Security and Privacy

Security and Privacy

We look at security and privacy and their relationship to the system, both in development and in operating. Our work informs and is driven by the importance of the early understanding of the requirements of security and privacy.


For security, we developed both informal and formal argumentation methods to validate that a system satisfies its security goals under different contexts. We also developed a formal approach to verify that a system modelled with UML maintains information confidentiality for crypto protocols.


For privacy, we developed novel interactive techniques to inform users of mobile phones the potential risks of data leakages that violate privacy rights and machine learning approaches to understand the key factors that affect the perception of privacy in new mobile technologies.

Research Projects

Our research projects include model-based security argumentation and verification for life-long evolving systems (SecureChange, EU FP7), privacy rights management for mobile applications through privacy policy learning, verification and enforcement (EPSRC PRiMMA, EPSRC Privacy Dynamics). We also engage the public through the events held at the Bletchley Park Museum and the public awareness web page (Security and Privacy for All).

We are also interested in how systems can support Adaptive Security and Privacy (ERC Advanced Grant) in order to meet changing requirements.  Our research in this area is organised into four dimensions – automation, interaction, representation and analysis; which we investigate using methodologies that involvedevelopment of conceptual foundations, contextual enquiry, software engineering method development, and applications and demonstrators.  We are also investigating Adaptive Information Security for cloud computing applications (QNRF Funded) with a focus on the software engineering challenges of relating security requirements to design and implementation.

Please visit our CRC web page for recent developments in this area.