Our Research

Tools and Techniques for Secure-by-Design DLT System

This area of research concerns with techniques and tools for facilitating secure-by-design of DLT. We focus on a holistic perspective that considers not just the ledger networks but the interfaces between the ledger and other system components.

Socio-technical factors in secure software engineering methodologies and practices

Software development is a highly cognitive process, requiring the intellectual work of individuals and groups. And the development of secure software systems is highly dependent on the decisions of the software developers and other relevant stakeholders. Due to this reason, it is a field that is affected by errors in human judgment and a range of other socio-technical factors. Therefore, how do we account for this “human factor”, which plays a major role in this process?

Secure Mobile Health Application Engineering

Smartphone ownership has surpassed three billion, and it is expected to increase by several hundred million in the next few years. Healthcare becomes one of the primary domains that strive to utilise mobile applications (apps) to empower and innovate health services. Many evidence was presented in previous studies that showed that employing mobile health apps is an effective approach to enhance end-users' health for several clinical scenarios (e.g., dermatologic care apps, chronic management apps, rehabilitation apps). Despite the many advantages of using mobile health apps, security remains an ongoing concern that needs to be addressed. Many mobile health apps would be dealing with highly sensitive health data, and insecure apps would pose significant risks.

Security Orchestration and Automation

At CREST researchers are leveraging existing software engineering, analytical reasoning, natural language processing and machine learning tools and techniques to develop a secure and integrated platform. Our aim is to help build a secure and integrated platform that is easy to use and evolve with the changing threat landscape and increase the operation efficiency of the cybersecurity team.

Mining Open-source Repositories for Predictive Security Analytics

The focus of CREST researchers is to utilize data available in open-source repositories to develop high-performing and robust AI-enabled prediction models to automate the detection, characterization, and fixing prioritization of vulnerabilities in time. We also study the security discussions of developers on open-source repositories (e.g., GitHub) and/or Q&A websites (e.g, Stack Overflow and Security StackExchange) to understand the current security challenges/risks and give suggestions on how researchers, educators and practitioners can maximally leverage and contribute to developing more secure software.

Real-time Big Data Analytics

CREST researchers leverage state-of-the-art techniques (e.g., AI and search-based optimization) to design, implement, deploy, and evaluate big data systems for optimally collecting, storing, analyzing, and visualizing a large volume of data in real-time. CREST research particularly focuses on the evaluation of big data storage solutions (e.g., Cassandra and MongDB) and big data analytical solutions (e.g., Spark and Flink) as deployed on private, public, and hybrid clouds. The application domains of our research on real-time big data analytics include but not limited to cyber security, oil and gas, and healthcare.

Cyber Common Operating Pictures (CCOP)

The goal of this research is to build and rigorously evaluate novel approaches, metrics, and technological infrastructure for providing a highly configurable Platform for CCOP that will enhance Cyber Situational Awareness in an organisation and allow them to redefine how they manage cyber security.

Automated Container Security

Researchers at CREST leverage various artificial intelligence approaches to develop tools and techniques to better understand the developers’ viewpoint on security while adopting container technologies in industry. We study a large volume of container-related data in open source software repositories (GitHub), Question/Answering Platforms (Stack Overflow, Docker Forum) as well as container image repositories (Docker Hub) to find and analyse the security issues. This research will help container developers and researchers to understand container security requirements and provide a broad view of possible security attacks and risks.