We look at security and privacy and their relationship to the system, both in development and in operating. Our work informs and is driven by the importance of the early understanding of the requirements of security and privacy.
For security, we developed both informal and formal argumentation methods to validate that a system satisfies its security goals under different contexts. We also developed a formal approach to verify that a system modelled with UML maintains information confidentiality for crypto protocols.
For privacy, we developed novel interactive techniques to inform users of mobile phones the potential risks of data leakages that violate privacy rights and machine learning approaches to understand the key factors that affect the perception of privacy in new mobile technologies.
We are also interested in how systems can support Adaptive Security and Privacy (ERC Advanced Grant) in order to meet changing requirements. Our research in this area is organised into four dimensions – automation, interaction, representation and analysis; which we investigate using methodologies that involvedevelopment of conceptual foundations, contextual enquiry, software engineering method development, and applications and demonstrators. We are also investigating Adaptive Information Security for cloud computing applications (QNRF Funded) with a focus on the software engineering challenges of relating security requirements to design and implementation.
Please visit our CRC web page for recent developments in this area.