SECReT 2010 PhD projects
- Metal oxide semiconductor gas sensors as an electronic nose for the detection of microbial agents
- What are the factors that make communities vulnerable to, or resistant against, the emergence of radicalising settings?
- Covert taggant nanoparticle inks - discovery, process and product development, and analysis for sustainability and efficiency
- Diffusion processes of political violence: The role of information
- Engineering IT risk awareness, education and training
- Three-dimentional imaging of baggage for security applications.
- Understanding the traffic-driven epidemic spreading in scale-free networks
- Optimal search and detection of targets in an uncertain environment using unmanned aerial vehicle
- Explosive residue: Evaluation and optimisation of detection and sampling procedures
- Forecasting adversary’s scenarios: Systemic competitive red teaming
- Secure digital archive and web search using a Probably Approximately Correct architecture
- Mobilising community resilience through techno-social innovation
- Numerical modelling/empirical analysis of civil conflict
- Landmine, IED, UXO Detection using Ground Penetrating Radar from an Unmanned Aerial Vehicle
- Towards a usable and less disruptive security in the workplace
- Securing from exploits using information theoretical techniques
- Crime drop in Chile: Searching for causes and mechanisms
- Inferring user behaviour despite wireless network encryption
- The Chain of Evidence - a critical appraisal of the applicability and validity of forensic research and the usability of forensic evidence
Securing from exploits using information theoretical techniques
7 March 2012
The creation of completely secure software currently seems like a mere pipe dream. The more vigorously we can test software, the greater confidence we can have that it is indeed secure. Testing on all possible inputs however, is generally intractable.
Our research focuses on exploring information theoretical techniques and their application to testing. These techniques may provide valuable information regarding how best to test, and when it is safe to stop. By using information theory we may shed light on the most effective program paths on which to run tests, and how to generate he most effective test set.
Secure and well tested software eliminates many of the opportunities available for attackers to exploit. We also consider the point at which attackers will give up and the software has become safe by design. In this we must consider the modus operandi of the attackers, and assuming they are rational agents, at what point their cost/benefit analysis will prove unrewarding enough to consider the target unprofitable.