Published: 02 August 2021

Meet the academic: Professor Ioana Boureanu

Professor Ioana Boureanu is a researcher in cyber security who collaborates with industry and teaches in our Department of Computer Science. Interested in linguistics and Eastern cultures, she’s also learning Japanese – though she doesn’t always do her homework on time…

How did you get into computer science?

By accident! In my native Romania, I enrolled as a student in a maths as well as a computer science degree. Maths was my passion at the time. I knew little about computer science other that it employed “some” maths. However, I soon discovered it was a very different discipline.

For example, to write a correct and efficient computer program may involve structured thinking and even maths. But it also requires a host of other skills such as understanding systems’ architecture. It was taking on those new challenges I found attractive.

Eventually, I quit maths but I continued studying for a computer science degree.

What was the appeal?

The whole field has an obvious practical side, which requires building software and systems to perform tasks across a range of sectors. But I was attracted to the theoretical side and the deeper theories that underpin computer science.

For example, if one program takes a minute to run and another takes an hour, how can we formally measure and express the difference in their efficiency?

What's your current area of research?

I work in cyber security, focusing on applied cryptography and formal security analyses. The latter, for instance, employs mathematical models and software tools, which allow us to prove that a system is as secure as it claims. So it’s cyber security with an inclination towards provable security.

Does this mean you constantly strive to stay one step ahead of cyber criminals?

Absolutely! One can create a new system and make it as secure as possible, but they always “need” somebody to challenge the assumptions and test the constructions. That can happen at the design stage when the system is still “on paper”, or when it’s up and running. Sometimes the security may not be as good as you’d hoped. Or it may be incredibly secure – but only within certain constraints.

When you work in this field and you’re creating these systems, you often have a mindset of “How can I break into it?” rather than “How can I make it secure?” It’s a bit of a topsy-turvy methodology and it’s like a constant game of cat-and-mouse.

Do you work in industry, too?

Yes, I collaborate a lot with industry. For instance, I lead research on a government-funded project into contactless payments security in collaboration with Visa and Mastercard.

I also work on the formal security of certain Internet of Things (IoT) applications. These involve computationally constrained devices, such as low-cost sensors like the ones that farmers use to track livestock.

More specifically, at Surrey, we work with IoT devices called LoRa devices and we're part of the LoRA Alliance Security Working Group. This involves examining the security of LoRa-device specifications. We’re analysing privacy aspects of these types of devices, too.  

Other companies I work with include Thales, BT, Ericcson and HP Labs, NCC Group, and a local company called Consult Hyperion.

What are the main courses you teach on?

I teach a Year 3 undergraduate course on computer security and a Year 3 undergraduate module on systems verification. I’m also the programme lead on the Information Security MSc, which is accredited by Government Communications Headquarters.

Does your industry experience influence your teaching?

I bring examples from industry into the lecture theatre, especially towards the end of a module when we can discuss the real-world applications of the concepts we’ve been learning.

Why should people study computer science?

It’s a varied discipline that includes technical, theoretical, applied and creative aspects. You can focus on programming, systems architecture, data analysis, artificial intelligence or interface design to name just a few areas. There’s the exhilarating cat-and-mouse game that is cyber security, too.

Or there’s a whole area of psychological and sociological research linked to computing and online social networks. It’s a diverse subject that opens a lot of doors.

Finally, how do you relax away from the lecture theatre?

I enjoy cycling, running and reading, and going to classical music concerts and art galleries.

I’m also fascinated by languages. I shared an office with a Japanese colleague who started teaching me simple phrases, so I started learning Japanese in classes. I have to admit I don’t always do my homework on time. But I’ll persevere!


Find out more about studying in our Department of Computer Science.