We aim to develop novel and pragmatic ways to assure the dependability of software systems with particular emphasis on security, trust and risk. We focus on theories from model-based engineering and analysis-based assurance to develop methods, models, practices and tools that promote the provision of security and dependability in complex interconnected and heterogeneous systems and information infrastructures that underpin our economy and society.
We focus on applied software engineering techniques in an industrial context, where security and dependability are essential concerns. As such, we explore and establish our work across new technological paradigms such as Cloud Computing, Internet of Things and Big Data that change the present and shape the future of software systems and their role in society. The areas we research include
Modelling languages and ontologies
Our work in this area is concerned with the development and precise definition of modelling languages and ontologies to support visual modelling of security, trust, privacy and risk. Examples of our work in that area include the development of modelling languages based on the Goal-Oriented Requirements engineering paradigm, to model security and trust and the application of Concept diagrams in the area of Privacy Engineering, where ontologies can be used to capture privacy constraints over information systems. We also develop underlying formalisms, utilising logics and graph transformations, to enable precise specifications and automated reasoning, within the context of security and dependability, taking into account organisational policies and resource allocation.
Methodologies and model-based engineering
Our work in that area focuses on the development and analysis of methods, processes, methodologies and architectures for secure and dependable systems. At the requirements level we focus on the development of processes that enables security engineers to elicit and model security requirements and analyse them in terms of security properties, relevant threats and vulnerabilities. At the architectural level, we focus on developing software architecture techniques to ensure that software systems satisfy security, trust and privacy requirements and that developed architectures reduce potential risks. Such techniques include model-based methodologies that enable support at different levels, from design –through the development of architectural models, to run time – through the execution and management of such models. Our work also include traceability support between software architecture and other artefacts of the software lifecycle such as code and requirements.
Security engineering decision support
One of the single largest concerns facing organisations today is how to protect themselves from cyber attacks whose prominence impose the need for organisations to prioritize their cyber security concerns with respect to their perceived threats. We are investigating novel decision-making methodologies and models that guarantee the highest possible levels of protection within different domains (e.g. IoT, Cloud) with regards to different security and privacy threats and a set of evolving factors such as security requirements, financial cost etc.
Computer aided software engineering (CASE) tools
To support software development process activities, we are developing computer-aided software engineering (CASE) tools. Our tools support security and trust analysis of the system under development at different levels. At the higher level, they are graphical editors where security and trust models can be drawn and the grammatical correctness of the models is automatically checked. On the lower level, they enable analysis of security and trust properties and security threats.