(a) Quality of Security: How secure is the software we are running? Where should we focus to improve it? In this strand of research we perform empirical measurements (e.g. analyzing CVE reports and their corresponding vulnerability-introducing commits) trying to answer such questions.
(b) Decentralized trust management: Today's digital infrastructures (marketplaces, sharing platforms, social networks) are centralized. This creates a lot of problems. Towards creating decentralized alternatives, one of the most critical issues is providing decentralized trust/access-control infrastructures. In this strand of research we investigate how these infrastructures can be built.
If you are fascinated by any of the two research themes above, take a look at my related publications (e.g. on my personal page or dblp) and contact me to discuss about a potential research direction for your thesis.