Effective software vulnerability detection for web services. This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a unive ....Effective software vulnerability detection for web services. This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a universal data structure, which unfortunately makes it hard to separate trusted code from untrusted user-provided data. This project intends to develop novel program analysis tools and string constraint solvers, and employ these tools to support sophisticated automated reasoning about string manipulating software.Read moreRead less
An extensible framework for analysis of Java language-based security conformance. Java is a programming language and platform running on 3 billion devices. While Java provides a sandbox-based security architecture within the Java Class Library to protect systems from untrusted code downloaded from Internet, it cannot defend against implementation bugs that occur in the Java Class Library. The goal of this project is to provide a formal model of the Java security architecture, which can be used b ....An extensible framework for analysis of Java language-based security conformance. Java is a programming language and platform running on 3 billion devices. While Java provides a sandbox-based security architecture within the Java Class Library to protect systems from untrusted code downloaded from Internet, it cannot defend against implementation bugs that occur in the Java Class Library. The goal of this project is to provide a formal model of the Java security architecture, which can be used by program analysers to identify faulty or insufficient security checks in the Java Class Library that may lead to the sandbox being bypassed.Read moreRead less
Applying the Lessons of the Virtual Battlefield to Financial Modelling - Investigating Innovative use of Distributed Simulation. The development of Distributed Simulations is recognised as an increasingly important part of training, scientific modelling and acquisitions in the defense community. While the benefits of simulation are well understood the actual development costs and complexity remain prohibitive, requiring expert programming skills and training. These limitations are greatly impedi ....Applying the Lessons of the Virtual Battlefield to Financial Modelling - Investigating Innovative use of Distributed Simulation. The development of Distributed Simulations is recognised as an increasingly important part of training, scientific modelling and acquisitions in the defense community. While the benefits of simulation are well understood the actual development costs and complexity remain prohibitive, requiring expert programming skills and training. These limitations are greatly impeding the wider adoption of simulation in the broader business community.
To address these issues this proposal investigates the means of applying simulation technologies to a domain in which user-configurable desktop tools, such as spreadsheets and word processors, are more the norm - for example financial modelling.
We aim to extend the development of tools and techniques that support the desktop use of simulation and to assess the relative merits of these approaches. Our eventual goal is to provide approachable simulation services, without adversely compromising their inherent power, to a far wider range of application domains.
Read moreRead less