Research centres
Centre for Software Reliability
  1. News
  2. Staff
  3. Research
  4. Publications
  5. Courses
  6. Consultancy & Advisory Services
  7. Contact CSR
  1. Security
Software Reliability

Security

In this page we list the publications that CSR has produced in the area of security. Broadly our publications in this area fall into two categories: Quantitative assessment of security and security of critical systems

Quantitative assessment of security

  • Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Dobson, J., McDermid, J. & Gollmann, D. (1993). Towards operational measures of computer security. Journal of Computer Security, 2(3), pp. 211-229. Full text
  • Littlewood, B. & Strigini, L. (2004). Redundancy and diversity in security. COMPUTER SECURITY ESORICS 2004, PROCEEDINGS, 3193, pp. 423-438. ISSN 0302-9743. Full text
  • Gashi, I. & Bloomfield, R. E. (2008). Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems. Centre for Software Reliability, City University London. Full text
  • Bessani, A. N., Reiser, H. P., Sousa, P., Gashi, I., Stankovic, V., Distler, T., Kapitza, R., Daidone, A. & Obelheiro, R. R. (2008). FOREVER: Fault/intrusiOn REmoVal through Evolution & Recovery. Paper presented at the ACM/IFIP/USENIX Middleware '08 Conference. Full text
  • Bloomfield, R. E., Gashi, I., Povyakalo, A. A. & Stankovic, V. (2008). Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network. Paper presented at the 19th International Symposium on Software Reliability Engineering, 2008, 10 - 14 Nov 2008, Seattle, USA. Full text 
  • Gashi, I., Stankovic, V., Leita, C. & Thonnard, O. (2009). An Experimental Study of Diversity with Off-The-Shelf AntiVirus Engines. Paper presented at the Eighth IEEE International Symposium on Network Computing and Applications, 9 - 11 July 2009, Cambridge, MA, USA. Full text 
  • Stankovic, V., Bessani, A. N., Daidone, A., Gashi, I., Obelheiro, R. R. & Sousa, P. (2009). Enhancing Fault / Intrusion Tolerance through Design and Configuration Diversity. Paper presented at the 3rd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2009), Jun 2009, Estoril, Lisbon, Portugal. Full text
  • Garcia, M., Bessani, A. N., Gashi, I., Neves, N. & Obelheiro, R. R. (2011). OS diversity for intrusion tolerance: Myth or reality?. Paper presented at the 41st International Conference on Dependable Systems & Networks (DSN), 27 - 30 Jun 2011, Hong Kong. Full text
  • Stankovic, V., Bloomfield, R. E., Bishop, P. G. & Gashi, I. (2011). Diversity for Security: a Study with Off-The-Shelf AntiVirus Engines. Paper presented at the 21st International Symposium on Software Reliability Engineering (ISSRE 2011), Hiroshima, Japan. Full text
  • Gashi, I., Stankovic, V., Cukier, M. & Sobesto, B. (2012). Diversity with AntiVirus products: Additional empirical studies. Paper presented at the 42nd IEEE International Conference on Dependable Systems and Networks (DSN) 2012, 25 - 28 June 2012, Boston, USA. Full text
  • Gashi, I., Sobesto, B., Mason, S., Stankovic, V. & Cukier, M. (2013). A Study of the Relationship Between Antivirus Regressions and Label Changes. Paper presented at the IEEE International Symposium on Software Reliability Engineering, 4 - 7 Nov 2013, Pasadena, CA, US. Full text
  • Lugini, L., Marasco, E., Cukic, B. & Gashi, I. (2013). Interoperability in Fingerprint Recognition: A Large-Scale Empirical Study. Paper presented at the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2013), 24 - 27 June 2013, Budapest, Hungary. Full text
  • Cukier, M., Gashi, I., Sobesto, B. & Stankovic, V. (2013). Does Malware Detection Improve With Diverse AntiVirus Products? An Empirical Study. Paper presented at the 32nd International Conference on Computer Safety, Reliability and Security (SAFECOMP), 24- - 27 September 2013, Toulouse, France. Full text 
  • Garcia,M., Bessani, A.N., Gashi, I., Neves, N. & Obelheiro, R.R. (2013). Analysis of operating system diversity for intrusion tolerance.  Software: Practice and Experience, doi: 10.1002/spe.2180. Full text
  • Gashi, I., Mason, S., Lugini, L., Marasco, E. & Cukic, B. (2014). Interoperability between Fingerprint Biometric Systems: An Empirical Study. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23rd - 26th June 2014, Atlanta, GA, USA. Full text
  • Turkay, C., Mason, S., Gashi, I. & Cukic, B. (2014). Supporting Decision-making for Biometric System Deployment through Visual Analysis. Paper presented at the Reliability and Security Data Analysis (RSDA) Workshop, International Symposium on Software Reliability Engineering, 03-11-2014-06-11-2014, Naples, Italy Full text
  • Gashi, I., Mason, S., Lugini, L., Marasco, E. & Cukic, B. (2014). Interoperability between Fingerprint Biometric Systems: An Empirical Study. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23rd - 26th June 2014, Atlanta, GA, USA Full text
  • Algaith, A.Gashi, I., Sobesto, B., Cukier, M., Haxhijaha, S. and Bajrami, G. (2016). Comparing Detection Capabilities of AntiVirus Products: An Empirical Study with Different Versions of Products from the Same Vendors. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop. (pp. 48-53). IEEE. ISBN 978-1-5090-3688-2 Full Text
  • Algaith, A., Elia, I. A., Gashi, I. and Vieira, M. R. (2017). Diversity with Intrusion Detection Systems: An Empirical Study. In: 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA). . IEEE. ISBN 978-1-5386-1465-5 Full text
  • Movahedi, Y., Cukier, M., Andongabo, A. & Gashi, I. (2017). Cluster-based Vulnerability Assessment Applied to Operating Systems. Paper presented at the 13th European Dependable Computing Conference, 4-8 Sep 2017, Geneva, Switzerland Full text
  • Andongabo, A. & Gashi, I. (2017). vepRisk - A Web Based Analysis Tool for Public Security Data. Paper presented at the 13th European Dependable Computing Conference, 4-8 Sep 2017, Geneva, Switzerland Full text
  • Popov, P. T. (2017). Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks. doi: 10.1109/ISSRE.2017.23 ISSN 2332-6549 Full text
  • Marques, P., Dabbabi, Z., Mironesc, M-M, Thonnard, O., Bessan, A., Buontempo, F. and Gashi, I. (2018). Using Diverse Detectors for Detecting Malicious Web Scraping Activity. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 67-68. doi: 10.1109/DSN-W.2018.00033 Full text
  • Algaith, A., Nunes, P., Fonseca, J., Gashi, I. and Viera, M. (2018). Finding SQL Injection and Cross Site Scripting Vulnerabilities with Diverse Static Analysis Tools. In: 2018 14th European Dependable Computing Conference (EDCC). (pp. 57-64). IEEE. ISBN 978-1-5386-8060-5 Full text
  • Gashi, I. and Ul Asad, H. (2018). Diversity in Open Source Intrusion Detection Systems. In: Computer Safety, Reliability, and Security. SAFECOMP 2018. . Cham, Switzerland: Springer. ISBN 978-3-319-99129-0 Full text
  • Movahedi, Y., Cukier, M., Andongabo, A. and Gashi, I. (2018). Cluster-based Vulnerability Assessment of Operating Systems and Web Browsers. Computing, doi: 10.1007/s00607-018-0663-0 Full text
  • Howe, J. M. and Mereani, F. (2018). Detecting Cross-Site Scripting Attacks Using Machine Learning. Advances in Intelligent Systems and Computing, 723, doi: 10.1007/978-3-319-74690-6_20 Full text
  • Mohavedi, Y., Cukier, M. and Gashi, I. (2019). Vulnerability Prediction Capability: A Comparison between Vulnerability Discovery Models and Neural Network Models. Computers and Security, doi: 10.1016/j.cose.2019.101596  Full text
  • Movahedi, Y., Cukier, M. and Gashi, I. (2020). Predicting the Discovery Pattern of Publically Known Exploited Vulnerabilities. IEEE Transactions on Dependable and Secure Computing, doi: 10.1109/tdsc.2020.3014872 Full text
  • Alves, F., Andongabo, A, Gashi, I. , Ferreira, P. M. and Bessani, A. (2020). Follow the blue bird: A study on threat data published on Twitter. Paper presented at the 25th European Symposium on Research in Computer Security (ESORICS) 2020, 14-18 Sep 2020, Guildford, UK. Full text
  • Lysenko, S., Bobrovnikova, K., Popov, P. T. , Kharchenko, V. and Medzatyi, D. (2020). Spyware detection technique based on reinforcement learning. CEUR Workshop Proceedings, 2623, pp. 307-316. Full text
  • Fujdiak, R., Pokorny, J., Zobal, L., Popov, P. T.Stankovic, V. , Mlynek, P., Mrnustik, P., Blazek, P., Musil, P. and Misurec, J. (2020). Security and Performance Trade-offs for Data Distribution Service in Flying Ad-Hoc Networks. Paper presented at the The 11th Intenrational COngress on Ultr Modern Telecommunications and Control Systems, Dublin, Ireland, 28 - 30 October 2019. Full text
  • Hunt, S. and Sands, D. (2020). New Program Abstractions for Privacy. In: Di Pierro, A., Malacaria, A. and Nagarajan, P. (Eds.), From Lambda Calculus to Cybersecurity Through Program Analysis. . Springer. ISBN 9783030411022 Full text

Security of critical systems

  • Alberdi, E., Strigini, L., Leach, K., Ryan, P., Palanque, P. & Winckler, M. (2009). Gaining assurance in a voter-verifiable voting system. Paper presented at the 2009 Second International Conference on Dependability, 18 - 23 Jun 2009, Athens, Greece. Full text
  • Gashi, I., Bloomfield, R., Bloomfield, R. E. & Stroud, R. (2012). How secure is ERTMS?. Paper presented at the Workshop on Dependable and Secure Computing for Large-scale Complex Critical Infrastructures (DESEC4LCCI), 25 September 2012, Herrenkrug, Germany. Full text 
  • Stroud, R. & Gashi, I. (2012). Methodology for a security audit of ERTMS. Paper presented at the 42nd IEEE International Conference on Dependable Systems and Networks (DSN) 2012, 25 - 28 June 2012, Boston, USA. Full text
  • Strigini, L., Bloomfield, R. E., Paulitsch, M. & Reiger, R. (2012). Evidence-Based Security in Aerospace. From Safety to Security and Back Again. Paper presented at the 23rd International Symposium on Software Reliability Engineering (ISSRE 2012), Fast Abstracts Track, 26 - 29 Nov 2012, Dallas, Texas, USA. Full text 
  • Bloomfield, R. E., Netkachova, K. & Stroud, R. (2013). Security-Informed Safety: If it's not secure, it's not safe. Paper presented at the 5th International Workshop on Software Engineering for Resilient Systems (SERENE 2013), 03rd - 04th October 2013, Kiev, Ukraine. Full text 
  • Gashi, I., Povyakalo, A. A., Strigini, L., Matschnig, M, Hinterstoisser, T & Fischer, B (2014). Diversity for Safety and Security in Embedded Systems. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23-06-2014 - 26-06-2014, Atlanta, GA, USA. Full text
  • Popov, P. T. (2015). Stochastic Modeling of Safety and Security of the e-Motor, an ASIL-D Device. Paper presented at the 34th International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2015, 23-09-2015 - 25-09-2015, Delft University of Technology, Netherlands. Full text
  • Gashi, I., Povyakalo, A. A. & Strigini, L. (2016). Diversity, Safety and Security in Embedded Systems: modelling adversary effort and supply chain risks. Paper presented at the Proceedings of the 12th European Dependable Computing Conference, 5th - 9th September 2016, Gothenburg, Sweden Full text
  • Bloomfield, R. E.Popov, P. T.Salako, K.Stankovic, V. and Wright, D. (2017). Preliminary Interdependency Analysis: An Approach to Support Critical Infrastructure Risk Assessment. Reliability Engineering and System Safety, 167, pp. 198-217. doi: 10.1016/j.ress.2017.05.030 Full text
  • Favaro, J., Mazzini, S., Popov, P. T. and Strigini, L. (2018). AQUAS: A project to bridge the gaps between safety and security processes. Ada User Journal, 39(4), pp. 261-263. Full text
  • Netkachov, O.Popov, P. T. and Salako, K. (2019). Quantitative Evaluation of the Efficacy of Defence-in-Depth in Critical Infrastructures. In: Resilience of Cyber-Physical Systems. (pp. 89-121). Berlin, Germany: Springer International Publishing. ISBN 978-3-319-95597-1 Full text
  • Netkachov, O.Popov, P. T. and Salako, K. (2019). Quantitative Evaluation of the Efficacy of Defence-in-Depth in Critical Infrastructures. In: Resilience of Cyber-Physical Systems. (pp. 89-121). Berlin, Germany: Springer International Publishing. ISBN 978-3-319-95597-1 Full text