HWU Cyber Security Research Meetings

HWU Cyber Security Research meets regularly, this page records the topics of these meetings and sets agenda for future meetings.

The meeting takes place every Tuesday at 11:15 in EM 1.58, Edinburgh campus.

2019

Tuesday August 20 (11:00 in PG G.14)

Topic: Discussion in preparation for the new academic year.

Wednesday July 3 in EM 1.82 from 12:00am

Topic: Joint LAIV and Cyber Security PhD Seminar

  • 12:00 Amani Benhalem, Artificial Neural Network - Guided Particle Swarm Optimisation
  • 12:30 Alasdair Hill, Formal Verification of AI Planning Languages
  • 13:00 Abdullah Altawairqi, Exploring the Modeling of Attack Strategies for STPA

Monday June 3 in EM 1.82 from 10:30am

Topic: Cyber Security PhD Seminar

  • 10:30am: Katie Watson,​ Novel, graphical ways of increasing smartphone privacy awareness​
  • 11:00am: Léon McGregor,​ How Could Serious Games Support Secure Programming? Designing a Study Replication and Intervention (EuroUSEC 2019 rehearsal talk)
  • 11:30am: Tin Tironsakkul​, Probing the mystery of cryptocurrency theft: An investigation into methods for cryptocurrency tainting analysis​ (Cryptocurrency Research Conference 2019 rehearsal talk)

Tuesday May 28 (joint with Dubai at 15:30) (in Edinburgh this meeting will be in CM F.17 at 12:30)

Topic: Continuing our Group reading lead by Hani Ragab Hassen on Attribute-Based Access Control.

  • Servos, D., Osborn, S.L., 2017. Current Research and Open Problems in Attribute-Based Access Control. ACM Comput Surv 49, 65:1–65:45. https://doi.org/10.1145/3007204

Tuesday May 21

No meeting as the Workshop on Serious Games for Cyber Security is taking place on Tuesday 21 and Wednesday 22.

Tuesday May 14

Topic: Updates and preparation for Workshop on Serious Games for Cyber Security.

Tuesday May 7 (11:30 in CM F.17)

Topic: Updates and upcoming Workshop on Serious Games for Cyber Security.

Tuesday April 30

No meeting.

Tuesday April 23

No meeting.

Tuesday April 16

Topic: Joint CS seminar at 14:30 in EM 1.70 by Charles Weir (Lancaster University).

Title: Riding the Wave: Using the New Interest in Software Security to Engage and Learn with Industry

Abstract:

GDPR, Facebook, T-Mobile, Heartbleed, WannaCry, E-Payment Fraud, £650 million bank robbery: public and business appreciation of the dangers of ‘cyber’ security and privacy issues have increased massively in the last few years. Changes in technology have made perimeter security insufficient; developers and product management must now be involved, requiring skills and knowledge not traditionally taught to cyber security experts. This creates opportunities for research organisations to contribute significantly to solutions; and a large demand from industry for anything that can help. But how can we as researchers ride this wave of demand?

Charles’ talk will provide a basis to consider this question. He’ll introduce the Magid project at Lancaster University: the building and testing of an intervention package to help development teams improve security. He’ll discuss three powerful research techniques not usual in software research; how they recruited a dozen different industry teams to trial the techniques; and some of the results they found.

Bio: Charles Weir is a Researcher at Security Lancaster, within Lancaster University, UK. He is passionate about improving the security skills of teams of professional software developers, and has contributed to a dozen peer-reviewed publications in the three years since he started academic research. Previously he set up the mobile application development company, Penrillian, and ran it successfully for 15 years, employing up to thirty people and with a total turnover well over £20M. Charles also helped introduce object-oriented and agile methods to the UK, and was technical lead for the world’s first smartphone.

Tuesday April 9 (joint with Dubai) (in Edinburgh this meeting will be in CM F.17)

Topic: Group reading lead by Hani Ragab Hassen on Attribute-Based Access Control.

  • Servos, D., Osborn, S.L., 2017. Current Research and Open Problems in Attribute-Based Access Control. ACM Comput Surv 49, 65:1–65:45. https://doi.org/10.1145/3007204

Tuesday April 2

Topic: Joint CS seminar in EM 1.70 by Sasa Radomirovic (University of Dundee).

Title: A Formal Analysis of 5G Authentication

Abstract:

Mobile communication networks connect much of the world's population. The security of users' calls, text messages, and mobile data depends on the guarantees provided by the Authenticated Key Exchange protocols used. For the next-generation network (5G), the 3GPP group has standardized the 5G AKA protocol for this purpose.

In this talk, I will show how the application of formal methods has helped us discover and repair authentication flaws in the 5G standard. In particular, I will give an introduction to our security protocol modeling language and the automated protocol verification tool Tamarin. No specialist knowledge will be assumed.

Joint work with David Basin, Jannik Dreier, Lucca Hirschi, Ralf Sasse, and Vincent Stettler.

Bio: Dr. Sasa Radomirovic is a senior lecturer at the University of Dundee after previously having been a senior scientist at ETH Zurich in Switzerland. Radomirovic received a PhD in number theory from Rutgers University, USA and moved on to cryptographic protocols and formal methods for information security at NTNU Norway and the University of Luxembourg. Over the last ten years his research has focused on modeling and verification of security and privacy critical systems.

Tuesday March 26

No meeting.

Tuesday March 19

No meeting.

Tuesday March 12

Topic: PhD doctoral consortium.

Tuesday March 5

No meeting.

Tuesday February 26 (joint with Dubai) (in Edinburgh this meeting will be in CM F.17)

Topic: Syeda Rubbani will be discussing her work on the security of IoT communications.

Tuesday February 19

No meeting.

Tuesday February 12

Topic: Group reading lead by Kirsty Macmillan on cyber security, social engineering and autism.

  • Neupane, A., Satvat, K., Saxena, N., Stavrinos, D., and Bishop, H. J. Do Social Disorders Facilitate Social Engineering?: A Case Study of Autism and Phishing Attacks. Annual Computer Security Applications Conference ACSAC 2018. http://doi.acm.org/10.1145/3274694.3274730

Tuesday February 5

Topic: Tin to talk about aspects of his PhD research.

And as Kirsty pointed, Feb that January 5 is Safer Internet Day!

Tuesday January 29

Topic: Filip Bartoszewski to give a practice talk on his PhD research.

Tuesday January 22

Meeting cancelled.

Tuesday January 15

No meeting.

Tuesday January 8

Topic: first meet-up of the new year.

2018

Tuesday December 18

Topic: Wrapping up the year, this will be our last meeting before the break

No meeting on Tuesday December 11

No meeting on Tuesday December 4

Tuesday November 27

Topic: Manuel Maarek to give a GALA 2018 practice talk of titled: Co-created design of a serious game investigation into developer-centred security (joint work with Sandy Louchart, Léon McGregor, and Ross McMenemy)

Tuesday November 20

Topic: Joint CS seminar in EM 1.70 by François Pessaux (ENSTA ParisTech), visiting during the whole week.

Title

FoCaLiZe - An (easy?) language with computational and logical aspects

Abstract

The question of formally proving that programs comply with properties describing their specification is a notoriously complex and polymorphic problem. Several development environments attempt to bring answers.

In this talk, we will present one of them, FoCaLiZe, allowing, inside a same programming language, to deal with algorithms, properties and proofs, while trying to keep simple enough and close to usual programming languages. The presentation will address the features of the language and shortly its compilation.

FoCaLiZe generates OCaml, Coq and Dedukti codes to obtain both an executable (or a library) and a complete formal model of the program, its properties and their proofs. This model is sent to a formal checker to double-check the validity of the development. FoCaLiZe applies a common compilation trunk and code generation model to ensure a good traceability between the produced codes.

Bio

François Pessaux has been Professor Associate at ENSTA ParisTech for 7 years. He did his PhD thesis in the Cristal project at INRIA from 1997 to 1999 on the analysis of uncaught exception in OCaml. He then spent one and half year in a post-doctoral position at Lucent / Hoboken University in the USA, before coming back in France where he led 6 year ago the R&D department at SURLOG, company specialized in safety analyses. He came back in the academic world on a 2 years contract at LIP6 where he developed FoCaLiZe on the basis of Focal. He then worked one year in KALRAY to develop, among other things, a prototype of scheduler for a massively parallel architecture and an Eclipse plugin for the programming language supporting this architecture. Finally, during one year he re-designed the typechecker of the OPA programming language at MLstate before joining the ENSTA ParisTech.

Tuesday November 13

Topic: Group reading lead by Tin Tironsakkul on cryptocurrency transaction analysis.

No meeting on Tuesday November 6


No meeting on Tuesday October 30


Tuesday October 23 (joint with Dubai) (in Edinburgh this meeting will be in CM F.17)

Topic: Manuel Maarek to give a PLATEAU 2018 practice talk of titled: Observing the uptake of a language change making strings immutable

Tuesday October 16 (joint with Dubai) (in Edinburgh this meeting will be in CM F.17)

Topic: Group reading lead by Kayvan Karim on Generative adversarial networks GANs.

  • Rigaki, M., Garcia, S. Bringing a GAN to a Knife-fight: Adapting Malware Communication to Avoid Detection. 2018 IEEE Symposium on Security and Privacy Workshops https://doi.org/10.1109/SPW.2018.00019

Tuesday October 9

Topic: Mashael Alasmari will present for feedback her questionnaire on Facebook usage and behaviour.

Tuesday October 2

Topic: Group reading lead by Abdallah Altawairqi on attack model.

Tuesday September 25

No specific topic.

Tuesday September 18 (joint with Dubai)

Topic: First Edinburgh-Dubai joint meeting.

Tuesday September 11

Topic: Presentation of the setting and questionnaire for a python programming game experiment (Léon McGregor, Manuel Maarek)

Tuesday September 3

No specific topic.

Tuesday August 21

Introduction of the meetings, discussion of their format.

Topic: Pilot and feedback on questionnaire investigating the use of online platforms by children with autism (Kirsty Macmillan)