Secure user authentication with continuous adaptive risk evaluation. Users typically authenticate to any given system only once - when they first access it (for example, through providing a password or fingerprint). The prevalence of single sign-on further allows this single authentication to be sufficient for access to multiple systems. Thus an adversary can obtain a large degree of access from stealing a single password, hijacking a user's session, or even simply borrowing their phone. This pr ....Secure user authentication with continuous adaptive risk evaluation. Users typically authenticate to any given system only once - when they first access it (for example, through providing a password or fingerprint). The prevalence of single sign-on further allows this single authentication to be sufficient for access to multiple systems. Thus an adversary can obtain a large degree of access from stealing a single password, hijacking a user's session, or even simply borrowing their phone. This project aims to develop a continuous authentication approach based on user behaviour - typical interactions plus biometrics (for example, keystroke dynamics) - combined with a risk adaptive assessment of the resources being accessed, resulting in re-authentication requests in the event of a suspected compromise.Read moreRead less
An active approach to detect and defend against peer-to-peer botnets. The aim of this project is to develop an effective defence system to help organisations detect and defend against the peer-to-peer (P2P) botnets. If this research is accomplished successfully, it will be a big step forward in defeating this new but devastating malicious software widely utilised by Internet criminals and terrorists. The capability of a nation to defend against the P2P botnet attacks on its information infrastru ....An active approach to detect and defend against peer-to-peer botnets. The aim of this project is to develop an effective defence system to help organisations detect and defend against the peer-to-peer (P2P) botnets. If this research is accomplished successfully, it will be a big step forward in defeating this new but devastating malicious software widely utilised by Internet criminals and terrorists. The capability of a nation to defend against the P2P botnet attacks on its information infrastructure is central to the control of such attacks and hence to a nation's long-term survival and prosperity. The outcomes of this project can be directly used in Australian research communities and adopted by industry and government agencies.Read moreRead less
Effective software vulnerability detection for web services. This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a unive ....Effective software vulnerability detection for web services. This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a universal data structure, which unfortunately makes it hard to separate trusted code from untrusted user-provided data. This project intends to develop novel program analysis tools and string constraint solvers, and employ these tools to support sophisticated automated reasoning about string manipulating software.Read moreRead less
Information Security Evaluation of Embedded Computer Software. Safeguarding classified electronic communications is of major national importance. This research, into security evaluation of computer software, is supported by the Defence Signals Directorate, which verifies the security of communications devices used by Australia's government and armed forces. As such devices become increasingly sophisticated, traditional security evaluation techniques have become unacceptably difficult and costl ....Information Security Evaluation of Embedded Computer Software. Safeguarding classified electronic communications is of major national importance. This research, into security evaluation of computer software, is supported by the Defence Signals Directorate, which verifies the security of communications devices used by Australia's government and armed forces. As such devices become increasingly sophisticated, traditional security evaluation techniques have become unacceptably difficult and costly. Hardware evaluation techniques, based on tracing paths through circuitry diagrams, have proven unsuitable for software evaluations. Consequently, devising new tools and techniques for information security evaluation of embedded computer software is essential for preserving Australia's national security.Read moreRead less
Privacy preservation for personalised smart devices. The goal of this project is to build a privacy preservation framework for personalised smart devices with both immediate and long-term applications in a range of industries. The novel theoretical contributions include a privacy-preservation mechanism that guards against attacks by intelligent tools, a model and metrics that distinguish between object detection and object recognition, and allowing users to specify their desired level of privacy ....Privacy preservation for personalised smart devices. The goal of this project is to build a privacy preservation framework for personalised smart devices with both immediate and long-term applications in a range of industries. The novel theoretical contributions include a privacy-preservation mechanism that guards against attacks by intelligent tools, a model and metrics that distinguish between object detection and object recognition, and allowing users to specify their desired level of privacy guarantee. Practically, these solutions have clear economic and public-safety benefits. The solutions will accelerate AI device development, advance smart technologies based on individual behaviours, and guarantee personal data privacy against both human attackers and adversarial algorithms. Read moreRead less
Developing A Smart Farming Oriented Secure Data Infrastructure. Smart farming is the future of agriculture. However, recently the Federal Bureau of Investigation has issued a
warning that the lack of data privacy and cyber security mechanisms in the field runs a high risk of disaster. This
project aims to establish an innovative secure data infrastructure for smart farming including secure and automated smart farming supply-chain management. The deliverables of this project will include the cutt ....Developing A Smart Farming Oriented Secure Data Infrastructure. Smart farming is the future of agriculture. However, recently the Federal Bureau of Investigation has issued a
warning that the lack of data privacy and cyber security mechanisms in the field runs a high risk of disaster. This
project aims to establish an innovative secure data infrastructure for smart farming including secure and automated smart farming supply-chain management. The deliverables of this project will include the cutting-edge Blockchain based secure IoT data management and privacy-preserving smart contracts for smart farming supply-chain management. This data infrastructure will be the first of its kind which will lay a solid foundation for smart farming technology.Read moreRead less
Design and deployment of practical anonymous access systems. This project aims to design, test and deploy a practical and highly secure anonymous access system for online businesses that offer services on a free trial basis. Currently, online businesses are unable to take advantage of feedback from customers during and after trial periods; nor do currently available mechanisms offer practical privacy protection to customers. The project expects to overcome these barriers by developing innovative ....Design and deployment of practical anonymous access systems. This project aims to design, test and deploy a practical and highly secure anonymous access system for online businesses that offer services on a free trial basis. Currently, online businesses are unable to take advantage of feedback from customers during and after trial periods; nor do currently available mechanisms offer practical privacy protection to customers. The project expects to overcome these barriers by developing innovative cryptographic solutions and security testing methods that will inform new protocol design and implementation, which will bring long-term benefits to online businesses and their customers. The project also aims to develop new, distributed ledger technology, which is a strategic technology trend. This will provide significant benefits such as a practical, reliable and highly secure anonymous access system for online businesses, in Australia and worldwide, that offer services on a free trial basis, which would enable these service providers to add value to and enhance their product offerings.Read moreRead less
Defending AI based FinTech Systems against Model Extraction Attacks. This project aims to develop new methods for defending artificial intelligence (AI) based FinTech systems from highly potent and insidious model extraction attacks whereby an adversary can steal the AI model from the system to cause intellectual property (IP) violation, business advantage disruption, and financial loss. This can be achieved by examining various attack models, creating active and utility-preserving defences, and ....Defending AI based FinTech Systems against Model Extraction Attacks. This project aims to develop new methods for defending artificial intelligence (AI) based FinTech systems from highly potent and insidious model extraction attacks whereby an adversary can steal the AI model from the system to cause intellectual property (IP) violation, business advantage disruption, and financial loss. This can be achieved by examining various attack models, creating active and utility-preserving defences, and inventing non-removable watermarks on AI models. The outcomes are new tools for securing AI-based FinTech systems before deployment and tools for IP violation forensics post-deployment. Such capabilities are beneficial by improving the security and safety of FinTech systems and other nationally critical AI systems.Read moreRead less
A safety-preserving ecosystem for autonomous driving. In this project, Macquarie University will collaborate with UTS and SilverQuest to develop an innovative safety-preserving ecosystem for autonomous driving. This system will not only be adopted by SilverQuest’s customers (automotive companies) to secure their latest autonomous driving models, but also be commercialised as a toolset that can be plugged into existing autonomous vehicles to detect and prevent malicious attacks on autonomous driv ....A safety-preserving ecosystem for autonomous driving. In this project, Macquarie University will collaborate with UTS and SilverQuest to develop an innovative safety-preserving ecosystem for autonomous driving. This system will not only be adopted by SilverQuest’s customers (automotive companies) to secure their latest autonomous driving models, but also be commercialised as a toolset that can be plugged into existing autonomous vehicles to detect and prevent malicious attacks on autonomous driving models. The project will lead to two innovations: in theory design an attack detection and prevention ecosystem for autonomous driving and in application implement a safety analysis toolset for industry-scale autonomous systems.Read moreRead less
Towards full lifecycle privacy protection on cloud. Privacy protection in user data on cloud is now at risk throughout all stages of user information lifecycle facing significant challenges such as stage adaptive protection, across-system protection, privacy invasion tracing and prediction. Current approaches mainly focus on a specific case at certain stage, hence cannot address those challenges properly by considering all stages. This project aims to systematically investigate those challenges ....Towards full lifecycle privacy protection on cloud. Privacy protection in user data on cloud is now at risk throughout all stages of user information lifecycle facing significant challenges such as stage adaptive protection, across-system protection, privacy invasion tracing and prediction. Current approaches mainly focus on a specific case at certain stage, hence cannot address those challenges properly by considering all stages. This project aims to systematically investigate those challenges and expects to establish innovative research and solutions for enabling full lifecycle privacy protection on cloud. The project outcomes will help to safeguard Australian community in fast-growing online cyber world, and benefit to fast-growing privacy sensitive data hosting and applications on cloud.Read moreRead less