We look at security and privacy and their relationship to the system development process.
Our work informs, and is driven by the importance of, the early understanding of the needs of security and privacy upon a system. Our work includes: security and privacy polices: for example formal verification that a security policy is respected; security and privacy requirements elicitation and analysis: for example argumentation methods to validate that a system satisfies its security goals; and model-driven security analysis: for example, formally verifying that a system modelled with UML maintains information confidentiality.
We are also interested in how systems can support adaptive security and privacy in order to meet changing requirements. Our research in this area is organised into four dimensions – automation, interaction, representation and analysis; which we investigate using methodologies that involvedevelopment of conceptual foundations, contextual enquiry, software engineering method development, and applications and demonstrators.