The evolution of Information Systems leads to distributed computing and resources, with heterogeneous information sources and access via diverse sites from a wide variety of actors.

Research on Information Systems Security is centred around security of:

-        inter- and intra- organizational document flows;

-        commercial transactions (e.g., in e-commerce, e-operations, e-logistics)

-        public administration sites (federated networks of services)

-        in private and public (governmental) databases and Web systems.

 

Moreover, laws and regulations, as well as process re-engineering, procedural and organizational standards, e.g., for privacy reasons, impose to plan, design, and manage security issues at all levels of an organization.

Research on Security regards the policies and mechanisms to protect distributed Information Systems, also in their evolved architectures, such as in e-service based systems, or Web based systems.

In particular, the themes of research on security tackle standards and organizational aspects of security in business environments, authentication of connections, database security and access rights management, as well as security in cooperative and federated information systems

Specifically, Database security is about: typical attacks, authorization models, privacy protection, trust management in scientific database accesses, and data integrity. For distributed databases and Web-connected databases, the research studies secure access to documents via browsers and html pages, security in DBMS-Web connection (e.g., composition of SQL queries via CGI, ISAPI, Jscript, and security in the used of application objects such as applets or Active-X controls.

Application security research studies security in mobile and multichannel information systems, in e-commerce in workflow systems, and federated authorization management in E-Government systems and in E-science application (trust management).