Our research programme aims to enhance the cyber security of modern IT systems. We advance used techniques and processes towards automated, secure and reliable cyber defences.
Our work covers the following themes.
Formal methods
We focus on the design and use of techniques such as formal semantics, type systems and model checking to support the implementation and verification of secure by-design systems. As well as the development of associated theories, the stream outcomes include various automated verification tools.
Blockchain
We research distributed ledger technologies (DLT), aka blockchains, and their applications to distributed computing, cloud computing and the Internet of things (IoT). Southampton is emerging as an international knowledge centre on DLT, growing new collaborations with industry in the UK and public administrations in Europe and beyond.
Our research programme aims at strengthening the cyber security of modern IT systems through fast, scalable blockchain infrastructure. We are currently working on the following research streams:
Design paradigms
We address issues of how to analyse, compare, design and develop fast, scalable and secure blockchain and smart-contract infrastructures.
Service ledger
We aim to develop a software platform based on blockchain to underpin highly dynamic coalition systems such as IoT, cloud federation and provenance tracking scenarios.
Security services
We aim to strengthen security services such as access control, identity management and privacy management with blockchain integrity, availability and decentralisation features.
Security and privacy
We investigate methods for controlling the management of sensitive data, and the processes on which these operate. Significant effort is placed on authorisation and authentication controls to create secure by-design system such as access control infrastructures and data-sharing protocols.
We also focus on:
-
anonymity, developing incentive schemas to favour cooperation
-
trust management, targeting cyber risk management applications
-
anonymisation, enhancing current techniques to protect them from de-anonymisation attacks
In collaboration with the Law School, we are also developing the adoption of regulation, such as GDPR, within current data management systems.
Human Factor
We focus on favouring the adoption of cyber security controls in practice by devising new learning and awareness approaches to make human decision-making and cyber behaviours more effective.
Internet of things
We are involved in various national and university activities that focus on IoT, such as PETRAS. Our IoT research programme encompasses all our other research themes. The goal is to make the IoT ecosystem more secure.
This covers:
-
formal modelling and analysis of IoT languages and frameworks
-
dynamic analysis of firmware updates
-
lightweight but secure physical authentication procedures
-
fine-grained authorisation infrastructures
-
blockchain-connected IoT applications
-
vulnerability assessment
Provenance
Provenance is the foundation of data quality. It captures the trace of data manipulation over space, time and actors understanding the semantic relationships among them in order to point out how data is actually generated and used.
We focus on the formal modelling and reasoning of provenance models, and their cyber security implications.
Malware analysis
We focus on the devising of automated solutions for coping with malware-driven threats. We are developing techniques to automatically learn models and patterns behind malware evolution. This will help us devise technologies for keeping pace with the speed of new malware variations.