Modelling Languages and Ontologies
Our work in this area is concerned with the development and precise definition of modelling languages and ontologies to support visual modelling of security, trust, privacy and risk. Examples of our work in that area include the development of modeling languages based on the Goal-Oriented Requirements engineering paradigm, to model security and trust and the application of Concept diagrams in the area of Privacy Engineering, where ontologies can be used to capture privacy constraints over information systems. We also develop underlying formalisms, utilising logics and graph transformations, to enable precise specifications and automated reasoning, within the context of security and dependability, taking into account organisational policies and resource allocation.
Methodologies and Model-Based Engineering
Our work in that area focuses on the development and analysis of methods, processes, methodologies and architectures for secure and dependable systems. At the requirements level we focus on the development of processes that enables security engineers to elicit and model security requirements and analyse them in terms of security properties, relevant threats and vulnerabilities. At the architectural level, we focus on developing software architecture techniques to ensure that software systems satisfy security, trust and privacy requirements and that developed architectures reduce potential risks. Such techniques include model-based methodologies that enable support at different levels, from design –through the development of architectural models, to run time – through the execution and management of such models. Our work also include traceability support between software architecture and other artefacts of the software lifecycle such as code and requirements.
Security Engineering Decision Support
One of the single largest concerns facing organisations today is how to protect themselves from cyber attacks whose prominence impose the need to prioritise their cyber security concerns with respect to their perceived threats. We are investigating novel decision-making methodologies and models that offer the highest possible levels of protection within different domains (e.g. IoT, Cloud) with regards to different security and privacy threats and a set of evolving factors such as security requirements, financial cost, indirect costs (e.g. people’s productivity), intangible and tangible assets.
To support software development process activities, we are developing computer-aided software engineering (CASE) tools. Our tools support security and trust analysis of the system under development at different levels. At the higher level, they are graphical editors where security and trust models can be drawn and the grammatical correctness of the models is automatically checked. On the lower level, they enable analysis of security and trust properties and security threats.