Discovery Early Career Researcher Award - Grant ID: DE230100473
Funder
Australian Research Council
Funding Amount
$410,154.00
Summary
Effective integration of human and automated analyses for security testing. This DECRA project aims to significantly improve the performance of current state-of-the-art automated security testing approaches, enabling them to discover more security bugs in strict time constraints. The key innovation of the project is its novel way to embrace human element to leverage the ingenuity of the developers. This project will help companies improve the security and reliability of their products, thwarting ....Effective integration of human and automated analyses for security testing. This DECRA project aims to significantly improve the performance of current state-of-the-art automated security testing approaches, enabling them to discover more security bugs in strict time constraints. The key innovation of the project is its novel way to embrace human element to leverage the ingenuity of the developers. This project will help companies improve the security and reliability of their products, thwarting cyberattacks that cost Australian business $29 billion each year. The knowledge from this project will be transferred and integrated into higher education subjects to train the next generations of software developers, who are responsible to build security-critical systems that we all rely on now and in the future.Read moreRead less
Australian Laureate Fellowships - Grant ID: FL190100035
Funder
Australian Research Council
Funding Amount
$3,009,457.00
Summary
Human-centric Model-driven Software Engineering. This project aims to find fundamentally new ways to capture and use human-centric software requirements during model-driven software engineering and verifying that systems meet these requirements. There are major issues with misaligned software applications in terms of accessibility, usability, emotions, personality, age, gender, and culture. This project aims to address these through new conceptual foundations and modelling techniques for their s ....Human-centric Model-driven Software Engineering. This project aims to find fundamentally new ways to capture and use human-centric software requirements during model-driven software engineering and verifying that systems meet these requirements. There are major issues with misaligned software applications in terms of accessibility, usability, emotions, personality, age, gender, and culture. This project aims to address these through new conceptual foundations and modelling techniques for their support during software engineering. The intended outcomes are enhanced theory, models, tools and capability for next-generation software engineering with these critical elements. Significant benefits are expected to include greatly improved software quality, developer productivity and cost savings.Read moreRead less
Values-oriented Defect Fixing for Mobile Software Applications. This project aims to address critical problems with mobile applications that exhibit human values-based defects, by advancing our understanding, detection and fixing of such defects. Many mobile apps do not operate according to the essential values of their human users - e.g. inclusivity, accessibility, privacy, ethical behaviour, due care, emotions, etc - making them ineffective, underused, unfit for purpose or even dangerous. Exp ....Values-oriented Defect Fixing for Mobile Software Applications. This project aims to address critical problems with mobile applications that exhibit human values-based defects, by advancing our understanding, detection and fixing of such defects. Many mobile apps do not operate according to the essential values of their human users - e.g. inclusivity, accessibility, privacy, ethical behaviour, due care, emotions, etc - making them ineffective, underused, unfit for purpose or even dangerous. Expected outcomes include new theories, techniques and prototype tools for developers and end users to detect and help fix values-based defects in mobile apps. Benefits include better, safer mobile apps for people and organisations and improved app developer productivity and competitiveness.Read moreRead less
Discovery Early Career Researcher Award - Grant ID: DE220101057
Funder
Australian Research Council
Funding Amount
$424,140.00
Summary
Practical Automated Software Bug Fixing via Syntactic and Semantic Analyses. This proposal aims to advance the practical adoption of automated software bug repair, which has recently been adopted by industry, e.g., Facebook. It will produce novel methods that use mining software repositories, program analysis, and human-guided search to help automated repair to scale and be accurate. Expected outcomes include a publicly available automated bug repair framework. This project will help the softwar ....Practical Automated Software Bug Fixing via Syntactic and Semantic Analyses. This proposal aims to advance the practical adoption of automated software bug repair, which has recently been adopted by industry, e.g., Facebook. It will produce novel methods that use mining software repositories, program analysis, and human-guided search to help automated repair to scale and be accurate. Expected outcomes include a publicly available automated bug repair framework. This project will help the software industry deliver to users high quality software with improved reliability and safety, and increase education quality for students learning to code via automated feedback generation.Read moreRead less
Defending AI based FinTech Systems against Model Extraction Attacks. This project aims to develop new methods for defending artificial intelligence (AI) based FinTech systems from highly potent and insidious model extraction attacks whereby an adversary can steal the AI model from the system to cause intellectual property (IP) violation, business advantage disruption, and financial loss. This can be achieved by examining various attack models, creating active and utility-preserving defences, and ....Defending AI based FinTech Systems against Model Extraction Attacks. This project aims to develop new methods for defending artificial intelligence (AI) based FinTech systems from highly potent and insidious model extraction attacks whereby an adversary can steal the AI model from the system to cause intellectual property (IP) violation, business advantage disruption, and financial loss. This can be achieved by examining various attack models, creating active and utility-preserving defences, and inventing non-removable watermarks on AI models. The outcomes are new tools for securing AI-based FinTech systems before deployment and tools for IP violation forensics post-deployment. Such capabilities are beneficial by improving the security and safety of FinTech systems and other nationally critical AI systems.Read moreRead less
Privacy-Preserving Fog Info System in Infrastructure-Deficient Environments. Due to Australia’s unique geographical distribution and population density, many regional or remote areas lack infrastructural support and development, including telecommunications and electricity supply. It is important to provide information and communication services in such infrastructure-deficient environments. In this project, we will develop a first-ever commercially ready Fog information system, or FogIS in shor ....Privacy-Preserving Fog Info System in Infrastructure-Deficient Environments. Due to Australia’s unique geographical distribution and population density, many regional or remote areas lack infrastructural support and development, including telecommunications and electricity supply. It is important to provide information and communication services in such infrastructure-deficient environments. In this project, we will develop a first-ever commercially ready Fog information system, or FogIS in short, to enable localised information and communication services, while preserving users' privacy, in infrastructure-deficient environments. The deployment of this system will bring great benefits to Australia’s economic growth, the quality of life, cybersecurity, and environment control in rural and regional Australia. Read moreRead less
Provable elimination of information leakage through timing channels. This project aims to develop techniques to solve the issue in information security of unauthorised information flow resulting from competition for shared hardware resources. The project will combine operating systems design, formal hardware models, information-flow reasoning and theorem proving to achieve a goal that is widely considered infeasible. The project is expected to result in a system that prevents leakage of critical ....Provable elimination of information leakage through timing channels. This project aims to develop techniques to solve the issue in information security of unauthorised information flow resulting from competition for shared hardware resources. The project will combine operating systems design, formal hardware models, information-flow reasoning and theorem proving to achieve a goal that is widely considered infeasible. The project is expected to result in a system that prevents leakage of critical information, such as encryption keys, through timing channels. This should prevent sophisticated attacks on public clouds, mobile devices and military-grade cross-domain devices.Read moreRead less
Detecting Firmware Vulnerabilities in Smart Home Devices. 83% of Australians have smart home devices. 47% claim they have three or more. These devices are easily targeted by cyber-attacks, and searching for their vulnerabilities has become more crucial than ever. Our industry partner GPG is actively looking for ways to detect vulnerabilities in their smart home products, but have not found any existing methods that satisfy three critical requirements: 1) massive search, 2) cross platform detecti ....Detecting Firmware Vulnerabilities in Smart Home Devices. 83% of Australians have smart home devices. 47% claim they have three or more. These devices are easily targeted by cyber-attacks, and searching for their vulnerabilities has become more crucial than ever. Our industry partner GPG is actively looking for ways to detect vulnerabilities in their smart home products, but have not found any existing methods that satisfy three critical requirements: 1) massive search, 2) cross platform detection, and 3) finding unseen vulnerabilities. We therefore propose to use a series of new techniques such as efficient in-memory fuzzing, conditional formulas, and transfer learning to solve the above challenges. The project outcomes will help Australia gain cutting edge techniques in vulnerability detection. Read moreRead less
A data driven paradigm for service-oriented system engineering. This project aims to design and develop a data driven paradigm for service-oriented system engineering that allows system engineers and domain experts in different domains to build software systems easily in order to enable fast technology transfer within and across domain boundaries. This model integrates and automates a suite of efficient approaches for system structure determination, validation and recommendation based on keyword ....A data driven paradigm for service-oriented system engineering. This project aims to design and develop a data driven paradigm for service-oriented system engineering that allows system engineers and domain experts in different domains to build software systems easily in order to enable fast technology transfer within and across domain boundaries. This model integrates and automates a suite of efficient approaches for system structure determination, validation and recommendation based on keyword search, subgraph isomorphism and substructure query techniques. This project is expected to significantly accelerate the application of new technologies, for example, big data analytics and Internet of Things, in many of Australia's critical domains such as e-Health, smart cities, and cybersecurity.Read moreRead less
Developing an effective defence to cyber-reputation manipulation attacks. This project will develop new technologies for businesses to accurately identify fake internet reviews. Fake reviews, paid for and/or written with malicious intent, can cause irreparable damage to businesses resulting in revenue loss, consumer dissatisfaction or even closure of businesses. However they are difficult to identify, as they continuously evolve to avoid detection and the volume of Internet reviews makes analysi ....Developing an effective defence to cyber-reputation manipulation attacks. This project will develop new technologies for businesses to accurately identify fake internet reviews. Fake reviews, paid for and/or written with malicious intent, can cause irreparable damage to businesses resulting in revenue loss, consumer dissatisfaction or even closure of businesses. However they are difficult to identify, as they continuously evolve to avoid detection and the volume of Internet reviews makes analysis a monumental task. This project will provide advanced tools to detect fake website reviews and a cybersecurity system prototype ready to be used by industry, making Australia a leader in this field and resulting in a safer internet environment for all.Read moreRead less