Showing posts from 2015

Cyber Security Awareness Month

A few years ago, the US Department for Homeland Security started an initiative to raise awareness of cyber security issues by promoting  October as "National Cyber Security Awareness Month".  Therefore, it is appropriate that the latest presentation of the Open University's MOOC "Introduction to Cyber Security" is due to start next week.  Since we launched the course in October 2014, we've had over 50,000 learners participate and almost 11,000 fully engage with the content.

By giving people the basic knowledge and skills to better protect their computer systems, both at home and work, we hope to have made a useful contribution to raising cyber security awareness across the globe.  Of course, there is still a long way to go, as highlighted by Kevin Beaver in a recent blog post on IBM's Security Intelligence site.  Weak passwords, unpatched systems, and improper malware protection are all examples of common security problems that are well known but not …

Validation, Verification and Explanation in a Smarter World

Ubiquitous computing systems are creating the potential of a smarter but more complex world. One way of managing this complexity is to develop adaptive systems that can react to changes in their operating environment. In such environments security is an important consideration because the assets, threats, attacks and vulnerabilities can all change at runtime.  Adaptive security can help but it is important to have assurances about:
Validation: (Have we built the right system?)
Will the system protect the assets from security threats? Verification: (Have we built the system right?)
Has the system been correctly configured to protect the assets from security threats?
; andExplanation:

Can we understand the behaviour of the adaptive security system? This is the subject of a recent talk I delivered at a workshop on Engineering Adaptive Systems in Bra, Italy.  The photograph above shows a view of the Alps as we look towards France from the conference venue.  The slides from my talk are embed…

Adaptive Privacy @ SET for BRITAIN

Our research on  'Adaptive Sharing for Online Social Networks' has been selected for presentation at this year's SET for BRITAIN event at the Houses of Parliament.  The work will be presented by Dr. Mu Yang, one of the post-doctoral researchers on our Adaptive Security and Privacy project.  She will be presenting a model that allows social network users to balance privacy risks against social benefits by providing advice on the optimal audience for different types of information. The work has the potential to strengthen the privacy for users of online social networks such as Facebook and Twitter.

This is based on our TrustCom 2014 paper, 'Adaptive Sharing for Online Social Networks: A Trade-off between Privacy Risk and Social Benefit' which received the Best Paper Award.  For more details our participation in the SET for BRITAIN event on 9 March 2015, see "OU Research at SET for BRITAIN".

Why can't I do that?: Explaining Adaptive Security

Adaptive security demo, extracted from Collaborative Security video  produced by Amel Bennaceur

Our world is increasingly being pervaded by connected digital devices that make up the Internet of Things, making it important to ensure that the security of these devices and the functionality they provide.  We are working on techniques to support adaptive information security, where the security mechanisms used to protect these pervasive computing systems can change as the value of the assets being protected and the threats that arise in the environment change.  A key challenge in any adaptive system is to ensure that users understand why the behaviour of the system is changing at runtime. This is particularly true of security adaptations because in many situations they are likely to prevent users from accessing functionality.

In recent work, we have focussed on software engineering techniques that support this through traceability for explaining adaptive security decisions.  Our paper  o…

Online Cyber Security Discussion

As we kick off the next presentation of the Introduction to Cyber Security MOOC, I took part in an online discussion on the topic with Cory Doctorow and Andrew Smith on Twitter.  This was my first time leading one of these "Ask Me Anything" sessions, which was hosted by FutureLearn as part of a new initiative called #FutureLearnAsks.  Although at times I struggled to keep up with the speed of the conversation, it was a lot of fun to engage with a diverse group of people to talk about this important topic.

The discussion was seeded by a number of questions, ranging from "Is the state justified to monitor personal digital and telecommunications in the name of security?" to "What one tip would you give to people to better protect their cyber security?"  One key lesson learned about asking open ended questions like this was that if the answer is always going to start with "It depends ...", having a useful discussion on a platform like Twitter is goi…

Programming to 'Make Sparks Fly'?

This year's Royal Institution Christmas Lectures, titled "Sparks will Fly" were all about 'hacking' everyday objects to make them part of the Internet of Everything.  Presented by Prof. Danielle George from University of Manchester, they were a great showcase of how engineers tackle challenging problems by extending the capabilities of technologies like the light bulb, the telephone and the motor.

Across the three lectures, the audience got to take part in building systems that used internet connected lights to play Tetris on a London skyscraper, to holographic communications and a robotic orchestra.  Through this process, we understood how to build solutions to complex problems by:

decomposing them into simpler sub-problems;identifying technologies that could help us solve the sub-problems, using techniques like abstraction and analogical reasoning;building prototypes to test our hypotheses about these technologies could be extended to solve each sub-problem; a…