Effective software vulnerability detection for web services. This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a unive ....Effective software vulnerability detection for web services. This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a universal data structure, which unfortunately makes it hard to separate trusted code from untrusted user-provided data. This project intends to develop novel program analysis tools and string constraint solvers, and employ these tools to support sophisticated automated reasoning about string manipulating software.Read moreRead less
Developing an active defence system to identify malicious domains and websites. This project aims to develop an innovative active defence system to effectively identify malicious Internet domains and websites. It can secure the cyberspace that is essential to the daily work of Australian people, thus addresses a fundamental problem in safeguarding Australia from cyber crime and terrorism.
Discovery Early Career Researcher Award - Grant ID: DE190100046
Funder
Australian Research Council
Funding Amount
$387,000.00
Summary
Fortifying our digital economy: advanced automated vulnerability discovery. This project aims to enable security researchers to detect critical vulnerabilities in large software systems with maximal efficiency, cost-effectively, and with known statistical accuracy. The aim is to develop advanced high-performance fuzzers that effectively thwart malware attacks, ransomware epidemics, and cyber terrorism by exposing security flaws before they can commence. The project will employ a well-established ....Fortifying our digital economy: advanced automated vulnerability discovery. This project aims to enable security researchers to detect critical vulnerabilities in large software systems with maximal efficiency, cost-effectively, and with known statistical accuracy. The aim is to develop advanced high-performance fuzzers that effectively thwart malware attacks, ransomware epidemics, and cyber terrorism by exposing security flaws before they can commence. The project will employ a well-established statistical framework utilised in ecology research to provide fundamental insights to boosting the efficiency of software vulnerability discovery, and on the trade-off between investing more resources and gaining better cyber security guarantees. As our reliance on new technologies is ever growing, this project equips Australia to curb cyber crime cost-effectively.Read moreRead less
Secure user authentication with continuous adaptive risk evaluation. Users typically authenticate to any given system only once - when they first access it (for example, through providing a password or fingerprint). The prevalence of single sign-on further allows this single authentication to be sufficient for access to multiple systems. Thus an adversary can obtain a large degree of access from stealing a single password, hijacking a user's session, or even simply borrowing their phone. This pr ....Secure user authentication with continuous adaptive risk evaluation. Users typically authenticate to any given system only once - when they first access it (for example, through providing a password or fingerprint). The prevalence of single sign-on further allows this single authentication to be sufficient for access to multiple systems. Thus an adversary can obtain a large degree of access from stealing a single password, hijacking a user's session, or even simply borrowing their phone. This project aims to develop a continuous authentication approach based on user behaviour - typical interactions plus biometrics (for example, keystroke dynamics) - combined with a risk adaptive assessment of the resources being accessed, resulting in re-authentication requests in the event of a suspected compromise.Read moreRead less
An active approach to detect and defend against peer-to-peer botnets. The aim of this project is to develop an effective defence system to help organisations detect and defend against the peer-to-peer (P2P) botnets. If this research is accomplished successfully, it will be a big step forward in defeating this new but devastating malicious software widely utilised by Internet criminals and terrorists. The capability of a nation to defend against the P2P botnet attacks on its information infrastru ....An active approach to detect and defend against peer-to-peer botnets. The aim of this project is to develop an effective defence system to help organisations detect and defend against the peer-to-peer (P2P) botnets. If this research is accomplished successfully, it will be a big step forward in defeating this new but devastating malicious software widely utilised by Internet criminals and terrorists. The capability of a nation to defend against the P2P botnet attacks on its information infrastructure is central to the control of such attacks and hence to a nation's long-term survival and prosperity. The outcomes of this project can be directly used in Australian research communities and adopted by industry and government agencies.Read moreRead less
Novel audio watermarking techniques for tracing multimedia piracy. This project aims to develop inaudible, high-capacity audio watermarking techniques to trace the illegal copying and distribution of multimedia data containing a sound component, such as audios and sound videos. With the rapid growth of communication networks and the use of advanced multimedia technology, digital multimedia data can be easily copied, manipulated and distributed. This has led to strong demand for new techniques to ....Novel audio watermarking techniques for tracing multimedia piracy. This project aims to develop inaudible, high-capacity audio watermarking techniques to trace the illegal copying and distribution of multimedia data containing a sound component, such as audios and sound videos. With the rapid growth of communication networks and the use of advanced multimedia technology, digital multimedia data can be easily copied, manipulated and distributed. This has led to strong demand for new techniques to prevent illegal use of copyrighted data. The project is expected to advance the theory of audio watermarking and enhance Australia's international competitiveness in this field.
Read moreRead less
A provable privacy-preserving data sharing system for the cloud environment. This project aims to develop an innovative data sharing system, with a mathematically provable privacy guarantee, in a cloud environment. This will be adopted by Australian Education Management Group’s (AEMG) cloud campus to exchange data in a restricted privacy manner between partner institutions. It will be commercialised as a middleware that can be plugged into existing cloud environments to maintain required privacy ....A provable privacy-preserving data sharing system for the cloud environment. This project aims to develop an innovative data sharing system, with a mathematically provable privacy guarantee, in a cloud environment. This will be adopted by Australian Education Management Group’s (AEMG) cloud campus to exchange data in a restricted privacy manner between partner institutions. It will be commercialised as a middleware that can be plugged into existing cloud environments to maintain required privacy even when the cloud crosses various jurisdictions with different privacy policies. The outcomes will benefit educational organisations, and lay the foundations for data sharing in other communities such as the government, banks, and other industries in Australia.Read moreRead less
Enhancing information credibility using mathematical prediction. The aim of this project is to develop theory, techniques, mathematical tools and practical algorithms for rumor detection and forecast in social media to enhance credibility of news, especially in time-sensitive situations and trending events. This project will significantly advance human knowledge of rumor formation, detection, and forecast, which will enable timely and efficient counter attacks. The outcomes from this project wil ....Enhancing information credibility using mathematical prediction. The aim of this project is to develop theory, techniques, mathematical tools and practical algorithms for rumor detection and forecast in social media to enhance credibility of news, especially in time-sensitive situations and trending events. This project will significantly advance human knowledge of rumor formation, detection, and forecast, which will enable timely and efficient counter attacks. The outcomes from this project will offer a reliable information environment for our society.Read moreRead less
Security and Privacy of Individual Data Used to Extract Public Information. The project aims to contribute to the development of techniques to allow the harvesting of useful information without compromising personal privacy. Intelligent analysis of personal data can reveal valuable knowledge about a population but at a risk of invading an individual's privacy. This project aims to provide at least partial solutions to some of the problems associated with the protection of private data. In partic ....Security and Privacy of Individual Data Used to Extract Public Information. The project aims to contribute to the development of techniques to allow the harvesting of useful information without compromising personal privacy. Intelligent analysis of personal data can reveal valuable knowledge about a population but at a risk of invading an individual's privacy. This project aims to provide at least partial solutions to some of the problems associated with the protection of private data. In particular, it plans to work on the problem of security of statistical databases and privacy of streaming data. This would be underpinned by a study of anonymisation and homomorphic encryption. The expected outcomes are new theoretical results, new algorithms and protocols applicable to at least some of the current significant problems in information security.Read moreRead less
New Efficient Cryptographic Tools for Data Privacy and Software Protection. Online services for collaborative communication and software distribution are commonplace today, but their use is hampered by data privacy breaches and intellectual property violations via software reverse engineering. Recent theoretical breakthroughs in cryptography promise to provide new powerful tools for solving these problems, but these tools are not yet suitable for practical use, due to their low efficiency and a ....New Efficient Cryptographic Tools for Data Privacy and Software Protection. Online services for collaborative communication and software distribution are commonplace today, but their use is hampered by data privacy breaches and intellectual property violations via software reverse engineering. Recent theoretical breakthroughs in cryptography promise to provide new powerful tools for solving these problems, but these tools are not yet suitable for practical use, due to their low efficiency and a lack of solid security foundations. This project aims to apply algebraic and probabilistic techniques to improve efficiency of existing tools, and the understanding of their security. Outcomes are expected to include new insights in cryptographic theory, and new practical tools for cyber security.Read moreRead less