|Date / Time||Title||Room|
|13 June 2018 at 15:00|
Speaker: Assoc. Prof Ludovic Apvrille, LabSoC.
Title:SysML-Sec: A Model-Driven Approach for Designing Safe and Secure Embedded Systems
Abstract: The presence of communicating embedded systems/IoTs in our daily lives have brought a myriad of benefits, from adding conveniences and entertainment, to improving the safety of our commutes and healthcare.
However, the flaws and vulnerabilities in these devices expose their users to risks of property damage, monetary losses, and personal injury.
Various safety and security mechanisms for embedded systems, especially connected vehicles, have been proposed. To select and place these mechanisms correctly require methods of analysing and verifying that the system meets all safety, security, and performance requirements, preferably at the early design phases to minimize costly re-work after production. This talk will discuss the safety and security considerations for embedded systems based on the SysML-Sec Model-Driven Engineering approach.
Basically, the SysML-Sec approach covers the following embedded systems development phases: requirements, attack and fault trees, HW/SW partitioning and software design. The talk will cover all phases with a focus on the partitioning stage.
SysML-Sec is supported with the free and open source toolkit TTool.
A live demonstration of the main concepts will be performed.
Short Biography: Ludovic Apvrille obtained his M.Sc. in Computer Science, Network and Distributed Systems specialization in 1998 from ENSEIRB and ISAE. He then completed a Ph.D. in 2002, in the Department of Applied Mathematics and Computer Science at ISAE, in collaboration with LAAS-CNRS and Alcatel Space Industries (now, Thalès Alenia Space). After a postdoctoral term at Concordia University (Canada), he joined LabSoc in 2003 as an assistant professor at Telecom ParisTech, in the Communication and Electronics department. He obtained his HDR (Habilitation à Diriger les Recherches) in 2012. His research interests focus on tools and methods for the modelling and verification of embedded systems and Systems-on-Chip. Verification techniques target both safety and security properties. He's the inventor and the main contributor of the open-source UML/SysML toolkit named TTool. He's the team leader of the LabSoC.
29 January 2018
Speaker: Ass. Prof Barbara Gallina, Mälardalen University, Sweden
Title: How to increase efficiency with the certification of process compliance
Abstract: Certification as well as self-assessment of safety-critical systems is an expensive and time-consuming activity due to the necessity of providing numerous deliverables. These deliverables can be process-related or product-related. Process-related deliverables are aimed at showing compliance with normative documents (e.g.,safety standards), which impose specific requirements on the development process (e.g., reference models for the safety life-cycles). In this talk, we limit our attention to process-related deliverables and we propose possible solutions aimed at reducing time and cost related to their provision.
Short Biography: Barbara Gallina is Associate Professor of Dependable Software Engineering at Mälardalen University. Currently, she is Vice-chair of the security subgourp within EWICS and member of IEEE SMC Technical Committee on Homeland Security (TCHS). Within AMASS, a large EU-ECSEL funded project, she is playing various roles: technical manager at the global level, work package leader, task leader, and land coordinator. She was also the leader of the dependability-related work packages in the EU-Artemis funded SafeCer and CONCERTO projects. She has been visiting researcher at Scania AB, via the SSF-SM14-0013 grant. She has been member of several program committees related to dependability such as SafeComp, ISSRE, EDCC, COMPSAC, QUORS, WoSoCER, SASSUR, ReSACI, ISSA.
She got a M.Sc. in Computer Engineering and a II-level Master in IT, both from Politecnico di Milano (Italy). She got her PhD in Computer Science from the University of Luxembourg (Luxembourg).
Barbara Gallina' research interests focus on various aspects of dependable (software) systems engineering and certification. More specifically, she is interested in developing languages, methods, and processes for: 1) modelling, analysis, justification and certification of complex (computer-based) systems, 2) systematic reuse of certification artifacts (product, process, assurance case-related evidence), 3) multi-concern assurance, 4) continuous certification via tool integration, 5) compliance management 6) certification-related evidence engineering (immediate, direct, and indirect) 7) safety culture.
13 July 2017
Speaker: Dr Roberto Pietrantuono, Federico II University of Naples, Italy
Title: Testing for software reliability assessment and improvement
Abstract: Testing software efficiently for reliability improvement and/or assessment is an as much old and studied topic as a still open and tricky challenge. It is related to the ability of appropriately designing testing strategies to get the best result (in terms of delivered reliability or of accurate reliability estimate) at low cost.
Conventional techniques are based on the operational profile (a.k.a. operational testing) and on software reliability growth models (SRGMs). Although these are pillars of software reliability engineering, they suffer from serious limitations related to the assumptions they rely on, but also related to their inherent inability to cope with ultra-reliable systems.
The seminar surveys some of the fundamental issues of reliability testing. It then presents practical policies to allocate testing effort optimally from the reliability perspective, and to design new sampling-based strategies for efficient test cases selection.
Short Biography: Roberto Pietrantuono, Ph.D., IEEE Senior Member, is a postdoctoral research fellow at the Federico II University of Naples, Italy, where he works with the Dependable Systems Software Engineering Research Team (DESSERT, www.dessert.unina.it).
He received the MS degree in computer engineering in 2006, and the PhD in computer and automation engineering in 2009, both from the Federico II University of Naples. In 2011, he co-founded the Critiware spin-off company (www.critiware.com), an innovative startup active in the field of quality assurance of critical software systems. He has been research fellow at CINI, the Italian inter-university consortium for informatics, working in national and European projects (ICEBERG - http://www.iceberg-sqa.eu/; TENACE - www.dis.uniroma1.it/~tenace/ ; the COSMIC public-private laboratory with Leonardo Finmeccanica).
His main interests are in the area of software quality, software reliability and V&V for critical systems.
|30 June 2017|
13:00 - 14:00
Speaker: Prof Kishor S. Trivedi, Duke University, North Carolina, USA
Title: Reliability and Availability Modeling in Practice
Abstract: High reliability and availability is a requirement for most technical systems. Reliability and availability assurance methods based on probabilistic models is the topic being addressed in this seminar. Non-state-space solution methods are often used to solve models based on reliability block diagrams, fault trees and reliability graphs. Relatively efficient algorithms are known to handle systems with hundreds of components and have been implemented in many software packages. Nevertheless, many practical problems cannot be handled by such algorithms. Bounding algorithms are then used in such cases as was done for a major subsystem of Boeing 787. Non-state-space methods derive their efficiency from the independence assumption that is often violated in practice. State space methods based on Markov chains, stochastic Petri nets, semi-Markov and Markov regenerative processes can be used to model various kinds of dependencies among system components. However, the resulting state space explosion severely restricts the size of the problem that can be solved. Hierarchical and fixed-point iterative methods provide a scalable alternative that combines the strengths of state space and non-state-space methods and have been extensively used to solve real-life problems. We will take a journey through these model types via interesting real-world examples.
Short Biography: Kishor Trivedi holds the Hudson Chair in the Department of Electrical and Computer Engineering at Duke University, Durham, NC. He has a B. Tech (EE, 1968) from IIT Mumbai, M.S. (CS, 1972) and PhD (CS, 1974) from the University of Illinois, Urbana-Champaign. He has been on the Duke faculty since 1975. He is the author of a well-known text entitled, Probability and Statistics with Reliability, Queuing and Computer Science Applications, first published by Prentice-Hall; a thoroughly revised second edition (including its Indian edition) of this book has been published by John Wiley. This book has been recently translated into Chinese. He is a Life Fellow of the Institute of Electrical and Electronics Engineers. He has published over 500 articles and has supervised 46 Ph.D. dissertations. He is the recipient of IEEE Computer Society Technical Achievement Award for his research on Software Aging and Rejuvenation.
|7 April 2017|
12:00 - 13:00
Speaker: Ken Keefe
Short Bio: Ken Keefe is a Senior Software Engineer at the Information Trust Institute at the University of Illinois at Urbana-Champaign. Ken has been studying stochastic models for security and reliability analysis and building tools to understand these models at ITI for the past decade.
|28 March 2017|
13:00 - 14:00
Speaker: Prof Wolter
Short Bio: Prof Wolter is Professor at Freie Universität Berlin. She is the head of the Dependable Systems Group. Their field of research is adaptive and resilient distributed computing systems using stochastic models and online versions of machine learning techniques. She is interested in measuring and evaluating dependability, performance, and security of complex computing systems, with a particular focus on timing behaviour. Within their group they employ a broad range of assessment and evaluation techniques for computing systems and networks, ranging from fault-injection test-beds to simulation and analytical techniques. They develop efficient and accurate modelling and evaluation techniques, applying e.g. Phase-Type distributions in fault-modelling for fault-injection experiments and hybrid discrete-event simulation. They study a large variety of systems, including wireless networks, mobile telephony networks, service-oriented systems, and Computing Clouds.
|12 May 2016|
14:30 - 16:30
Speaker: Patrick Rubin-Delanchy
Short Bio: Patrick Rubin-Delanchy obtained a PhD in Statistics from Imperial College London in 2008. Since November 2015, he has held a Heilbronn Research fellowship at the University of Oxford, in the department of Statistics. His research focuses on Bayesian modelling of complex data structures, particularly point processes, networks, and Big Data, with applications in cyber-security, biophysics, and more.
|28 April 2016|
16:00 - 17:30
Speaker: Marco Vieira
Short Bio: Marco Vieira is an Associate Professor at the University of Coimbra (UC) and is the Director of the Center for Informatics and Systems of the University of Coimbra (CISUC). Marco’s research focuses mainly in the area of dependable and secure systems, namely in benchmarking and experimental assessment of security and dependability attributes. His research interests also include failure prediction, evaluation and improvement of software robustness, fault injection, database systems and software development processes. Marco Vieira has published more than 150 papers in international conferences and journals with peer reviewing process, and has served on the program committee of the major conferences on the dependability area. Currently, he is the coordinator of the DEVASSES (FP7 IRSES) and EUBrasilCloudFORUM (H2020 CSA) projects and the Principal Investigator at the University of Coimbra for the CECRIS (FP7 IAPP) and EUBra-BIGSEA (H2020 RIA) projects.
|10 December 2015|
13:00 - 14:00
Speaker: Prof Ricardo Jimenez-Peris
|26 November 2015|
|Speaker: Juan Tapiador|
Title: Fencing Off Apps for Fun and Hygiene
Abstract: Some smartphone platforms such as Android have a distinctive message passing system that allows for sophisticated interactions among app components, both within and across app boundaries. This gives rise to various security and privacy risks, including not only intentional collusion attacks via permission re-delegation but also inadvertent disclosure of information and service misuse through confused deputy attacks. In this talk, we first revisit the perils of app coexistence in the same platform and provide an overview of recent efforts to extend static and dynamic information flow analysis techniques to the case of app sets. We then introduce a mitigation mechanism based on segregating apps into isolated groups following classical security compartmentalization principles. Compartments can be implemented using lightweight approaches such as Inter-Component Communication (ICC) firewalling or through virtualization, effectively fencing off each subset of apps. We then leverage recent works on quantified risk metrics for Android apps to couch compartmentalization as a combinatorial optimization problem akin to the classical bin packing or knapsack problems. We study a number of simple yet effective numerical optimization heuristics, showing that very good compartmentalization solutions can be obtained for the problem sizes expected in current's mobile environments.
Short Bio: Juan Tapiador is Associate Professor of Computer Science in the Computer Security (COSEC) Lab at Universidad Carlos III de Madrid, Spain. He obtained a B.Sc. in Computer Science in 2000 from the University of Granada, and then a Ph.D in 2004 from the same university with a dissertation on statistical anomaly detection for network security. Prior to joining UC3M, he worked at the University of York, UK, mainly funded by the ITA project, a joint effort between the UK Ministry of Defence and the US Army Research Lab led by IBM. His main research interests are in computer/network security and applied cryptography. For further information please see: http://www.seg.inf.uc3m.es/~jet
|29 October 2015|
|Speaker: Dr Dong Seong Kim|
Title: Graphical Security Models and Their Applications
Abstract: Graphical security models can be used to assess the network security. Purely graph based (e.g., Attack Graphs) security models have a state-space explosion problem. Tree-based models (e.g., Attack Trees) cannot capture the path information explicitly. In this talk, we introduce hierarchical attack representation models (HARM) to deal with the above mentioned issues. The main idea is to separate the network topology information (in the upper level) from the vulnerability information of each host (in the lower level). We show how the HARM can be used to assess the cyber security of networked systems using security metrics. We also present how the HARM with other methods to evaluate the effectiveness of Moving Target Defenses. Finally, research revenues in the graphical security modeling and assessment will be discussed.
Short Bio: Dong-Seong “Dan” Kim is a Lecturer (softly equivalent to an assistant professor in the US, but permanent position) in Cyber Security in the Department of Computer Science and Software Engineering at the University of Canterbury, Christchurch, New Zealand since August 2011. He received Ph.D. degree in Computer Engineering from Korea Aerospace University, South Korea in February 2008. He was a visiting scholar at the University of Maryland, College Park, Maryland, U.S.A. during the year of 2007 in Prof. Virgil D. Gligor (Former ACM SIGSAC chair, currently co-director of CyLab at Carnegie Mellon University) Research Group. From June 2008 to July 2011, he was a postdoc at Duke University, Durham, NC, USA in Prof. Kishor S. Trivedi (IEEE fellow)’s Research Group (http://dhaal.ee.duke.edu/). His research interests are in security and dependability for systems and networks; in particular, Intrusion Detection using Data Mining Techniques, Security and Survivability for Wireless Ad Hoc and Sensor Networks and Internet of Things, Availability and Security modeling and analysis of Cloud computing, and Reliability and Resilience modeling and analysis of Smart Grid. More information is at http://cosc.canterbury.ac.nz/dongseong.kim
|23 October 2015|
Speaker: John Knight
|7 October 2015|
12.30 - 14.00
Speaker: Dr Rasha Osman
This talk will overview the contribution of the performance engineering community to modelling and analysing the performance of database systems. We will start with a taxonomy of queueing network models of database systems and look into the accuracy of the modelling assumptions used in these studies in comparison to real database systems and workloads. An overview of our current contributions in modelling relational database systems and cloud datastores will be presented.
Bio: Rasha Osman is a post-doctoral research associate at the Department of Computing, Imperial College London, which she joined in 2011. She obtained a B.Sc. in Computer Science with Honours in 1995 and an M.Sc. in Computer Science in 2001 both from the Faculty of Mathematical Sciences, University of Khartoum, Sudan. After her studies she worked as a lecturer and a software developer in Sudan for 10 years. She completed her Ph.D. in Software Performance Engineering in 2010 at the University of Bradford, UK. Her main interests are in performance modelling and evaluation of database/datastore systems for real-time decision making, specifically in autonomous DBMSs and cloud datastores. She is a Fellow of the Higher Education Academy (UK), Senior Member of the IEEE & Member of the ACM.
|25 June 2015|
4.30 - 5.30
Speaker: Alysson Bessani
Bio: Alysson Bessani is a Assistant Professor of the Department of Informatics of the University of Lisbon Faculty of Sciences, Portugal, since 2007 and a member of LASIGE/Navigators research team since 2006. He received his B.S. degree in Computer Science from Maringá State University, Brazil in 2001, the MSc and PhD in Electrical Engineering from Santa Catarina Federal University (UFSC), Brazil in 2002 and 2006, respectively. He spent a semester as a visiting professor in Carnegie Mellow University (2010) and as a visiting researcher in Microsoft Research Cambridge (2014). Alysson participated in nine international projects and has more than 100 peer-reviewed publications. More information about him can be found here.
|15 April 2015|
1 - 2pm
Speaker: Dr Marcin Wójcik, U. Bristol
Bio: Dr Marcin Wójcik is currently a Research Assistant in Applied Mobile Security at Bristol University. He obtained his PhD from the Bristol University in 2014. Prior to this, he completed BSc and MSc degrees in Telecommunications as well as an MSc degree in Mathematics, all at Warsaw University of Technology in Poland. From 2006 to 2009 he worked as a Cryptography Specialist, with a remit including design and implementation of secure FPGA-based systems for telecommunications; he was also a member of one of the NATO's security project working groups. During his PhD studies, Dr Wójcik completed a 3 month internship at the Intel R&D center in Ireland, working on applications of Physical Unclonable Functions (PUFs). His major research interests include side-channel attacks, PUFs, implementation of cryptography, and embedded and network system security.
|30 March 2015|
|Speaker: Prof Peter Ryan|
Title: "E2E Verifiable Voting Schemes, Theory to Practice"
Democracy, in particular the conduct of elections faces major challenges. Rarely a day goes past without reports of contested elections somewhere in the world. Traditional ways of conducting elections are often thrown into doubt, see for example the "Where is my Vote?" campaign in Iran. Attempts to introduce technological approaches to voting are also highly controversial, see for example the US, the Netherlands, etc. Over the past few decades cryptographers and information security experts have turned their attention to this topic. The challenge is to reconcile the conflicting requirements of assurance of accuracy on the one hand and ballot privacy on the other. Modern cryptography has enabled the remarkable new notion of "end-to-end verifiability" as a way to allow voters to confirm that their vote is accurately included in the tally while not revealing to a third party how they voted.
In this talk I will present a brief history of progress in his field and describe how such schemes are making it out of the lab into the real world, I will focus primarily on the Prèt à Voter scheme and the experiences of its deployment in the state elections in Victoria State Australia.
|25 March 2015|
Speaker: Dr Peter Popov
Title: "Modelling Critical Infrastructures (CIs) resilience"
joint Department of Computer Science/CSR seminar
Resilience of critical infrastructures is of paramount importance for society. In the last decade the landscape of critical infrastructures has changed significantly and new challenges have emerged due to various factors, e.g. deregulation and the increased deployment of “smart” technologies. The main challenges have been interdependence between infrastructures and more recently cyber security.
-A decade ago interdependence between critical infrastructures has been recognised as a serious challenge in achieving resilience of critical infrastructures. Many discussed the issue qualitatively, but little has been done to date to quantify interdependences and their impact on resilience. I will present briefly the approach developed at CSR for stochastic interdependency modelling, the tool support for building hybrid models quickly to help with the studies and will show some of the interesting results obtained over the last few years.
-Very recently interdependency modelling has been extended to address cyber threats specific for industrial control systems (ICS). I will illustrate this work with very recent results – comparison of the impact of different cyber attacks on a non-trivial case study: a power transmission network (NORDIC32) extended with a SCADA network and sub-stations compliant with IEC 615850. The model of this power system captures measurements, protection and control functions and the functional dependencies between the modelled elements (e.g. due to power flows or unavailability of the equipment used for measurement and control). Different models of an Adversary can be added to the system model and thus a range of studies (via Monte Carlo simulation) can be undertaken to compare the impact of different attacks on the modelled cyber-physical system.
The talk is a compilation from 2 presentations I delivered recently: at the IFIP Working Group 10.4 meeting in Amicalola Falls (Georgia, USA) in June 2014, and at the 9th International Conference on Critical Information Infrastructures Security (CRITIS’2014), in October 2014.
I hope the talk may trigger interest from other research centres and groups.
|13 March 2015|
|Speaker: Ian Mann|
Title: "Hacking the human - The adventures of a social engineer"
Abstract: Exploring the strategies and techniques involved in hacking people as part of information security breaches.
|25 Feb 2015|
|Speaker: Prof Lorenzo Strigini|
Title: Assessment techniques, certification and [what else we need for] confidence in software
joint department/CSR seminar.
Software is used in applications where its failures may cause very serious harm. The most recent reminder is the finding of a jury against Toyota, suggesting that defective software in their cars may have killed tens of people. To avoid these and worse consequences, the software used in many industrial sectors is subject to regulation and/or "certification". How effective these practices really are, and how to make them more effective, is a subject of vigorous debate and of research in which we at CSR have been active for a long time.
I will give some background on standards and practices for safety-critical software, and then discuss the open problems and the ways forward, along the lines of an invited talk I gave at the 2014 International Symposium on Software Reliability Engineering and was received well. I think these "big picture" issues matter not only for that specialised audience but for most engineers and computer scientist.
Certification of software may play multiple roles, both intended and unintended, and both beneficial and damaging. Some of these roles are unrelated to what the name "certification" is about, i.e., creating certainties; for those that are related to it, we should usually talk about creating confidence rather than certainty. With an eye on this socio-technical landscape, this talk will attempt a map of the logical links between the evidence collected through assessment practices and the confidence in reliability, safety or security that users wish to derive from the evidence. Central issues are the links between deterministic and probabilistic claims, their scopes of validity, and the evidence behind them. Probing these links raises useful questions about unstated assumptions, possible means for giving confidence more solid bases, and how these could affect the practice of certification.
|15 Jan 2015|
|Speaker: Prof John Rushby|
Title: "On Assurances Cases" as part of the School's Cyber Security meeting.
|5 Nov 2014|
|Speaker: Dr Eugenio Alberdi|
Title: Computer Induced Human Error: Beyond 'Complacency'
joint department/CSR seminar.