Engineering Decision Support. I am investigating novel decision-making methodologies and models that offer the highest possible levels of protection within different domains (e.g. IoT, Cloud) with regards to different security and privacy threats and a set of evolving factors such as security requirements, financial cost, indirect costs (e.g. people’s productivity), intangible and tangible assets. I am also interested in developing underlying formalisms, utilising logics and graph transformations, to enable precise specifications and automated reasoning, within the context of security and dependability, taking into account organisational policies and resource allocation.
  • Security Attack and Threat Discovery. I am interested in developing novel reasoning techniques and algorithms that assist the discovery of potential cyber-attack paths in supply-chain and critical infrastructures, taking into account information from the Common Weakness Enumeration (CWE) and from the Common Vulnerabilities and Exposures (CVE). My work can be applied within a dynamic risk management system to detect the vulnerabilities of the IT infrastructure and to deliver attack paths that satisfy certain criteria.
  • Security and Privacy Patterns. My work investigates the development of security and privacy pattern languages that enable the representation of patterns and guide developers through the process of designing a system to ensure security and privacy. A major novelty of this work is that the solution to the pattern is represented using concepts from the requirements stage, which enable developers to directly apply the patterns of the language to the security and privacy requirements analysis.
  • Automated Analysis Tools. I am interested in developing tools to support security and trust analysis of the socio-technical systems at different levels. At the higher level, they are graphical editors where security, privacy and trust models can be drawn and the grammatical correctness of the models is automatically checked. On the lower level, they enable analysis of security, privacy and trust properties and security threats.

Within these research areas I have supervised to completion seven PhD and one MPhil students and I currently supervise Five PhD students at the University of Brighton. I have  examined 16 PhD students.

I have lead the University of Brighton team on three European Union funded projects, VisiOn, MITIGATE and SESAME and I am the technical coordinator of the DEFeND Project.

I am also interested in applying the theoretical research outputs of my work to different application domains and my work has been applied to the development and analysis of systems in the areas of critical infrastructures, cloud computing, health-care, telecommunications, banking, and e-commerce.

Supervisory Interests

I am interested in supervising students in projects related to my research interests. In particular, security software engineering, privacy-by-design, cyber risk management, IoT security. As this is not an exhaustive list, please do contact me if you have any interests in the areas of security/privacy and/or software engineering.

Approach to teaching

I have substantial teaching experience in higher education. In particular, I have taught various modules, across different levels (such as HND, Foundation, Undergraduate and Post Graduate), for different types of degrees (such as B.Eng., B.Sc. and M.Sc.) and across different computing programmes and disciplines.

My teaching philosophy is underpinned by the following principles:


  • Being student centred. Students are most likely to learn when they are actively involved with their learning. Being student centred means addressing the needs of the student audience, focusing on their abilities, interests and learning styles and involving them in their learning process as much as possible. 
  • Ability to foster an effective learning environment. It is important, in my view, to develop a learning environment that encourages student intellectual growth, autonomy and supports interaction, not just between students and lecturer but also between students.
  • Ability to adapt. I believe that we need to continually reflect on our teaching and be ready to make changes when appropriate based on feedback we obtain from the class.


Education/Academic qualification

PhD, University of Sheffield


Award Date: 1 Aug 2004

Master, University of Sheffield


Award Date: 1 Sep 2000

Bachelor, University of Wales


Award Date: 1 Jul 1999

External positions

College Member, EPSRC, Engineering and Physical Sciences Research Council (EPSRC)

2017 → …

Member, British Computer Society

2009 → …

Fellow, Higher Education Academy, Higher Education Academy, UK

2007 → …


Dive into the research topics where Haris Mouratidis is active. These topic labels come from the works of this person. Together they form a unique fingerprint.
  • 1 Similar Profiles


Recent external collaboration on country/territory level. Dive into details by clicking on the dots or