Discovery Early Career Researcher Award - Grant ID: DE190100046
Funder
Australian Research Council
Funding Amount
$387,000.00
Summary
Fortifying our digital economy: advanced automated vulnerability discovery. This project aims to enable security researchers to detect critical vulnerabilities in large software systems with maximal efficiency, cost-effectively, and with known statistical accuracy. The aim is to develop advanced high-performance fuzzers that effectively thwart malware attacks, ransomware epidemics, and cyber terrorism by exposing security flaws before they can commence. The project will employ a well-established ....Fortifying our digital economy: advanced automated vulnerability discovery. This project aims to enable security researchers to detect critical vulnerabilities in large software systems with maximal efficiency, cost-effectively, and with known statistical accuracy. The aim is to develop advanced high-performance fuzzers that effectively thwart malware attacks, ransomware epidemics, and cyber terrorism by exposing security flaws before they can commence. The project will employ a well-established statistical framework utilised in ecology research to provide fundamental insights to boosting the efficiency of software vulnerability discovery, and on the trade-off between investing more resources and gaining better cyber security guarantees. As our reliance on new technologies is ever growing, this project equips Australia to curb cyber crime cost-effectively.Read moreRead less
Preventing sensitive data exfiltration from insiders . Confidential data such as military secrets or intellectual property must never be disclosed outside the organisation; formally protecting data exfiltration from insider attacks is a major challenge. This project aims to develop a pattern matching based systematic methodology for data exfiltration in database systems. We will devise highly accurate detection tools and secure provenance techniques that can effectively protect against insider a ....Preventing sensitive data exfiltration from insiders . Confidential data such as military secrets or intellectual property must never be disclosed outside the organisation; formally protecting data exfiltration from insider attacks is a major challenge. This project aims to develop a pattern matching based systematic methodology for data exfiltration in database systems. We will devise highly accurate detection tools and secure provenance techniques that can effectively protect against insider attacks. The outcomes of the project will incorporate new security constraints and policies raised by emerging technologies to enable better protection of sensitive information. Read moreRead less
Secure user authentication with continuous adaptive risk evaluation. Users typically authenticate to any given system only once - when they first access it (for example, through providing a password or fingerprint). The prevalence of single sign-on further allows this single authentication to be sufficient for access to multiple systems. Thus an adversary can obtain a large degree of access from stealing a single password, hijacking a user's session, or even simply borrowing their phone. This pr ....Secure user authentication with continuous adaptive risk evaluation. Users typically authenticate to any given system only once - when they first access it (for example, through providing a password or fingerprint). The prevalence of single sign-on further allows this single authentication to be sufficient for access to multiple systems. Thus an adversary can obtain a large degree of access from stealing a single password, hijacking a user's session, or even simply borrowing their phone. This project aims to develop a continuous authentication approach based on user behaviour - typical interactions plus biometrics (for example, keystroke dynamics) - combined with a risk adaptive assessment of the resources being accessed, resulting in re-authentication requests in the event of a suspected compromise.Read moreRead less
Privacy-aware Smart Access Control for Internet-of-Things on Blockchain. This project aims to address privacy and trust issues in Internet-of-Things (IoT) access control mechanism of smart critical infrastructure. This project expects to generate new knowledge in the area of IoT access control by leveraging privacy-preserving techniques, blockchain, and machine learning. Expected outcomes of this project include enhanced capability to build improved techniques for privacy aware tamperproof IoT a ....Privacy-aware Smart Access Control for Internet-of-Things on Blockchain. This project aims to address privacy and trust issues in Internet-of-Things (IoT) access control mechanism of smart critical infrastructure. This project expects to generate new knowledge in the area of IoT access control by leveraging privacy-preserving techniques, blockchain, and machine learning. Expected outcomes of this project include enhanced capability to build improved techniques for privacy aware tamperproof IoT access control with machine learning based anomaly detection. This should provide significant benefits, such as preventing cyber threats on security and privacy of IoT and improving trust in IoT-enabled smart critical infrastructure of Australia.Read moreRead less
An active approach to detect and defend against peer-to-peer botnets. The aim of this project is to develop an effective defence system to help organisations detect and defend against the peer-to-peer (P2P) botnets. If this research is accomplished successfully, it will be a big step forward in defeating this new but devastating malicious software widely utilised by Internet criminals and terrorists. The capability of a nation to defend against the P2P botnet attacks on its information infrastru ....An active approach to detect and defend against peer-to-peer botnets. The aim of this project is to develop an effective defence system to help organisations detect and defend against the peer-to-peer (P2P) botnets. If this research is accomplished successfully, it will be a big step forward in defeating this new but devastating malicious software widely utilised by Internet criminals and terrorists. The capability of a nation to defend against the P2P botnet attacks on its information infrastructure is central to the control of such attacks and hence to a nation's long-term survival and prosperity. The outcomes of this project can be directly used in Australian research communities and adopted by industry and government agencies.Read moreRead less
Discovery Early Career Researcher Award - Grant ID: DE200100166
Funder
Australian Research Council
Funding Amount
$424,709.00
Summary
Enabling Energy Self-Sufficient and Secure Internet of Things. This project aims to develop novel resource management and transmission techniques to enable an energy self-sufficient and secure Internet of Things by utilising energy harvesting technology and robust physical-layer security approach. This project expects to generate new knowledge to address current challenges around energy self-sufficiency and data confidentiality protection capabilities. Expected outcomes include efficient algorit ....Enabling Energy Self-Sufficient and Secure Internet of Things. This project aims to develop novel resource management and transmission techniques to enable an energy self-sufficient and secure Internet of Things by utilising energy harvesting technology and robust physical-layer security approach. This project expects to generate new knowledge to address current challenges around energy self-sufficiency and data confidentiality protection capabilities. Expected outcomes include efficient algorithms and prototypes for long-lasting Internet of Things systems. This should provide significant benefits, including the improved self-sustainability and security critical to realising the Internet of Things’ potential to contribute to enhanced health service delivery and factory automation for Industry 4.0.Read moreRead less
Effective software vulnerability detection for web services. This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a unive ....Effective software vulnerability detection for web services. This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a universal data structure, which unfortunately makes it hard to separate trusted code from untrusted user-provided data. This project intends to develop novel program analysis tools and string constraint solvers, and employ these tools to support sophisticated automated reasoning about string manipulating software.Read moreRead less
Privacy preserving and data utility in outsourced systems. Making the best tradeoff between data privacy and utility is a vital challenge in privacy-preserving outsourcing environments. This project aims to develop a balanced distributed framework to achieve the best utility of outsourced data while protecting private information. The framework consists of general structure of distributed evolutionary algorithms and a predefined topology for high optimization efficiency and a dynamic groupin ....Privacy preserving and data utility in outsourced systems. Making the best tradeoff between data privacy and utility is a vital challenge in privacy-preserving outsourcing environments. This project aims to develop a balanced distributed framework to achieve the best utility of outsourced data while protecting private information. The framework consists of general structure of distributed evolutionary algorithms and a predefined topology for high optimization efficiency and a dynamic grouping recombination model. The project outcomes will be beneficial to applications in the nation as it incorporates new privacy constraints and utility requirements raised by emerging technologies to enable better protection of sensitive information and maximal data utility in outsourced systems. Read moreRead less
Special Research Initiatives - Grant ID: SR0567533
Funder
Australian Research Council
Funding Amount
$120,000.00
Summary
Scientific Instruments as ICT Components in Building a GrEMLIN for e-Research. The proposal seeks to initiate the development of a GrEMLIN, a Grid Enabled Multi-Level Instrument Network, for e-Research. Scientific instruments, whether at conventional laboratories or at major facilities, may be regarded as specialised ICT components in a network providing remote access to such instrumentation. Collaborative remote access and data analysis brings efficiency and effectiveness dividends, that can ....Scientific Instruments as ICT Components in Building a GrEMLIN for e-Research. The proposal seeks to initiate the development of a GrEMLIN, a Grid Enabled Multi-Level Instrument Network, for e-Research. Scientific instruments, whether at conventional laboratories or at major facilities, may be regarded as specialised ICT components in a network providing remote access to such instrumentation. Collaborative remote access and data analysis brings efficiency and effectiveness dividends, that can be enhanced through the harnessing of Grid technologies. The collaborative project will leverage middleware, Web Services and e-Science software developments in the US and UK, to provide Grid enabled remote instrument access and data analysis as a powerful e-Research tool.Read moreRead less
Privacy preservation for personalised smart devices. The goal of this project is to build a privacy preservation framework for personalised smart devices with both immediate and long-term applications in a range of industries. The novel theoretical contributions include a privacy-preservation mechanism that guards against attacks by intelligent tools, a model and metrics that distinguish between object detection and object recognition, and allowing users to specify their desired level of privacy ....Privacy preservation for personalised smart devices. The goal of this project is to build a privacy preservation framework for personalised smart devices with both immediate and long-term applications in a range of industries. The novel theoretical contributions include a privacy-preservation mechanism that guards against attacks by intelligent tools, a model and metrics that distinguish between object detection and object recognition, and allowing users to specify their desired level of privacy guarantee. Practically, these solutions have clear economic and public-safety benefits. The solutions will accelerate AI device development, advance smart technologies based on individual behaviours, and guarantee personal data privacy against both human attackers and adversarial algorithms. Read moreRead less