Professor Robin Bloomfield

Professor of System and Software Dependability

School of Science & Technology Department of Computer Science

Contact details

Address

Professor Robin Bloomfield A304E , College Building [A]
City, University of London
Northampton Square
London EC1V 0HB
United Kingdom

Personal links

Adelard

About
Research
Publications
Professional activities

About

Overview

Robin Bloomfield is Professor of Software and System Dependability at the City, University of London. His research interests are in the dependability (reliability, safety, security) of computer-based systems. His work in safety in the past 20 yrs has combined policy formulation, technical consulting and underpinning research. He is a founder member of the consultancy Adelard and prior to this he worked in industry for the UK electricity utility (CEGB) where he was concerned with the design and validation of the control and safety systems of nuclear power stations. The post is shared with Peter Bishop and he spends most of his time with the consultancy Adelard.

Professor Bloomfield attended St John's College, Cambridge and holds an MA in Natural Sciences from Cambridge University and is also a chartered engineer.

Prof Bloomfield has held a variety of professional and honorary posts. He was an independent member of the UK Nuclear Safety Advisory Group (NUSAC) before it was disbanded and in 2007 and was a member of the UK Cabinet Office Information Assurance Research and Co-ordination Group. He was the UK member of NATO Research Task on dual use technologies and co-chaired, for the EU, the 2007 Joint US-EU workshop on ICT-Enabled Critical Infrastructures and Interdependencies. Recently he has been a member of the UK Treasury Engineering Infrastructure and Interdependencies Expert Group that supported the revised UK Infrastructure Plans. He has been chairman of the European Workshop on Industrial Computer Systems (EWICS), and a long term member of the Safecomp programme committee.

Qualifications

MA (Cantab) Natural Sciences, University of Cambridge, United Kingdom, 1978

Employment

Professor, City, University London, 2011 – present
Head of Department, Centre for Software Reliability, City, University London, 2003 – 2011
Appointed Professor of System & Software Dependability, City, University London, 2000 – present
Founder, Adelard LLP, 1987 – present
Research Officer, Central Electricity Generating Board, 1976 – 1987

Fellowships

Fellow (FREng), Royal Academy of Engineering, Oct 2014 – present

Memberships of professional organisations

CEng Institute of Energy, Engineering Council, 1983 – present
ME, Institute of Energy, 1983 – present

Research

Research interests

• Safety and Assurance Cases and security informed safety
• Underpinning models for evaluating the trustworthiness of software based systems
• Security, resilience and critical infrastructure and interdependencies
• Setting policy and research agendas

- Conservative models of reliability prediction
- Development process modelling
- Industrial Liaison Director for DIRC

Publications

Publications by category

Chapter

Bishop, P., Bloomfield, R., Guerra, S. and Thuy, N. (2012). Safety justification frameworks: Integrating rule-based, goal-based and risk-informed approaches. (pp. 1283–1290). ISBN 978-1-62748-015-4.

Conference papers and proceedings (43)

Bloomfield, R., Butler, E., Guerra, S. and Netkachova, K. (2017). Security-informed safety: Integrating security within the safety demonstration of a smart device.
Bloomfield, R., Butler, E. and Netkachova, K. (2017). Assurance of open systems dependability: developing a framework for automotive security and safety. 6th Workshop on Open Systems Dependability Tokyo, Japan.
Bloomfield, R., Bendele, M., Bishop, P., Stroud, R. and Tonks, S. (2016). The Risk Assessment of ERTMS-Based Railway Systems from a Cyber Security Perspective: Methodology and Lessons Learned. doi:10.1007/978-3-319-33951-1_1
Bloomfield, R.E. and Parisaca-Vargas, A. (2015). Using Ontologies to Support Model-based Exploration of the Dependencies between Causes and Consequences of Hazards. 7th International Conference on Knowledge Engineering and Ontology Development 12-14 November, Lisbon, Portugal.
Netkachova, K., Muller, K., Paulitsch, M. and Bloomfield, R. (2015). Investigation into a layered approach to architecting security-informed safety cases. 2015 IEEE/AIAA 34th Digital Avionics Systems Conference (DASC) 13-17 September. doi:10.1109/dasc.2015.7311447
Netkachova, K., Muller, K., Paulitsch, M. and Bloomfield, R. (2015). A layered approach to architecting security-informed safety cases (applied to an avionics case study). 2015 IEEE/AIAA 34th Digital Avionics Systems Conference (DASC) 13-17 September. doi:10.1109/dasc.2015.7311611
Netkachova, K., Müller, K., Paulitsch, M. and Bloomfield, R. (2015). Security-Informed Safety Case Approach to Analysing MILS Systems. European Network of Excellence on High Performance and Embedded Architecture and Compilation (HiPEAC), International Workshop on MILS: Architecture and Assurance for Secure Systems 19-21 January, Amsterdam, The Netherlands.
Netkachova, K., Netkachov, O. and Bloomfield, R. (2015). Tool Support for Assurance Case Building Blocks. doi:10.1007/978-3-319-24249-1_6
Netkachova, K., Bloomfield, R., Popov, P. and Netkachov, O. (2015). Using Structured Assurance Case Approach to Analyse Security and Reliability of Critical Infrastructures. doi:10.1007/978-3-319-24249-1_30
Bloomfield, R. and Netkachova, K. (2014). Building Blocks for Assurance Cases. 2014 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW) 3-6 November. doi:10.1109/issrew.2014.72
Shittu, R., Healing, A., Ghanea-Hercock, R., Bloomfield, R. and Muttukrishnan, R. (2014). OutMet: A new metric for prioritising intrusion alerts using correlation and outlier analysis. 2014 IEEE 39th Conference on Local Computer Networks (LCN) 8-11 September. doi:10.1109/lcn.2014.6925787
Bishop, P.G., Bloomfiel, R.E. and Cyra, L. (2013). Combining Testing and Proof to Gain High Assurance in Software: a Case Study. (ISSRE 2013) IEEE International Symposium on Software Reliability Engineering 4-7 November, Pasadena, CA, USA.
Bloomfield, R.E., Netkachova, K. and Stroud, R. (2013). Security-Informed Safety: If it's not secure, it's not safe. 5th International Workshop on Software Engineering for Resilient Systems (SERENE 2013) 3-4 October, Kiev, Ukraine.
Olabelurin, A., Kallos, G., Xiang, Y., Bloomfield, R., Veluru, S. and Rajarajan, M. (2013). Time correlated anomaly detection based on inferences.
Strigini, L., Bloomfield, Robin, , Paulitsch, Michael, and Reiger, Rupert, (2012). Evidence-Based Security in Aerospace. From Safety to Security and Back Again. 23rd International Symposium on Software Reliability Engineering (ISSRE 2012), Fast Abstracts Track 26-29 November, Dallas, Texas, USA.
Gashi, I. (2012). How secure is ERTMS? Workshop on Dependable and Secure Computing for Large-scale Complex Critical Infrastructures (DESEC4LCCI) 25 September, Herrenkrug, Germany.
Bishop, P., Bloomfield, R., Gashi, I. and Stankovic, V. (2012). Diverse protection systems for improving
security: a study with AntiVirus engines.
Shittu, R., Healing, A., Bloomfield, R.E. and Rajarajan, M. (2012). Visual Analytic Agent-Based Framework for Intrusion Alert Analysis. doi:10.1109/CyberC.2012.41
Stankovic, V., Bloomfield, R., Bishop, P. and Gashi, I. (2011). Diversity for Security: a Study with Off-The-Shelf AntiVirus Engines. 21st International Symposium on Software Reliability Engineering (ISSRE 2011) Hiroshima, Japan.
Bloomfield, R. and Bishop, P. (2010). Safety and Assurance Cases: Past, Present and Possible Future - an Adelard Perspective. doi:10.1007/978-1-84996-086-1_4
(2010). Critical Information Infrastructures Security, 4th International Workshop, CRITIS 2009, Bonn, Germany, September 30 - October 2, 2009. Revised Papers.
Bloomfield, R.E., Chozos, N. and Salako, K. (2009). Current Capabilities, Requirements and a Proposed Strategy for Interdependency Analysis in the UK.
Bloomfield, R.E., Buzna, L., Popov, P.T., Salako, K. and Wright, D. (2009). Stochastic Modelling of the Effects of Interdependencies between Critical Infrastructure.
Dübendorfer, T. and Frei, S. (2009). Web Browser Security Update Effectiveness.
Bloomfield, R.E., Gashi, I., Povyakalo, A. and Stankovic, V. (2008). Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network. doi:10.1109/ISSRE.2008.62
Bloomfield, R.E., Littlewood, B. and Wright, D. (2007). Confidence: Its role in dependability cases for risk assessment. doi:10.1109/DSN.2007.29
Bloomfield, R.E., Masera, M., Miller, A., Saydjari, O.S. and Weinstock, C.B. (2007). Assurance Cases for Security: The Metrics Challenge. doi:10.1109/DSN.2007.18
Littlewood, B., Bloomfield, R., Popov, P., Povyakalo, A. and Strigini, L. (2004). The impact of ‘difficulty’ variation on the probability of coincident failure of diverse systems. International Conference on Control and Instrumentation in Nuclear Installations Liverpool.
Littlewood, B. and Bloomfield, R. (2004). On the use of diverse arguments to increase confidence in dependability claims. International Conference on Control and Instrumentation in Nuclear Installations.
Bishop, P.G. and Bloomfield, R.E. (2003). Using a Log-normal Failure Rate Distribution for Worst Case Bound Reliability Prediction. 14th IEEE International Symposium on Software Reliability Engineering (ISSRE 2003) 17-20 November, Denver, Colorado.
Bloomfield, R. and Littlewood, B. (2003). Multi-legged arguments: the impact of diversity upon confidence in dependability arguments. doi:10.1109/DSN.2003.1209913
Bishop, P., Bloomfield, R., Clement, T., Guerra, S. and Jones, C. (2003). Integrity static analysis of COTS/SOUP.
Bishop, P., Bloomfield, R., Clement, T. and Guerra, S. (2003). Software criticality analysis of COTS/SOUP. doi:10.1016/S0951-8320(03)00093-0
Bishop, P.G. and Bloomfield, R.E. (2002). Worst Case Reliability Prediction Based on a Prior Estimate of Residual Defects. Thirteenth International Symposium on Software Reliability Engineering (ISSRE '02) 12-15 November, Annapolis, Maryland.
Bloomfield, R.E. and Guerra, S. (2002). Process Modelling to Support Dependability Arguments. doi:10.1109/DSN.2002.1028892
Bishop, P.G., Bloomfield, R.E., Clement, T. and Guerra, S. (2002). Software Criticality Analysis of COTS/SOUP.
Bishop, P.G., Penny, J., Eaton, A. and Bloomfield, R. (2001). The Practicalities of Goal-Based Safety Regulation. Ninth Safety-Critical Systems Symposium 6-8 February, Bristol, UK.
Oussalah, M., Nguyen, H.T., Kreinovich, V., Bloomfield, R.E. and Newby, M. (2001). Theoretical foundation for iterative assessment of conditional confidence measures in the framework of conditional measure theoretic-approach.
Bloomfield, R.E., Craigen, D., Koob, F., Ullmann, M. and Wittmann, S. (2000). Formal Methods Diffusion: Past Lessons and Future Prospects.
Bishop, P.G. and Bloomfield, R.E. (1998). A Methodology for Safety Case Development. Safety-critical Systems Symposium 98 February, Birmingham, UK.
Bishop, P.G. and Bloomfield, R.E. (1995). The SHIP Safety Case - A Combination of System and Software Methods. 14th IFAC Conf. on Computer Safety, Reliability and Security (SafeComp95) 11-13 October, Belgirate, Italy.
(1988). VDM '88, VDM - The Way Ahead, 2nd VDM-Europe Symposium, Dublin, Ireland, September 11-16, 1988, Proceedings.
Bishop, P.G. and Bloomfield, R.E. A conservative theory for long term reliability growth prediction. ISSRE '96: 7th International Symposium on Software Reliability Engineering. doi:10.1109/issre.1996.558887

Journal articles (18)

Bloomfield, R., Khlaaf, H., Ryan Conmy, P. and Fletcher, G. (2019). Disruptive Innovations and Disruptive Assurance: Assuring Machine Learning and Autonomy. Computer, 52(9), pp. 82–89. doi:10.1109/mc.2019.2914775.
[publisher’s website]
Bloomfield, R., Bishop, P., Butler, E. and Stroud, R. (2018). Security-Informed Safety: Supporting Stakeholders with Codes of Practice. Computer, 51(8), pp. 60–65. doi:10.1109/mc.2018.3191260.
[publisher’s website]
Bloomfield, R.E., Popov, P., Salako, K., Stankovic, V. and Wright, D. (2017). Preliminary interdependency analysis: An approach to support critical-infrastructure risk-assessment. Reliability Engineering & System Safety, 167, pp. 198–217. doi:10.1016/j.ress.2017.05.030.
[publisher’s website]
Netkachova, K. and Bloomfield, R. (2017). Is Chocolate Good for You—or, Is the Cloud Secure? Computer, 50(8), pp. 74–78. doi:10.1109/mc.2017.3001250.
[publisher’s website]
Bloomfield, R., Bishop, P., Butler, E. and Netkachova, K. (2017). Using an Assurance Case Framework to Develop Security Strategy and Policies. pp. 27–38. doi:10.1007/978-3-319-66284-8_3.
[publisher’s website]
Netkachova, K. and Bloomfield, R.E. (2016). Security-Informed Safety. Computer, 49(6), pp. 98–102. doi:10.1109/mc.2016.158.
[publisher’s website]
Shittu, R., Healing, A., Ghanea-Hercock, R., Bloomfield, R. and Rajarajan, M. (2015). Intrusion alert prioritisation and attack detection using post-correlation analysis. Computers & Security, 50, pp. 1–15. doi:10.1016/j.cose.2014.12.003.
[publisher’s website]
Bishop, P., Bloomfield, R., Littlewood, B., Popov, P., Povyakalo, A. and Strigini, L. (2014). A conservative bound for the probability of failure of a 1-out-of-2 protection system with one hardware-only and one software-based protection train. Reliability Engineering & System Safety, 130, pp. 61–68. doi:10.1016/j.ress.2014.04.002.
[publisher’s website]
Bloomfield, R.E. (2012). Are Things Getting Worse? IEEE Security & Privacy, 10, pp. 3–3. doi:10.1109/MSP.2012.115.
Littlewood, B., Bishop, P., Bloomfield, R., Povyakalo, A. and Wright, D. (2011). Towards a formalism for conservative claims about the dependability of software-based systems. IEEE Transactions on Software Engineering. doi:10.1109/TSE.2010.67.
Bloomfield, R.E. (2011). Evaluating resilience of multiple infrastructures: Some initial challenges. Proceedings - 5th Latin-American Symposium on Dependable Computing Workshops, LADCW 2011 pp. 39–40. doi:10.1109/LADCW.2011.22.
Bloomfield, R.E. (2011). Resilient to the unexpected. IEEE Security and Privacy, 9(3), pp. 3–4. doi:10.1109/MSP.2011.62.
Guerra, S., Bishop, P., Bloomfield, R. and Sheridan, D. (2010). Assessment and qualification of smart sensors. 7th International Topical Meeting on Nuclear Plant Instrumentation, Control, and Human-Machine Interface Technologies 2010, NPIC and HMIT 2010, 1, pp. 499–510.
Bloomfield, R.E., Guerra, S., Masera, M., Miller, A. and Weinstock, C.B. (2006). International working group on assurance cases (for security). IEEE SECURITY & PRIVACY, 4(3), pp. 66–68. doi:10.1109/MSP.2006.73.
Bishop, P., Bloomfield, R., Guerra, S. and Tourlas, K. (2005). Justification of smart sensors for nuclear applications. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3688 LNCS, pp. 194–207. doi:10.1007/11563228_15.
Bloomfield, R., Courtois, P.J., Littlewood, B., Strigini, L., Yih, S. and Fan, C.F. (2002). Letter to the editor [1] (multiple letters). Nuclear Engineering International, 47(570), p. 11.
Bishop, P. and Bloomfield, R. (1996). A conservative theory for long-term reliability-growth prediction [of software]. IEEE Transactions on Reliability, 45(4), pp. 550–560. doi:10.1109/24.556578.
[publisher’s website]
Bloomfield, R.E. and Froome, P.K.D. (1986). The Application of Formal Methods to the Assessment of High Integrity Software. IEEE Trans. Software Eng., 12, pp. 988–993. doi:10.1109/TSE.1986.6313053.

Reports (10)

Bloomfield, R., Rushby, J. and Bloomfield, R. (2022). Assessing Confidence with Assurance 2.0. arxiv: arxiv.
Bloomfield, R., Fletcher, G., Khlaaf, H., Ryan, P., Kinoshita, S., Kinoshit, Y. … Tsutake, Y. (2020). Towards Identifying and closing Gaps in Assurance of autonomous Road
vehicleS -- a collection of Technical Notes Part 2..
Bloomfield, R., Fletcher, G., Khlaaf, H., Ryan, P., Kinoshita, S., Kinoshit, Y. … Tsutake, Y. (2020). Towards Identifying and closing Gaps in Assurance of autonomous Road
vehicleS -- a collection of Technical Notes Part 1..
Bloomfield, R.E. (2012). ERTMS Specification Security Audit, Analysis of Attack Scenarios. The European Railway Traffic Management System (ERTMS).
Bloomfield, R, , Chozos, N., , Popov, P.T., Stankovic, V., , Wright, D, and Howell-Morris, R, (2010). Preliminary Interdependency Analysis (PIA): Method and tool support..
Gashi, I. and Bloomfield, R.E. (2008). Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems. City University London.
Bishop, P.G., Bloomfield, R.E., Emmet, L.O., Johnson, C., Black, W., Hamilton, V. … Koorneef, F. (2003). Learning from incidents involving E/E/PE systems, Part 1: Review of methods and industry practice. http://www.hse.gov.uk/research/rrhtm/rr179.htm. ISBN 0-7176-2787-X.
Bishop, P.G., Jones, C.C.M., Bloomfield, R.E. and Froome, P.K.D. (2001). Methods for assessing the safety integrity of safety-related software of uncertain pedigree (SOUP).. ISBN 0-7176-2011-5.
Bloomfield, R.E. and Wetherilt, A. Computer trading and systemic risk: a nuclear perspective. London, UK: Government Office for Science.
Bishop, P.G., Bloomfield, R.E. and Froome, P.K.D. Justifying the use of software of uncertain pedigree (SOUP) in safety-related applications. May 2001. ISBN 0-7176-2010-7.

Working paper

Bloomfield, R. and Rushby, J. (2020). Assurance 2.0: A Manifesto.

Professional activities

Editorial activity

I am an Associate Editor-in-Chief of the IEEE Security and Privacy magazine http://www.computer.org/portal/web/computingnow/securityandprivacy.

Keynote lecture/speech

The open challenge of security. Pasadena, CA, USA (2013). Keynote speaker at The 3rd International Workshop on Open Systems Dependability: Adaptation to Changing World at the 24th IEEE International Symposium on Software Reliability Engineering (ISSRE), Pasadena, CA, USA Nov 2013

Other

In 2013 I was called to give evidence to the Parliamentary Commission on Banking Standards following my wok on systemic risk and computer based trading..