Research projects

The Internet of Anything, Internet of Everything or Internet of Things (IoT)- all these paradigms refer to the growing number of smart connected products or things, which is now giving rise to huge set of opportunities on the one hand while at the same time causing many challenges. Clearly , Security is paramount for the sale and reliable operation of IoT connected devices.

In fact, security is the foundation enabler of IoT. But what is also clear is the growth rate of the internet of things (IoT) is outpacing security efforts in IoT. In the case if IoT, it is critically important that security cannot be and must not be thought of as an add-on to a device in IoT but rather should be integral to the device's reliable functioning.

Software security controls need to be introduced at the operating system level, and should take advantage of the hardware security capabilities to maintain continuously the trusted computing base.

Our research interests include the following:

• Analysis of the threats and attacks in various IoT infrastructures and the proliferation of Malware leading to the compromise of the whole network system.
• Research questions related to trustworthiness of data from IoT devices. How to reliably identify and secure the data provenance in the IoT infrastructure and gets aggregated, how to achieve dynamic security policy management on the data?
• Another major security area is the interactions between the IoT and the cloud infrastructures. In particular when different data from different devices need to be combined to offer seamless cloud based distributed services.

Our Overall vision is one of achieving secure and trustworthy seamless extension of control of data in large scale applications and infrastructures for both users and enterprises.

Our Research Program in Big Data Security Comprises two major parts.

• One part focusing on metadata based policy models and architectures for secure management of large scale data.
• Another part demonstrating the proposed models and architectures in the context of data driven applications involving emerging Internet of Things and cloud computing technologies.

Software Defined Networking (SDN) is rapidly emerging as a disruptive technology poised to change the worlds of "Networking" much the same was cloud computing is changing the "Compute" world.

It is altering the texture of modern networking, moving away from the current control protocols dominant in the TCP/IP network (internet) stack, towards something more flexible and programmable.

It is changing the way research in networking will be conducted in the future, by providing equipment that is open and controllable by external software, unlike today's propriety equipment that has protocols embedded into them by the vendors.

This opens up new avenues of research that use SDN to realise network capabilities that were impossible or extremely cumbersome before, as well as creating opportunities for research into the rapidly evolving SDN technology itself to make it more efficient, secure, scale-able, and practicable for commercial deployment in future networks.

Security is a major concern in software Defined Networks.

The initial focus of our work is to develop a policy based security architecture for securing software defined networks in a mutli-domain environment.

Our architecture will enable us to specify and enforce different types of policies based on the devices, users, and their location as well as the path used for communications both within and between SDN domains.

Our security system comprises of security modules and is developed as applications that can be run on any of the SDN controllers.

Currently we are implementing our security architecture using the POX controller and raspberry Pi  switches, and we are able to demonstrate different use case scenarios with fine granular security policy enforcement for different SDN services.

The research challenge being addressed in this proposal is how to achieve secure data storage in a public cloud environment.

The core research questions here are:

• Do you know where your data is?
• Do you know who can see them and modify them without a trace?
• Who can aggregate or summarise or embed your data for purposes other than what you specified?

In the cloud, the user has to rely on third parties to make decisions about the data and platforms in ways never seen before in computing. These are not easy questions to answer.

At present we do not have widely available technology that can address these questions in a large scale cloud environment with millions of users and numerous providers.

In this project, we will develop novel schemes to tackle secure access to outsourced data in the cloud by combining novel cryptographic techniques with access control systems and trusted computing technologies.

In particular we will consider role based access control policies which are commonly used in commercial systems.

Our overall vision is one of achieving seamless extension of control for the user and enterprise into the cloud.

We have developed a novel hybrid framework combining role based access control and with cryptographic techniques to secure data storage in public cloud.

We have proposed a new role based encryption scheme within the framework and analyse the various design choices for effective security management in the cloud.

The significance of the proposed framework is its ability to combine flexible security management based on role based policies on encrypted data offering protection.

We are developing a trust model for the secure cloud data storage framework proposed above.

The trust model will combine the strength of role based access control with soft reputation based trust and hard TPM based attestation trust, driven by data storage in cloud requirements.

The challenge addressed in this project relates to the unprecedented developments in interconnected services driven by large scale virtualised systems in the cloud providing services for millions of users running on thousands of networked physical platforms.

We will consider three significant security aspects in this context.

1. First, a large scale cloud system gives rise to different security requirements from different users for different applications and services on shared infrastructures. Multiple service providers and multi-tenanted platforms in the cloud make it critical to address dynamic access control policies that are context dependent in addition to the traditional attribute and credential based techniques. Furthermore, multi tenancy and dynamism introduce new cloud security requirements in terms of intra-cloud interactions such as provider-tenant and tenant-tenant interactions.
2. Second, a major security issue in the cloud is concerned with the proliferation of cyber attacks and the dramatic increase in the attack surface. Vulnerabilities in cloud platforms can be exploited by an intruder to attack multiple users and services thereby greatly increasing their impact. For instance, sharing in cloud infrastructures enables social engineering and phishing attacks to gain a new attack vector due to their elasticity. The issue of malicious insider threat is amplified in the cloud with the increasing number of users with administrative privileges combined with the lack of transparencies into the cloud provider's processes.
3. Third, these issues of secure access and attacks are underpinned by the fundamental challenge of trust in the cloud. A critical issue for the next decade is to think about how transformative the cloud really is relative to trust. From a user point of view, the fundamental issue is how to trust the services provided by the cloud? From a cloud provider point of view, how to ensure that a user's applications running on the provider's platform do not lead to security attacks not only on its own infrastructure but also do not affect adversely other users in the cloud. In this project, we will develop security services and a comprehensive cloud security architecture to address these issues which integrates access control, malware detection and trust computing.

Research into malware has become a significant area with the dramatic growth in different types of malware from Trojans to spyware to virus to worms. We are overwhelmed by the amount of malware and the various technologies they impact from systems to networks to mobile devises to critical infrastructures. This project addresses critical issues in malware design, detection and prevention as well as the impact of malware on smart grid infrastructures.

In the area of malware, one recent piece of work in this area is that we have done in this area is a novel attack vector against anti-virus software. We have come up with an attack vector that targets anti-virus updates. Using this attack, we have shown that how a system and anti-virus software itself can be compromised during the update of anti-virus software. We have investigated this design vulnerability with several of the major anti-virus software products such as Avira, AVG, McAfee, Microsoft and Symantec, and found that they are vulnerable to this new attack vector. We have also developed possible solutions that can be used to mitigate the attack in the existing versions of the anti-virus software as well as in the future ones.

In another piece of work, we have investigated different techniques that can be used by an attacker to generate PDF attacks. Then we have proposed PDFSCAN which can detect the attacks by analysing the suspicious objects and the scripts that are embedded in the documents. PDFSCAN makes use of dynamic and static analysis techniques to deal with the malware. We have also analysed different types of malware using Malware Attribute Enumeration and Characterisation (MAEC) framework and proposed extensions for further improvement.

In the area of smart grids, we have been investigating the design and analysis of malware in smart grid infrastructures. We have conducted a detailed analysis of malware such as Stuxnet, Flame, Duqu and Shamoon and considered such malware attacks targeting smart grids. A key aspect of this attack is that it targets hardware, i.e. field devices, as well as IT systems to illustrate how a blackout is possible even under the security-improved smart grid environment. We are also investigating the application of defensive techniques to counteract such attacks.

This project proposes a new approach to trust enhanced security which will form the foundation of the new architecture and solutions being developed.

First we have incorporated properties of a platform in the authorisation decision making. This means that, while users are verified for their authorisation privileges, platforms must also be verified to check whether they satisfy the necessary properties before they are allowed access.

We have developed TEDA: Trust Enhanced Distributed Authorisation architecture for platforms. TEDA encompasses the notions of hard' and soft' trust to determine whether a platform may be trusted to perform a certain task. While hard trust refers to trust derived from concrete security mechanisms like certificate verification, soft trust elements are derived from social control mechanisms like past behaviour.

We have developed ALOPA, an authorisation logic language for trusted platforms. Access control policies specified using ALOPA govern the access of platforms to resources on the basis of the platforms identity and a collection of rules (based on platform properties) which determine, for any platform and any resource, the types of accesses the platform is allowed on the resource.

We have developed TM: a Trust Model for trusted platforms that takes into account direct and recommended experiences. Such a dynamic model enables reasoning about the state of the platform based on its past behaviour. Using a combination of both hardware-based trust derived from trusted computing and social trust, the hybrid framework enables better security decision-making. We have then applied this architecture for trust enhanced authorisation of web services. This leads to a de-centralized security and trust management architecture integrated in the middleware of the distributed system architecture.

Distributed information services such as Grid computing, utility computing and on-demand software services rely strongly on the security of the underlying computing infrastructure. The computing infrastructure components such as execution environments, databases, web servers and browsers have not only varying but often conflicting security requirements. Hence the need to achieve secure isolation between such components is critical to enforce different security requirements, while at the same time enabling components with similar security requirements to share information efficiently.

Virtualisation, which provides a basis for strong isolation, has been around now for several decades; in the past, often it has been deployed in standalone mainframe systems, whose hardware was explicitly designed with virtualised operation in mind. However until recently it has not been feasible to build systems out of commodity PC hardware that meet security guarantees.

The core of the proposed research involves theory and design of a policy based secure virtual machine model and architecture that is enhanced with trusted computing, which can achieve secure and dynamic sharing of virtual resources among co-operating virtual machines in a distributed environment.

The new security model and architecture, on the one hand, exploits the benefits of the trusted hardware platform underneath, while on the other hand supports a range of security and trust policies for virtual machines and applications above. The model addresses dynamic changes in system state and help to reason better about the security properties and hence provide higher level of security guarantees.

The secure virtual machine model also provides an improved capability for detecting malware attacks and preventing them. Such secure virtualised distributed system architecture can help to achieve trust enhanced secure applications, such as Grid computing and online collaborations.

A unique feature of the proposed research is that it aims to combine the advantages of secure virtualisation and trusted computing technologies to develop novel distributed security architecture for virtualised systems.

Embedded systems are becoming ever more complex, inter-connected and inter-dependent, yielding distributed, heterogeneous infrastructures of embedded devices. With their increasing inter-dependency, criticality and complexity, such distributed embedded systems become increasingly viable and valuable targets of attackers.

This is aggravated by the problem that many existing embedded systems are not intended for networked operation, and that (parts of) these infrastructures are often also exposed to low and medium effort physical attacks.

In this context, the ability to automatically validate the security state of remote systems and bind data to known-good system states can provide fundamental security assurance and facilitate the secure operation of distributed embedded systems.

We investigate new solutions for trusted computing functionality in distributed embedded systems. We particularly focus on trust establishment and trusted channels in resource-constrained, low-end embedded systems, with often limited computational capabilities and power supply.

A major problem we tackle is the trust establishment in low-cost, resource-constrained devices. In particular, we analysed software-based attestation, a recent approach to low-cost attestation and trusted execution, and develop a systematic and simplified construction of software attestation.

We also study how trusted execution environments can assist to secure complete user transaction flows. Leveraging trusted execution and secure user input/ output facilities, we construct a software smartcard that provides secure authentication and user authorization, and also simplifies the deployment and migration procedures.

Currently we are considering a new architecture for trusted computing and trusted execution on low-cost, resource-constrained devices.

The service-oriented architecture (SOA) can be used to build new solutions leveraging services, to cleave together existing applications, or to cleave apart existing applications.

The SOA provides many benefits such as cost saving to organisations by increasing the speed of implementation of any application(s) required and reducing the expenditure on integration technologies.

However, security is one of the main roadblocks for enterprises when it comes to the development and deployment of their services oriented architectures.

In this work, we address the area of authorisation policy specification for the SOA. We present a detailed analysis of the research work in the area of authorisation policy specification, and propose a set of principles in modelling and designing an authorisation policy language for the SOA.

Then we design a comprehensive authorisation framework for the SOA. The proposed authorisation framework comprises the Web Services Authorisation Architecture (WSAA) built for the Web services layer of the SOA, and the Business Process Authorisation Architecture (BPAA) built for the business processes layer of the SOA.

The architecture is able to support legacy applications exposed as Web services as well as the new Web service based applications built to leverage the benefits offered by the SOA; it supports multiple access control models and mechanisms and is decentralised and distributed, and provides facilities for management of the Web service objects and the authorisation information.

Mobile agents are emerging to be a significant technology in networked computing and pose some fundamental challenges in security.

This research project addresses the theory, architecture and design of secure mobile agents systems.

It has proposed a comprehensive security model and security architecture for security enhanced mobile agents in a roaming distributed environment, with new schemes for dynamic privilege management.

A new approach to mobile agent security referred to as trust enhanced security was introduced, which advocates a shift in security solutions from security-centric to trust-centric.

This extends the traditional security mechanisms by enabling trust decisions through explicit specification and management of security related trust relationships.

We also demonstrated that the integration of the trust decisions into security decision making process leads to improved security performance.

The work has developed a formal trust model and has incorporated this into the development of a novel trust management architecture - MobileTrust- for mobile agent based Internet applications.

A mobile ad hoc network (MANET) is a self-configuring network in which nodes rely on intermediate nodes to establish multi-hop communications. Security is paramount in such networks as they are not conducive to centralized trusted authorities.

Furthermore, the security solutions that have been deployed for wired networks are not directly portable to ad hoc networks for reasons such as sporadic wireless communication, dynamically changing topology, and constrained battery energy.

Since multi-hop communications between any nodes is reliant on intermediary nodes, the security of higher layer protocols is conditioned by the security of communication path.

Our research has developed security and trust models and architectures to meet the following security requirements:

• (a) delivery of information securely in a promiscuous wireless medium,
• (b) enlist only authenticated and trustworthy nodes for communication,
• (c) detect tampered control headers and information,
• (d) ensure the availability of network services such as packet forwarding and bandwidth sharing,
• (e) detect compromised nodes and include repenting malicious nodes, and
• (f) enhance security decisions dynamically using evolving evidence and hence trust decisions.

We have developed a realistic two-layered Trust Enhanced security Architecture for the MANETs (TEAM). The novel techniques include,

• (a) an obligation- based fellowship model to motivate cooperation among the mobile nodes,
• (b) secure MANET Routing with Trust Intrigue (SMRTI) that resolves the limitations harboured by related trust models and capitalises all the evidence that are available within the limitations of the MANET for making better routing decisions and,
• (c) a new secure routing protocol known as Scasec.

Furthermore, fellowship model is extended to defend flooding attacks in the MANETs that support anonymous communications.

Similarly, SMRTI trust model is extended to incorporate subjective logic with a focus to resolve the notion of uncertainty in the trust relationships established between newly-joining and existing mobile nodes.

Finally, the better performance results of all these proposed techniques are demonstrated using extensive simulation and implementation scenarios.

Trust management is an important issue in the analysis and design of secure information systems.

In this project, we build up a comprehensive trust management approach that covers the analysis/modelling of trust relationships and the development of trust management systems in a consistent manner.

We develop a formal model of trust relationship with a strict mathematical structure that can not only reflect many of the commonly used notions of trust, but also provide a solid basis for a unified taxonomy framework of trust where a range of useful properties of trust relationships can be expressed and compared.

We proposed a general methodology for analysis and modelling of trust relationships in distributed information system is presented.

The general methodology includes a range of major concerns in the whole lifecycle of trust relationships, and provides practical guidelines for analysis and modelling of trust relationships in the real world.

We propose a unified framework for trust management is proposed addressing trust evidence collection, trust evaluation and trust consumption.

A variety of trust mechanisms including reputation, credentials, local data, and environment parameters are covered under the same framework. Trust management architecture was then developed which is used to demonstrate security and trust in healthcare applications.

Today, distributed denial of service (DDoS) attacks are causing major problems to conduct online business over the Internet.

Recently several schemes have been proposed on how to prevent some of these attacks, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. In this project we proposed a range of techniques that can be used to counteract DDoS attacks efficiently in wired, wireless and mobile networks.

We have proposed new packet marking techniques and developed models to counteract denial of service attacks.

Security architectures have been developed and integrated with network management platforms such as Hewlett-Packard's OpenView Network Management Platform Our model is able to identify the approximate source of attack (nearest router) with a single packet even in case of attack with spoofed source addresses.

Our scheme is invoked only during attack times, is able to process the victims traffic separately without disturbing other traffic, is able to establish different attack signatures for different attacking sources, can prevent the attack traffic at the nearest router to the attacking system, has fast response time, is simple in its implementation and can be incrementally deployed.

Recent advances in wireless communications and computing devices have led to the development of low-cost, low-power and multi-functional sensor nodes resulting in wireless sensor networks emerging as a new tier in the information infrastructure ecosystem.

Sensor networks provide a promising approach for a variety of applications ranging from monitoring and security of buildings and spaces to measuring traffic flows to tracking environment pollutants to water resource usage and environment management to healthcare.

Security issues are critical in sensor networks as they often have mission critical tasks and deal with sensitive information; these arise not only due to sensor nodes' limited power, memory and computational capacity but also due to the susceptibility of wireless communications and the physical vulnerability of sensor nodes; furthermore the sensitivity of information collected by these nodes has significant influence in the decision making, which make the design and management of security services vital.

This research project develops a trust enhanced security framework that incorporates - a threat model with intrusion detection techniques to identify and discard malicious nodes, a reputation based trust model to evaluate a node's trustworthiness and efficient light-weight key management schemes in dynamic sensor networks.

This research integrates security and trust in the design of sensor networks and applications and will also provide a systematic basis for analysing the various design choices for securing sensor networks.

Peer to Peer (P2P) computing poses challenging security problems, due to its dynamic, decentralised and large scale characteristics, operating over untrusted internet, for which no adequate solutions exit today.

This research achieved conceptual advances in terms of comprehensive new trust model and metric, proposed decentralized trust management architecture and a novel scheme to evaluate peer trust in large scale federated environments.

It also developed new techniques for mitigating denial of service attacks in P2P systems.

We also demonstrate these techniques by building a practical secure agent based P2P e-commerce system, integrating results in security and Internet applications.

We are investigating techniques for efficient human user recognition.

Principal Component Analysis (PCA) is a powerful and well-known method to extract features and represent data which is widely used in pattern recognition and computer vision. PCA has been applied extensively to face recognition.

Recently, Kernel-based Two Dimensional Principal Component Analysis (K2DPCA) has been proposed, in which images are first mapped into another space using kernel function and then covariance matrix of images are constructed from the mapped data.

Such as scheme Using achieves better accuracy and is faster compared to one dimensional PCA. To further improve the performance of face recognition, we have proposed a new method, Two-Dimensional Kernel Entropy Component Analysis (K2DECA), which is able to extract nonlinear components based on entropy estimate.

In K2DECA, the kernel 2DPCA axes onto which the data is projected contribute to the entropy estimate. We have conducted extensive experiments on the proposed method using three image databases, YALE, ORL, and Head Pose.

Our analysis of the results show that the proposed method is much superior compared to previously known methods for accurate face recognition, and hence is useful in practical applications.

Machine learning algorithms have been widely deployed in different applications as automated decision-making tools with generalisation capabilities. However, they have shown to be vulnerable. In this research, we aim to improve the security of machine learning algorithms. We investigate the vulnerabilities of machine learning algorithms, and how these vulnerabilities can be exploited by attackers. We consider attacks in both the training phase, known as poisoning attacks, and in the test phase, known as evasion attacks. We address attacks under different assumptions about an attacker knowledge. We also design defence mechanisms against identified attacks.

Generative adversarial networks (GANs) have shown to be effective for estimating the probability distribution, or the conditional probability distribution underlying a dataset, and also learning a mapping from one type of data to another type of data. Therefore, these networks can be used in a wide variety of applications. As one application of GANs, we utilise them to generate a synthetic dataset where privacy and/or licensing concerns prevent us from sharing the original dataset. As another application of GANs, we utilise them to generate adversarial examples which can evade machine learning algorithms. By considering these adversarial examples during the training phase, we are able to improve the security of machine learning algorithms.