About City
  1. Schools and departments
  2. Education
  3. Rector and President
  4. Governance and leadership
  5. Working at City
  6. History of City
  7. More about City
  8. Campus map
  9. Contact us
  1. Mathematics, Computer Science and Engineering
  2. Research
  3. Research Centre for Software Reliability
  4. Research
About City

Security

In this page we list the publications that CSR has produced in the area of security. Broadly our publications in this area fall into two categories: Quantitative assessment of security and security of critical systems

Quantitative assessment of security

  • Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Dobson, J., McDermid, J. & Gollmann, D. (1993). Towards operational measures of computer security. Journal of Computer Security, 2(3), pp. 211-229. Full text
  • Littlewood, B. & Strigini, L. (2004). Redundancy and diversity in security. COMPUTER SECURITY ESORICS 2004, PROCEEDINGS, 3193, pp. 423-438. ISSN 0302-9743. Full text
  • Gashi, I. & Bloomfield, R. E. (2008). Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems. Centre for Software Reliability, City University London. Full text
  • Bessani, A. N., Reiser, H. P., Sousa, P., Gashi, I., Stankovic, V., Distler, T., Kapitza, R., Daidone, A. & Obelheiro, R. R. (2008). FOREVER: Fault/intrusiOn REmoVal through Evolution & Recovery. Paper presented at the ACM/IFIP/USENIX Middleware '08 Conference. Full text
  • Bloomfield, R. E., Gashi, I., Povyakalo, A. A. & Stankovic, V. (2008). Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network. Paper presented at the 19th International Symposium on Software Reliability Engineering, 2008, 10 - 14 Nov 2008, Seattle, USA. Full text 
  • Gashi, I., Stankovic, V., Leita, C. & Thonnard, O. (2009). An Experimental Study of Diversity with Off-The-Shelf AntiVirus Engines. Paper presented at the Eighth IEEE International Symposium on Network Computing and Applications, 9 - 11 July 2009, Cambridge, MA, USA. Full text 
  • Stankovic, V., Bessani, A. N., Daidone, A., Gashi, I., Obelheiro, R. R. & Sousa, P. (2009). Enhancing Fault / Intrusion Tolerance through Design and Configuration Diversity. Paper presented at the 3rd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2009), Jun 2009, Estoril, Lisbon, Portugal. Full text
  • Garcia, M., Bessani, A. N., Gashi, I., Neves, N. & Obelheiro, R. R. (2011). OS diversity for intrusion tolerance: Myth or reality?. Paper presented at the 41st International Conference on Dependable Systems & Networks (DSN), 27 - 30 Jun 2011, Hong Kong. Full text
  • Stankovic, V., Bloomfield, R. E., Bishop, P. G. & Gashi, I. (2011). Diversity for Security: a Study with Off-The-Shelf AntiVirus Engines. Paper presented at the 21st International Symposium on Software Reliability Engineering (ISSRE 2011), Hiroshima, Japan. Full text
  • Gashi, I., Stankovic, V., Cukier, M. & Sobesto, B. (2012). Diversity with AntiVirus products: Additional empirical studies. Paper presented at the 42nd IEEE International Conference on Dependable Systems and Networks (DSN) 2012, 25 - 28 June 2012, Boston, USA. Full text
  • Gashi, I., Sobesto, B., Mason, S., Stankovic, V. & Cukier, M. (2013). A Study of the Relationship Between Antivirus Regressions and Label Changes. Paper presented at the IEEE International Symposium on Software Reliability Engineering, 4 - 7 Nov 2013, Pasadena, CA, US. Full text
  • Lugini, L., Marasco, E., Cukic, B. & Gashi, I. (2013). Interoperability in Fingerprint Recognition: A Large-Scale Empirical Study. Paper presented at the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2013), 24 - 27 June 2013, Budapest, Hungary. Full text
  • Cukier, M., Gashi, I., Sobesto, B. & Stankovic, V. (2013). Does Malware Detection Improve With Diverse AntiVirus Products? An Empirical Study. Paper presented at the 32nd International Conference on Computer Safety, Reliability and Security (SAFECOMP), 24- - 27 September 2013, Toulouse, France. Full text 
  • Garcia,M., Bessani, A.N., Gashi, I., Neves, N. & Obelheiro, R.R. (2013). Analysis of operating system diversity for intrusion tolerance.  Software: Practice and Experience, doi: 10.1002/spe.2180. Full text
  • Gashi, I., Mason, S., Lugini, L., Marasco, E. & Cukic, B. (2014). Interoperability between Fingerprint Biometric Systems: An Empirical Study. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23rd - 26th June 2014, Atlanta, GA, USA. Full text
  • Turkay, C., Mason, S., Gashi, I. & Cukic, B. (2014). Supporting Decision-making for Biometric System Deployment through Visual Analysis. Paper presented at the Reliability and Security Data Analysis (RSDA) Workshop, International Symposium on Software Reliability Engineering, 03-11-2014-06-11-2014, Naples, Italy Full text
  • Gashi, I., Mason, S., Lugini, L., Marasco, E. & Cukic, B. (2014). Interoperability between Fingerprint Biometric Systems: An Empirical Study. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23rd - 26th June 2014, Atlanta, GA, USA Full text
  • Movahedi, Y., Cukier, M., Andongabo, A. & Gashi, I. (2017). Cluster-based Vulnerability Assessment Applied to Operating Systems. Paper presented at the 13th European Dependable Computing Conference, 4-8 Sep 2017, Geneva, Switzerland Full text
  • Andongabo, A. & Gashi, I. (2017). vepRisk - A Web Based Analysis Tool for Public Security Data. Paper presented at the 13th European Dependable Computing Conference, 4-8 Sep 2017, Geneva, Switzerland Full text

Security of critical systems

  • Alberdi, E., Strigini, L., Leach, K., Ryan, P., Palanque, P. & Winckler, M. (2009). Gaining assurance in a voter-verifiable voting system. Paper presented at the 2009 Second International Conference on Dependability, 18 - 23 Jun 2009, Athens, Greece. Full text
  • Gashi, I., Bloomfield, R., Bloomfield, R. E. & Stroud, R. (2012). How secure is ERTMS?. Paper presented at the Workshop on Dependable and Secure Computing for Large-scale Complex Critical Infrastructures (DESEC4LCCI), 25 September 2012, Herrenkrug, Germany. Full text 
  • Stroud, R. & Gashi, I. (2012). Methodology for a security audit of ERTMS. Paper presented at the 42nd IEEE International Conference on Dependable Systems and Networks (DSN) 2012, 25 - 28 June 2012, Boston, USA. Full text
  • Strigini, L., Bloomfield, R. E., Paulitsch, M. & Reiger, R. (2012). Evidence-Based Security in Aerospace. From Safety to Security and Back Again. Paper presented at the 23rd International Symposium on Software Reliability Engineering (ISSRE 2012), Fast Abstracts Track, 26 - 29 Nov 2012, Dallas, Texas, USA. Full text 
  • Bloomfield, R. E., Netkachova, K. & Stroud, R. (2013). Security-Informed Safety: If it's not secure, it's not safe. Paper presented at the 5th International Workshop on Software Engineering for Resilient Systems (SERENE 2013), 03rd - 04th October 2013, Kiev, Ukraine. Full text 
  • Gashi, I., Povyakalo, A. A., Strigini, L., Matschnig, M, Hinterstoisser, T & Fischer, B (2014). Diversity for Safety and Security in Embedded Systems. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23-06-2014 - 26-06-2014, Atlanta, GA, USA. Full text
  • Gashi, I., Povyakalo, A. A. & Strigini, L. (2016). Diversity, Safety and Security in Embedded Systems: modelling adversary effort and supply chain risks. Paper presented at the Proceedings of the 12th European Dependable Computing Conference, 5th - 9th September 2016, Gothenburg, Sweden Full text