School of Mathematics, Computer Science & Engineering
  1. About the School
  2. Research
  3. UKACM 2019
  4. Compressors Conference
  5. Our London location
  6. Athena SWAN
  7. Placements and internships
  8. Engineering & Mathematics scholarships & funding
  9. Computer Science scholarships and funding
  1. Research Centre for Software Reliability
  2. Research
School of Mathematics, Computer Science & Engineering

Security

In this page we list the publications that CSR has produced in the area of security. Broadly our publications in this area fall into two categories: Quantitative assessment of security and security of critical systems

Quantitative assessment of security

  • Littlewood, B., Brocklehurst, S., Fenton, N., Mellor, P., Page, S., Wright, D., Dobson, J., McDermid, J. & Gollmann, D. (1993). Towards operational measures of computer security. Journal of Computer Security, 2(3), pp. 211-229. Full text
  • Littlewood, B. & Strigini, L. (2004). Redundancy and diversity in security. COMPUTER SECURITY ESORICS 2004, PROCEEDINGS, 3193, pp. 423-438. ISSN 0302-9743. Full text
  • Gashi, I. & Bloomfield, R. E. (2008). Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems. Centre for Software Reliability, City University London. Full text
  • Bessani, A. N., Reiser, H. P., Sousa, P., Gashi, I., Stankovic, V., Distler, T., Kapitza, R., Daidone, A. & Obelheiro, R. R. (2008). FOREVER: Fault/intrusiOn REmoVal through Evolution & Recovery. Paper presented at the ACM/IFIP/USENIX Middleware '08 Conference. Full text
  • Bloomfield, R. E., Gashi, I., Povyakalo, A. A. & Stankovic, V. (2008). Comparison of Empirical Data from Two Honeynets and a Distributed Honeypot Network. Paper presented at the 19th International Symposium on Software Reliability Engineering, 2008, 10 - 14 Nov 2008, Seattle, USA. Full text 
  • Gashi, I., Stankovic, V., Leita, C. & Thonnard, O. (2009). An Experimental Study of Diversity with Off-The-Shelf AntiVirus Engines. Paper presented at the Eighth IEEE International Symposium on Network Computing and Applications, 9 - 11 July 2009, Cambridge, MA, USA. Full text 
  • Stankovic, V., Bessani, A. N., Daidone, A., Gashi, I., Obelheiro, R. R. & Sousa, P. (2009). Enhancing Fault / Intrusion Tolerance through Design and Configuration Diversity. Paper presented at the 3rd Workshop on Recent Advances on Intrusion-Tolerant Systems (WRAITS 2009), Jun 2009, Estoril, Lisbon, Portugal. Full text
  • Garcia, M., Bessani, A. N., Gashi, I., Neves, N. & Obelheiro, R. R. (2011). OS diversity for intrusion tolerance: Myth or reality?. Paper presented at the 41st International Conference on Dependable Systems & Networks (DSN), 27 - 30 Jun 2011, Hong Kong. Full text
  • Stankovic, V., Bloomfield, R. E., Bishop, P. G. & Gashi, I. (2011). Diversity for Security: a Study with Off-The-Shelf AntiVirus Engines. Paper presented at the 21st International Symposium on Software Reliability Engineering (ISSRE 2011), Hiroshima, Japan. Full text
  • Gashi, I., Stankovic, V., Cukier, M. & Sobesto, B. (2012). Diversity with AntiVirus products: Additional empirical studies. Paper presented at the 42nd IEEE International Conference on Dependable Systems and Networks (DSN) 2012, 25 - 28 June 2012, Boston, USA. Full text
  • Gashi, I., Sobesto, B., Mason, S., Stankovic, V. & Cukier, M. (2013). A Study of the Relationship Between Antivirus Regressions and Label Changes. Paper presented at the IEEE International Symposium on Software Reliability Engineering, 4 - 7 Nov 2013, Pasadena, CA, US. Full text
  • Lugini, L., Marasco, E., Cukic, B. & Gashi, I. (2013). Interoperability in Fingerprint Recognition: A Large-Scale Empirical Study. Paper presented at the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2013), 24 - 27 June 2013, Budapest, Hungary. Full text
  • Cukier, M., Gashi, I., Sobesto, B. & Stankovic, V. (2013). Does Malware Detection Improve With Diverse AntiVirus Products? An Empirical Study. Paper presented at the 32nd International Conference on Computer Safety, Reliability and Security (SAFECOMP), 24- - 27 September 2013, Toulouse, France. Full text 
  • Garcia,M., Bessani, A.N., Gashi, I., Neves, N. & Obelheiro, R.R. (2013). Analysis of operating system diversity for intrusion tolerance.  Software: Practice and Experience, doi: 10.1002/spe.2180. Full text
  • Gashi, I., Mason, S., Lugini, L., Marasco, E. & Cukic, B. (2014). Interoperability between Fingerprint Biometric Systems: An Empirical Study. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23rd - 26th June 2014, Atlanta, GA, USA. Full text
  • Turkay, C., Mason, S., Gashi, I. & Cukic, B. (2014). Supporting Decision-making for Biometric System Deployment through Visual Analysis. Paper presented at the Reliability and Security Data Analysis (RSDA) Workshop, International Symposium on Software Reliability Engineering, 03-11-2014-06-11-2014, Naples, Italy Full text
  • Gashi, I., Mason, S., Lugini, L., Marasco, E. & Cukic, B. (2014). Interoperability between Fingerprint Biometric Systems: An Empirical Study. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23rd - 26th June 2014, Atlanta, GA, USA Full text
  • Movahedi, Y., Cukier, M., Andongabo, A. & Gashi, I. (2017). Cluster-based Vulnerability Assessment Applied to Operating Systems. Paper presented at the 13th European Dependable Computing Conference, 4-8 Sep 2017, Geneva, Switzerland Full text
  • Andongabo, A. & Gashi, I. (2017). vepRisk - A Web Based Analysis Tool for Public Security Data. Paper presented at the 13th European Dependable Computing Conference, 4-8 Sep 2017, Geneva, Switzerland Full text

Security of critical systems

  • Alberdi, E., Strigini, L., Leach, K., Ryan, P., Palanque, P. & Winckler, M. (2009). Gaining assurance in a voter-verifiable voting system. Paper presented at the 2009 Second International Conference on Dependability, 18 - 23 Jun 2009, Athens, Greece. Full text
  • Gashi, I., Bloomfield, R., Bloomfield, R. E. & Stroud, R. (2012). How secure is ERTMS?. Paper presented at the Workshop on Dependable and Secure Computing for Large-scale Complex Critical Infrastructures (DESEC4LCCI), 25 September 2012, Herrenkrug, Germany. Full text 
  • Stroud, R. & Gashi, I. (2012). Methodology for a security audit of ERTMS. Paper presented at the 42nd IEEE International Conference on Dependable Systems and Networks (DSN) 2012, 25 - 28 June 2012, Boston, USA. Full text
  • Strigini, L., Bloomfield, R. E., Paulitsch, M. & Reiger, R. (2012). Evidence-Based Security in Aerospace. From Safety to Security and Back Again. Paper presented at the 23rd International Symposium on Software Reliability Engineering (ISSRE 2012), Fast Abstracts Track, 26 - 29 Nov 2012, Dallas, Texas, USA. Full text 
  • Bloomfield, R. E., Netkachova, K. & Stroud, R. (2013). Security-Informed Safety: If it's not secure, it's not safe. Paper presented at the 5th International Workshop on Software Engineering for Resilient Systems (SERENE 2013), 03rd - 04th October 2013, Kiev, Ukraine. Full text 
  • Gashi, I., Povyakalo, A. A., Strigini, L., Matschnig, M, Hinterstoisser, T & Fischer, B (2014). Diversity for Safety and Security in Embedded Systems. Paper presented at the IEEE International Conference on Dependable Systems and Networks, 23-06-2014 - 26-06-2014, Atlanta, GA, USA. Full text
  • Gashi, I., Povyakalo, A. A. & Strigini, L. (2016). Diversity, Safety and Security in Embedded Systems: modelling adversary effort and supply chain risks. Paper presented at the Proceedings of the 12th European Dependable Computing Conference, 5th - 9th September 2016, Gothenburg, Sweden Full text