Dr Cliffe Schreuders, Reader

Dr Cliffe Schreuders


Cliffe completed his PhD in Computer Security at Murdoch University in Perth, Western Australia. There he gained experience teaching a wide range of subjects including computer security, software development (including amongst other languages: C, Java, and Perl), Linux / Unix system administration and security, IT project management and digital collaboration, and web development. Since 2012, Cliffe is a Senior Lecture in computer security at Leeds Beckett University, UK, where he develops curriculum and teaches a wide range of digital security topics, such as security theory and practice (including defence, investigation, and response), forensics, information security management, and ethical hacking.

Cliffe's research activities include security usability, developing new security models, and free and open software and culture media distribution (please refer to the section below for more about his research work). Cliffe is comfortable with a wide range of programming languages, and his experience includes Linux kernel and Qt/C++ development, and he has worked in industry on Linux-related software development.

Cliffe has specialist knowledge in computer security, and is an avid proponent of Linux, free and open source software (FOSS), and free culture.

Current Teaching

Cliffe currently teaches security and forensics topics at Leeds Beckett University:


  • BSc Computer Security and Ethical Hacking
  • BSc Computer Forensics and Security
  • MSc Digital Forensics and Security


  • Advanced Digital Security
  • Incident Response and Investigation
  • Digital Security Landscapes
  • Principles of Digital Security
  • Offencive Security and Penetration Testing
  • Digital Security Management
  • Forensics and Security


  • PhD Supervision
  • MSc Supervision

Research Interests

Cliffe has a research track record within the field of computer security application-oriented access controls and sandboxing, which aims to provide more usable application restrictions. He developed a security model known as Functionality-Based Application Confinement (FBAC). This model provides application-oriented access controls, based on flexible policy abstractions that represent the functionalities an application performs, and which is well suited to automated policy specification. The implementation, known as FBAC-LSM, is a Linux Security Module and associated tools, and is available as free open source software. A usability study was conducted to compare its efficacy with other security systems such as AppArmor and SELinux. Cliffe has published papers in academic peer-reviewed journals and conferences, and also spoken at various Linux and security conferences and meetings.

Cliffe's recent research activities have also included work related to metadata and the semantic web, and he is currently working on a media distribution platform for free and open source software and cultural works. Cliffe is also actively investigating approaches to teaching computer security.

For an up-to-date list of publications and activities, please visit Cliffe's website: z.cliffe.schreuders.org

Cliffe is the Co-ordinator for Digital Security and Forensics Research, and is the academic lead for a £640,000, research grant, working closely with West Yorkshire Police to improve cyber investigations.

Dr Cliffe Schreuders, Reader

Selected Outputs

  • Schreuders ZC; Payne C; McGill T (2011) Techniques for Automating Policy Specification for Application-oriented Access Controls. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), 22 August 2011 - 26 August 2011. IEEE.


  • Schreuders ZC; Payne C; McGill T (2011) A Policy Language for Abstraction and Automation in Application-Oriented Access Controls: The Functionality-Based Application Confinement Policy Language. In: 2011 IEEE International Symposium on Policies for Distributed Systems and Networks - POLICY, 6 June 2011 - 8 June 2011. IEEE.


  • Schreuders ZC; Payne C (2008) Functionality-based application confinement parameterised hierarchical application restrictions.

  • Schreuders ZC; Payne C (2008) Reusability of functionality-based application confinement policy abstractions.


  • Schreuders ZC; Payne C (2006) Introducing Functionality-Based Application Confinement. In: Seventh Postgraduate Electrical Engineering and Computing Symposium, Perth, Western Australia. Murdoch University.

  • Schreuders ZC (2010) Linux Security Usability: Restricting Programs Using SELinux, AppArmor and FBAC-LSM. In: Linux Security Summit 2010 - LinuxCon, Boston, MA USA.

  • Schreuders ZC (2010) A New Paradigm for Restricting Applications and Protecting Yourself from Your Processes. In: linux.conf.au - LCA2010, Wellington, New Zealand.

  • Schreuders ZC (2009) The Functionality-Based Application Confinement Model and its Linux Prototype FBAC-LSM. In: linux.conf.au - LCA2009, Tasmania, Australia.

  • Schreuders ZC; McGill T; Payne C (2013) The state of the art of application restrictions and sandboxes: A survey of application-oriented access controls and their shortfalls. Computers and Security, 32 pp. 219-241.


  • Schreuders ZC; Payne C; McGill T (2013) The functionality-based application confinement model. International Journal of Information Security, pp. 1-30.


  • Schreuders ZC; Payne C; McGill T (2013) The functionality-based application confinement model. International Journal of Information Security, 12 (5), pp. 393-422.


    View Repository Record

  • Schreuders ZC; McGill TJ; Payne C (2012) Towards usable application-oriented access controls: Qualitative results from a usability study of SELinux, AppArmor and FBAC-LSM. International Journal of Information Security and Privacy, 6 (1), pp. 57-76.


  • Schreuders ZC; McGill T; Payne C (2011) Empowering end users to confine their own applications: The results of a usability study comparing SELinux, AppArmor, and FBAC-LSM. ACM Transactions on Information and System Security, 14 (2), pp. 1-28.


    View Repository Record