Security
In this page we list the publications that CSR has produced in the area of security. Broadly our publications in this area fall into two categories: Quantitative assessment of security and security of critical systems
Quantitative assessment of security
- Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Dobson, J., McDermid, J. & Gollmann, D. (1993). Towards operational measures of computer security. Journal of Computer Security, 2(3), pp. 211-229. Full text
- Littlewood, B. & Strigini, L. (2004). Redundancy and diversity in security. COMPUTER SECURITY ESORICS 2004, PROCEEDINGS, 3193, pp. 423-438. ISSN 0302-9743. Full text
- Gashi, I. & Bloomfield, R. E. (2008). Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems. Centre for Software Reliability, City University London. Full text
- Bessani, A. N., Reiser, H. P., Sousa, P., Gashi, I., Stankovic, V., Distler, T., Kapitza, R., Daidone, A. & Obelheiro, R. R. (2008). FOREVER: Fault/intrusiOn REmoVal through Evolution & Recovery. Paper presented at the ACM/IFIP/USENIX Middleware '08 Conference. Full text
- Bloomfield, R. E., Gashi, I., Povyakalo, A. A. & Stankovic, V. (2008). Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network. Paper presented at the 19th International Symposium on Software Reliability Engineering, 2008, 10 - 14 Nov 2008, Seattle, USA. Full text
- Gashi, I., Stankovic, V., Leita, C. & Thonnard, O. (2009). An Experimental Study of Diversity with Off-The-Shelf AntiVirus Engines. Paper presented at the Eighth IEEE International Symposium on Network Computing and Applications, 9 - 11 July 2009, Cambridge, MA, USA. Full text
- Stankovic, V., Bessani, A. N., Daidone, A., Gashi, I., Obelheiro, R. R. & Sousa, P. (2009). Enhancing Fault / Intrusion Tolerance through Design and Configuration Diversity. Paper presented at the 3rd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2009), Jun 2009, Estoril, Lisbon, Portugal. Full text
- Garcia, M., Bessani, A. N., Gashi, I., Neves, N. & Obelheiro, R. R. (2011). OS diversity for intrusion tolerance: Myth or reality?. Paper presented at the 41st International Conference on Dependable Systems & Networks (DSN), 27 - 30 Jun 2011, Hong Kong. Full text
- Stankovic, V., Bloomfield, R. E., Bishop, P. G. & Gashi, I. (2011). Diversity for Security: a Study with Off-The-Shelf AntiVirus Engines. Paper presented at the 21st International Symposium on Software Reliability Engineering (ISSRE 2011), Hiroshima, Japan. Full text
- Gashi, I., Stankovic, V., Cukier, M. & Sobesto, B. (2012). Diversity with AntiVirus products: Additional empirical studies. Paper presented at the 42nd IEEE International Conference on Dependable Systems and Networks (DSN) 2012, 25 - 28 June 2012, Boston, USA. Full text
- Gashi, I., Sobesto, B., Mason, S., Stankovic, V. & Cukier, M. (2013). A Study of the Relationship Between Antivirus Regressions and Label Changes. Paper presented at the IEEE International Symposium on Software Reliability Engineering, 4 - 7 Nov 2013, Pasadena, CA, US. Full text
- Lugini, L., Marasco, E., Cukic, B. & Gashi, I. (2013). Interoperability in Fingerprint Recognition: A Large-Scale Empirical Study. Paper presented at the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2013), 24 - 27 June 2013, Budapest, Hungary. Full text
- Cukier, M., Gashi, I., Sobesto, B. & Stankovic, V. (2013). Does Malware Detection Improve With Diverse AntiVirus Products? An Empirical Study. Paper presented at the 32nd International Conference on Computer Safety, Reliability and Security (SAFECOMP), 24- - 27 September 2013, Toulouse, France. Full text
- Garcia,M., Bessani, A.N., Gashi, I., Neves, N. & Obelheiro, R.R. (2013). Analysis of operating system diversity for intrusion tolerance. Software: Practice and Experience, doi: 10.1002/spe.2180. Full text
- Gashi, I., Mason, S., Lugini, L., Marasco, E. & Cukic, B. (2014). Interoperability between Fingerprint Biometric Systems: An Empirical Study. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23rd - 26th June 2014, Atlanta, GA, USA. Full text
- Turkay, C., Mason, S., Gashi, I. & Cukic, B. (2014). Supporting Decision-making for Biometric System Deployment through Visual Analysis. Paper presented at the Reliability and Security Data Analysis (RSDA) Workshop, International Symposium on Software Reliability Engineering, 03-11-2014-06-11-2014, Naples, Italy Full text
- Gashi, I., Mason, S., Lugini, L., Marasco, E. & Cukic, B. (2014). Interoperability between Fingerprint Biometric Systems: An Empirical Study. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23rd - 26th June 2014, Atlanta, GA, USA Full text
- Algaith, A., Gashi, I., Sobesto, B., Cukier, M., Haxhijaha, S. and Bajrami, G. (2016). Comparing Detection Capabilities of AntiVirus Products: An Empirical Study with Different Versions of Products from the Same Vendors. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop. (pp. 48-53). IEEE. ISBN 978-1-5090-3688-2 Full Text
- Algaith, A., Elia, I. A., Gashi, I. and Vieira, M. R. (2017). Diversity with Intrusion Detection Systems: An Empirical Study. In: 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA). . IEEE. ISBN 978-1-5386-1465-5 Full text
- Movahedi, Y., Cukier, M., Andongabo, A. & Gashi, I. (2017). Cluster-based Vulnerability Assessment Applied to Operating Systems. Paper presented at the 13th European Dependable Computing Conference, 4-8 Sep 2017, Geneva, Switzerland Full text
- Andongabo, A. & Gashi, I. (2017). vepRisk - A Web Based Analysis Tool for Public Security Data. Paper presented at the 13th European Dependable Computing Conference, 4-8 Sep 2017, Geneva, Switzerland Full text
- Popov, P. T. (2017). Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks. doi: 10.1109/ISSRE.2017.23 ISSN 2332-6549 Full text
- Marques, P., Dabbabi, Z., Mironesc, M-M, Thonnard, O., Bessan, A., Buontempo, F. and Gashi, I. (2018). Using Diverse Detectors for Detecting Malicious Web Scraping Activity. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 67-68. doi: 10.1109/DSN-W.2018.00033 Full text
- Algaith, A., Nunes, P., Fonseca, J., Gashi, I. and Viera, M. (2018). Finding SQL Injection and Cross Site Scripting Vulnerabilities with Diverse Static Analysis Tools. In: 2018 14th European Dependable Computing Conference (EDCC). (pp. 57-64). IEEE. ISBN 978-1-5386-8060-5 Full text
- Gashi, I. and Ul Asad, H. (2018). Diversity in Open Source Intrusion Detection Systems. In: Computer Safety, Reliability, and Security. SAFECOMP 2018. . Cham, Switzerland: Springer. ISBN 978-3-319-99129-0 Full text
- Movahedi, Y., Cukier, M., Andongabo, A. and Gashi, I. (2018). Cluster-based Vulnerability Assessment of Operating Systems and Web Browsers. Computing, doi: 10.1007/s00607-018-0663-0 Full text
- Howe, J. M. and Mereani, F. (2018). Detecting Cross-Site Scripting Attacks Using Machine Learning. Advances in Intelligent Systems and Computing, 723, doi: 10.1007/978-3-319-74690-6_20 Full text
- Mohavedi, Y., Cukier, M. and Gashi, I. (2019). Vulnerability Prediction Capability: A Comparison between Vulnerability Discovery Models and Neural Network Models. Computers and Security, doi: 10.1016/j.cose.2019.101596 Full text
- Movahedi, Y., Cukier, M. and Gashi, I. (2020). Predicting the Discovery Pattern of Publically Known Exploited Vulnerabilities. IEEE Transactions on Dependable and Secure Computing, doi: 10.1109/tdsc.2020.3014872 Full text
- Alves, F., Andongabo, A, Gashi, I. , Ferreira, P. M. and Bessani, A. (2020). Follow the blue bird: A study on threat data published on Twitter. Paper presented at the 25th European Symposium on Research in Computer Security (ESORICS) 2020, 14-18 Sep 2020, Guildford, UK. Full text
- Lysenko, S., Bobrovnikova, K., Popov, P. T. , Kharchenko, V. and Medzatyi, D. (2020). Spyware detection technique based on reinforcement learning. CEUR Workshop Proceedings, 2623, pp. 307-316. Full text
- Fujdiak, R., Pokorny, J., Zobal, L., Popov, P. T., Stankovic, V. , Mlynek, P., Mrnustik, P., Blazek, P., Musil, P. and Misurec, J. (2020). Security and Performance Trade-offs for Data Distribution Service in Flying Ad-Hoc Networks. Paper presented at the The 11th Intenrational COngress on Ultr Modern Telecommunications and Control Systems, Dublin, Ireland, 28 - 30 October 2019. Full text
- Hunt, S. and Sands, D. (2020). New Program Abstractions for Privacy. In: Di Pierro, A., Malacaria, A. and Nagarajan, P. (Eds.), From Lambda Calculus to Cybersecurity Through Program Analysis. . Springer. ISBN 9783030411022 Full text
Security of critical systems
- Alberdi, E., Strigini, L., Leach, K., Ryan, P., Palanque, P. & Winckler, M. (2009). Gaining assurance in a voter-verifiable voting system. Paper presented at the 2009 Second International Conference on Dependability, 18 - 23 Jun 2009, Athens, Greece. Full text
- Gashi, I., Bloomfield, R., Bloomfield, R. E. & Stroud, R. (2012). How secure is ERTMS?. Paper presented at the Workshop on Dependable and Secure Computing for Large-scale Complex Critical Infrastructures (DESEC4LCCI), 25 September 2012, Herrenkrug, Germany. Full text
- Stroud, R. & Gashi, I. (2012). Methodology for a security audit of ERTMS. Paper presented at the 42nd IEEE International Conference on Dependable Systems and Networks (DSN) 2012, 25 - 28 June 2012, Boston, USA. Full text
- Strigini, L., Bloomfield, R. E., Paulitsch, M. & Reiger, R. (2012). Evidence-Based Security in Aerospace. From Safety to Security and Back Again. Paper presented at the 23rd International Symposium on Software Reliability Engineering (ISSRE 2012), Fast Abstracts Track, 26 - 29 Nov 2012, Dallas, Texas, USA. Full text
- Bloomfield, R. E., Netkachova, K. & Stroud, R. (2013). Security-Informed Safety: If it's not secure, it's not safe. Paper presented at the 5th International Workshop on Software Engineering for Resilient Systems (SERENE 2013), 03rd - 04th October 2013, Kiev, Ukraine. Full text
- Gashi, I., Povyakalo, A. A., Strigini, L., Matschnig, M, Hinterstoisser, T & Fischer, B (2014). Diversity for Safety and Security in Embedded Systems. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23-06-2014 - 26-06-2014, Atlanta, GA, USA. Full text
- Popov, P. T. (2015). Stochastic Modeling of Safety and Security of the e-Motor, an ASIL-D Device. Paper presented at the 34th International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2015, 23-09-2015 - 25-09-2015, Delft University of Technology, Netherlands. Full text
- Gashi, I., Povyakalo, A. A. & Strigini, L. (2016). Diversity, Safety and Security in Embedded Systems: modelling adversary effort and supply chain risks. Paper presented at the Proceedings of the 12th European Dependable Computing Conference, 5th - 9th September 2016, Gothenburg, Sweden Full text
- Bloomfield, R. E., Popov, P. T., Salako, K. , Stankovic, V. and Wright, D. (2017). Preliminary Interdependency Analysis: An Approach to Support Critical Infrastructure Risk Assessment. Reliability Engineering and System Safety, 167, pp. 198-217. doi: 10.1016/j.ress.2017.05.030 Full text
- Favaro, J., Mazzini, S., Popov, P. T. and Strigini, L. (2018). AQUAS: A project to bridge the gaps between safety and security processes. Ada User Journal, 39(4), pp. 261-263. Full text
- Netkachov, O., Popov, P. T. and Salako, K. (2019). Quantitative Evaluation of the Efficacy of Defence-in-Depth in Critical Infrastructures. In: Resilience of Cyber-Physical Systems. (pp. 89-121). Berlin, Germany: Springer International Publishing. ISBN 978-3-319-95597-1 Full text
- Netkachov, O., Popov, P. T. and Salako, K. (2019). Quantitative Evaluation of the Efficacy of Defence-in-Depth in Critical Infrastructures. In: Resilience of Cyber-Physical Systems. (pp. 89-121). Berlin, Germany: Springer International Publishing. ISBN 978-3-319-95597-1 Full text