Big Data Systems (BDS) (i.e., data-intensive applications) have become one of the key priority areas for all sorts of organizations. We have been conducting R&D on different aspects of Data intensive applications in general and… Read More »Engineering Data-Driven Secure Software Services
Cyber Security infrastructures are increasingly relying on big data technologies for capturing, storing, and analyzing huge amount of security events data. Designing and evolving systems that can effectively and efficiently combine big data technologies and cybersecurity are hugely challenging undertakings. Whilst the knowledge for designing cyber security analytics systems has increasing for sometime, there was no consolidated piece of work on design mechanisms, also called tactics, for architecting big data cyber security analytics systems – very proud to share that our recent effort has attempted to fill that gap by providing a consolidated piece of knowledge about the quality attributes considered important for cyber security analytics systems and architectural tactics can help achieve the desired set of quality attributes – such a consolidated knowledge about any aspect of software design is called Design Space – ours is a design space for cyber security analytics systems. This work has recently been accepted for publication in one of the top quality journal of software systems, Journal of Systems and Software. We will be happy to provide a copy of the article on request and following is the abstract of the article. Read More »Design Space for Cyber Security Analytical Systems
It is becoming quite hard to imagine software systems that wouldn’t need adaptation as part of their runtime requirements. With the increasing demand for adaptivity by design, the knowledge and skills in this area are lagging far behind. Cyber Analytics systems are a new breed of systems that combine big data technologies and cyber security systems for capturing, manning, and analyzing cyber security events data. Such systems need to be adaptive for supporting real-time analysis of the security events data. Our research has been focused on this important area for sometime and now we have started reporting the results of our work. Recently, one of our articles on this topic has been accepted in a prestigious software architecture conference, International Conference on Software Architecture, which will be held in Hamburg. Following is the abstract of the article and if it interests to you, please feel free to ask for a copy. Read More »Adaptive Architectures for Cyber Security Analytics Systems
An increasing number of organisations focusing on security orchestration approaches and solutions to automate the processes of their Security Operation Centre (SOC). There are hundreds of approaches and tools to support security orchestration, hence, practitioners find it hard to access a consolidated material on the available solutions and researchers are unable to figure out the gaps. Our team has tried to address this need by reporting a systematic horizon scan of the security orchestration approaches and tools – the report has been published in one of the most prestigious journal of computing, ACM Computing Survey – the work is led by Chadni Islam, and Data61’s Surya Nepal is the collaborator. The abstracts of the paper is below and interested readers are welcome to contact us for a copy of the paper. Read More »A Systematic Horizon Scan of Security Orchestration Approaches and Tools
We are continuously progressing on the plan for strengthening our capabilities in Cyber Security. To achieve this goal, we have been not only building internal capabilities but also forming and leveraging strategic collaborations. Out of one of our recent collaborations, with Giannis and Rami, in the areas of Cyber Security has resulted a high quality piece of work that has been accepted in a highly profile journal, ACM Computing Survey. The abstract of this paper is below and can provide some useful insights to the potential readers of this work. We are hoping that this piece of work will lead to systematic classification and comparison of architectural level Cyber Security Solutions and develop and evaluate new techniques, approaches, and tools for designing and evaluating security centric large scale distributed systems. Below is the abstract from the paper.Read More »Our New Work on Self-Adaptive Security for large-scale Open Environments
With regards to our work on Cyber Security, we have recently successfully completed a collaborative piece fo work with researchers from Security Lancaster, University of Lancaster, UK. Our collaborative work was focused on identifying and understanding Data Exfiltration: External Vectors and Countermeasures and has been accepted in Journal of Network and Computer Applications with the following title and abstract. The pieces of paper provide an extensive literature review that is expected to be leveraged for understanding the key external attack vectors and the countermeasures and the areas for future research.
“Data Exfiltration: A Review of External Attack Vectors and Countermeasures”Read More »Data Exfiltration: External Attack Vectors and Countermeasures
Internet of Things (IoT) have emerged a popular technology that underpinning several innovative products and services. Internet of Everything (IoE) or Web of Things (WoT) are real or virtual networks of things (or services) that can be meaningfully quarried or combined in order to build and provide different types of services. Recently, we have a book chapter, Using Reference Architecture for Design and Evaluation of Web of Things Systems, has been included a newly published book, Managing the Web of Things: Linking the Real World to the Web, edited by Michael Sheng, Yongrui Qin, Lina Yao, and Boualem Benatallah. The abstract of our book chapter is below as it may interest to some of the readers. The book chapter provides a methodological approach and technical details about applying a reference architectures to support the design and evaluation of Web of Things Systems. The research involved students from a software architecture course offered at the IT University of Copenhagen, Denmark. The abstract of the chapter is below:
Through a team of students from the Masters of Software Engineering ME (Software), we started the design and implementation of the first phase of our solution aimed at providing a knowledge-based support for Microgrid security risk analysis. The project was motivated by an increasing realisation that a large number of energy systems are made of multiple sources of energy generation and distribution. Now more and more energy distribution companies are focused on solutions with two-ways of energy movement – energy supply from the energy distribution companies from their conventional or smart grids or energy supply from small, independent energy generators through Microgrids. Whilst a Microgrid provides promising solutions for modernising energy solutions aimed at addressing contemporary challenges, there are several types of challenges involved in designing, building, and operating Microgrids integrated into an energy ecosystem.Read More »A Knowledge Base for Microgrid Security Risk Analysis
An increasing number of software systems are considered Software Intensive Systems of Systems (SiSoS), which consist of dozens of constituent systems. Systems are interconnected using private or public networks, which can be prime target for security attacks. Hence, securing SiSoS is a huge challenge and an emerging areas of research and development. SoS can have several applications domains that can range from smart cities, to defence systems, and industrial control systems. Modeling of and reasoning of security-sensitive architecture of software intensive systems is a challenging piece of work but several modelling approaches and tooling support have been developed. However, there has been no signifiant effort to develop appropriate modelling approach and associated infrastructure for modeling security-senstive architecture of SoS. Led by our collaboratives in France, we have recently developed an approach and tool support for supporting seccutiry-senstive architecture design and analysis .Read More »Modeling Security-Sensitive Architecture of Systems-of-Systems
Whilst the “Smart City” phenomenon is increasingly becoming a popular term among almost all circles of everyday life, the real progress on conceiving, devising, deploying and evolving services for “Smart City” remains slow. Governments, councils, and private sectors appear to be finding different ways of capitalising on the popularity and potential of “Smart City” phenomenon to address the challenges of increasing urbanisation. However, citizens and civil rights groups remain skeptical about the potential privacy violations of the data that need to be captured and analysed for providing the “Smart City” services and the security aspects those services in the face of persistent cyber attacks. And these two concerns are some of the biggest issues in the success of a “Smart City” initiative. Recently, our “Smart City” initiative was covered by the Guardian news paper and the ABC News and both of the media venues focused on the privacy issues involved in the “Smart City” projects.