Discovery Early Career Researcher Award - Grant ID: DE230100473
Funder
Australian Research Council
Funding Amount
$410,154.00
Summary
Effective integration of human and automated analyses for security testing. This DECRA project aims to significantly improve the performance of current state-of-the-art automated security testing approaches, enabling them to discover more security bugs in strict time constraints. The key innovation of the project is its novel way to embrace human element to leverage the ingenuity of the developers. This project will help companies improve the security and reliability of their products, thwarting ....Effective integration of human and automated analyses for security testing. This DECRA project aims to significantly improve the performance of current state-of-the-art automated security testing approaches, enabling them to discover more security bugs in strict time constraints. The key innovation of the project is its novel way to embrace human element to leverage the ingenuity of the developers. This project will help companies improve the security and reliability of their products, thwarting cyberattacks that cost Australian business $29 billion each year. The knowledge from this project will be transferred and integrated into higher education subjects to train the next generations of software developers, who are responsible to build security-critical systems that we all rely on now and in the future.Read moreRead less
Secure Management of Internet of Things Data for Critical Surveillance. This project aims to develop innovative models/algorithms to manage Internet of Things (IoT) data safely and reliably. This project expects to generate new knowledge in the area of classified information governance using innovative data collection, transmission and analysis techniques that overcome the security concerns in large-scale collaborative sensing. Expected outcomes include novel abstract interfaces for IoT, adaptiv ....Secure Management of Internet of Things Data for Critical Surveillance. This project aims to develop innovative models/algorithms to manage Internet of Things (IoT) data safely and reliably. This project expects to generate new knowledge in the area of classified information governance using innovative data collection, transmission and analysis techniques that overcome the security concerns in large-scale collaborative sensing. Expected outcomes include novel abstract interfaces for IoT, adaptive trust and integrity preserving methods, and reliable distributed data processing mechanisms to mitigate vulnerabilities in real-time IoT-enabled critical surveillance. This should provide significant benefits to Australia's economy, one of which is the enhanced consumer-centric adoption of IoT for sensitive operations.Read moreRead less
Preventing sensitive data exfiltration from insiders . Confidential data such as military secrets or intellectual property must never be disclosed outside the organisation; formally protecting data exfiltration from insider attacks is a major challenge. This project aims to develop a pattern matching based systematic methodology for data exfiltration in database systems. We will devise highly accurate detection tools and secure provenance techniques that can effectively protect against insider a ....Preventing sensitive data exfiltration from insiders . Confidential data such as military secrets or intellectual property must never be disclosed outside the organisation; formally protecting data exfiltration from insider attacks is a major challenge. This project aims to develop a pattern matching based systematic methodology for data exfiltration in database systems. We will devise highly accurate detection tools and secure provenance techniques that can effectively protect against insider attacks. The outcomes of the project will incorporate new security constraints and policies raised by emerging technologies to enable better protection of sensitive information. Read moreRead less
Defending AI based FinTech Systems against Model Extraction Attacks. This project aims to develop new methods for defending artificial intelligence (AI) based FinTech systems from highly potent and insidious model extraction attacks whereby an adversary can steal the AI model from the system to cause intellectual property (IP) violation, business advantage disruption, and financial loss. This can be achieved by examining various attack models, creating active and utility-preserving defences, and ....Defending AI based FinTech Systems against Model Extraction Attacks. This project aims to develop new methods for defending artificial intelligence (AI) based FinTech systems from highly potent and insidious model extraction attacks whereby an adversary can steal the AI model from the system to cause intellectual property (IP) violation, business advantage disruption, and financial loss. This can be achieved by examining various attack models, creating active and utility-preserving defences, and inventing non-removable watermarks on AI models. The outcomes are new tools for securing AI-based FinTech systems before deployment and tools for IP violation forensics post-deployment. Such capabilities are beneficial by improving the security and safety of FinTech systems and other nationally critical AI systems.Read moreRead less
MemberGuard: Protecting Machine Learning Privacy from Membership Inference. Machine Learning has become a core part of many real-world applications. However, machine learning models are vulnerable to membership inference attacks. In these attacks, an adversary can infer if a given data record has been part of the model's training data. In this project, the team aims to develop new techniques that can be used to counter these attacks, such as 1) new analytical models for membership leakage, 2) ne ....MemberGuard: Protecting Machine Learning Privacy from Membership Inference. Machine Learning has become a core part of many real-world applications. However, machine learning models are vulnerable to membership inference attacks. In these attacks, an adversary can infer if a given data record has been part of the model's training data. In this project, the team aims to develop new techniques that can be used to counter these attacks, such as 1) new analytical models for membership leakage, 2) new methods for susceptibility diagnosis, 3) new defences that leverage privacy and utility. Data-oriented services are estimated to be valuable assets in the future. These techniques can help Australia gain cutting edge advantage in machine learning security and privacy and protect its intellectual property on these services.Read moreRead less
Preventing Exfiltration of Sensitive Data by Malicious Insiders or Malwares. Data exfiltration is a serious threat as highlighted in recent leakage of sensitive data that resulted in huge economic losses as well as unprecedented breaches of national security. The aim of this project is to develop a comprehensive and robust solution for detection and prevention of sensitive data exfiltration attempts by malware and unauthorised human users. Expected outcomes include scalable monitoring methods an ....Preventing Exfiltration of Sensitive Data by Malicious Insiders or Malwares. Data exfiltration is a serious threat as highlighted in recent leakage of sensitive data that resulted in huge economic losses as well as unprecedented breaches of national security. The aim of this project is to develop a comprehensive and robust solution for detection and prevention of sensitive data exfiltration attempts by malware and unauthorised human users. Expected outcomes include scalable monitoring methods and efficient algorithms that will be able to prevent real-time exfiltration and identify previously undetected exfiltration of sensitive data. This should provide significant benefits to governments, defence networks as well as businesses and health sectors, as it will protect them from sophisticated cyber attacks.
Read moreRead less
Privacy-Preserving Fog Info System in Infrastructure-Deficient Environments. Due to Australia’s unique geographical distribution and population density, many regional or remote areas lack infrastructural support and development, including telecommunications and electricity supply. It is important to provide information and communication services in such infrastructure-deficient environments. In this project, we will develop a first-ever commercially ready Fog information system, or FogIS in shor ....Privacy-Preserving Fog Info System in Infrastructure-Deficient Environments. Due to Australia’s unique geographical distribution and population density, many regional or remote areas lack infrastructural support and development, including telecommunications and electricity supply. It is important to provide information and communication services in such infrastructure-deficient environments. In this project, we will develop a first-ever commercially ready Fog information system, or FogIS in short, to enable localised information and communication services, while preserving users' privacy, in infrastructure-deficient environments. The deployment of this system will bring great benefits to Australia’s economic growth, the quality of life, cybersecurity, and environment control in rural and regional Australia. Read moreRead less
Privacy preserving and data utility in outsourced systems. Making the best tradeoff between data privacy and utility is a vital challenge in privacy-preserving outsourcing environments. This project aims to develop a balanced distributed framework to achieve the best utility of outsourced data while protecting private information. The framework consists of general structure of distributed evolutionary algorithms and a predefined topology for high optimization efficiency and a dynamic groupin ....Privacy preserving and data utility in outsourced systems. Making the best tradeoff between data privacy and utility is a vital challenge in privacy-preserving outsourcing environments. This project aims to develop a balanced distributed framework to achieve the best utility of outsourced data while protecting private information. The framework consists of general structure of distributed evolutionary algorithms and a predefined topology for high optimization efficiency and a dynamic grouping recombination model. The project outcomes will be beneficial to applications in the nation as it incorporates new privacy constraints and utility requirements raised by emerging technologies to enable better protection of sensitive information and maximal data utility in outsourced systems. Read moreRead less
Development of Cryptographic Library and Support System. The protection of the whole cyber space relies on a foundation of cryptography. Cryptographic components of apps authenticate remote parties and secure the communications. However, cryptographic misuse has become a most common issue in development of security component, affecting up to 90% of apps!
This project aims to research, design and develop a crypto library. The innovation of this project lays in three aspects: (1) we will develop ....Development of Cryptographic Library and Support System. The protection of the whole cyber space relies on a foundation of cryptography. Cryptographic components of apps authenticate remote parties and secure the communications. However, cryptographic misuse has become a most common issue in development of security component, affecting up to 90% of apps!
This project aims to research, design and develop a crypto library. The innovation of this project lays in three aspects: (1) we will develop a self-contained, reliable, compatible and verifiable crypto library; (2) we will develop security test software automatically to test and verify security of codes; and (3) we will provide intelligent decision support through argumentation to help developers to apply the library efficiently and correctly.Read moreRead less
Discovery Early Career Researcher Award - Grant ID: DE200100016
Funder
Australian Research Council
Funding Amount
$351,798.00
Summary
Enabling Compatible and Secure Mobile Apps via Automated Program Repair. This project aims to ensure everyone in Australia and the world can reliably utilise compatible and secure mobile apps on their smart devices, by inventing a novel approach to automatically fix compatibility and security issues during app development and installation. The project expects to generate new knowledge, tools and methods to support efficient mobile app fix through mining the best practices from the mobile ecosyst ....Enabling Compatible and Secure Mobile Apps via Automated Program Repair. This project aims to ensure everyone in Australia and the world can reliably utilise compatible and secure mobile apps on their smart devices, by inventing a novel approach to automatically fix compatibility and security issues during app development and installation. The project expects to generate new knowledge, tools and methods to support efficient mobile app fix through mining the best practices from the mobile ecosystem. Expected outcomes include better support for app developers to build mobile apps that will maximise the potential of the mobile ecosystem for Australian businesses. This should provide significant benefits, such as enhanced productivity for the software industry and better mobile app experience and safety for users.Read moreRead less