School of Computing Science

Software Engineering and Information Security

The Software Engineering and Information Security group has a number of research themes including:

  • Usable Security: Research into making security products usable, helping people to protect themselves from computer crime, innovative alternative authentication mechanisms
  • Contingency planning for software security: this aims to increase the resilience of computational infrastructures to adverse events including cybersecurity threats, major bugs and blackouts.
  • Software engineering for space based systems: this work develops new architectures and design techniques for space related software including human space flight and satellite based location services.
  • Safety-critical software engineering: this work analyses the causes of failure in complex software systems ranging from aviation through to healthcare and alternative energy applications.
  • Computer Forensics: examines the recovery and analysis of any type of digital data from any type of digital media so that it will stand up in a court of law. This includes examining dependability of forensic software, the effectiveness of extraction techniques in both pervasive and traditional technologies.
  • Dependable social technical systems: Using modelling and simulation of socio-technical systems to improve dependability and predict potential failures

Academic Staff: Prof Chris Johnson, Dr Ronald R Poet, Dr Karen V Renaud, Dr Tim Storer, Prof David A Watt.

Research Assistants and Research Students: Mr Muhammad Imran Abbasi, Mr Hani Aljahdali, Mr Md Sadek Ferdous, Mrs Huda Al-Shuaily, Mrs Heather Crawford, Miss Rosanne English, Ms Wendy Goucher, Mr George Grispos, Mr Salem Jebriel, Mr Joe Maguire, Mr Jan Muhammad, Mr Stefan Raue, Mr Yulun Song.

  • usable security
  • alternative authentication
  • information security management
  • cyber-security
  • digital forensics
  • dependable heterogeneous software infrastructures
  • dependable software based systems
  • biometrics, computational trust
  • software engineering for science
  • steganography
  • security of space based infrastructures
  • contingency planning for software security

Password cueing with cue(ink)blots
Renaud, K.V. , McBryan, T. , and Siebert, J.P. (2008) Password cueing with cue(ink)blots. In: IADIS Computer Graphics and Visualization, 24-26 Jul 2008, Amsterdam, The Netherlands.

A comprehensive study of the usability of multiple graphical passwords
Chowdhury, S., Poet, R. , and Mackenzie, L. (2013) A comprehensive study of the usability of multiple graphical passwords. In: Interact 2013, 2-6 Sep 2013, Cape Town, South Africa. (In Press)

The affect of familiarity on the usability of recognition-based graphical password
Aljahdali, H., and Poet, R. (2013) The affect of familiarity on the usability of recognition-based graphical password. In: TrustCom 2013, 16-18 Jul 2013, Melbourne, Australia.

Portable personal identity provider in mobile phones
Ferdous, M.S., and Poet, R. (2013) Portable personal identity provider in mobile phones. In: TrustCom 2013, 16-18 Jul 2013, Melbourne, Australia.

Exploring the guessability of image passwords using verbal descriptions
Chowdhury, S., Poet, R. , and Mackenzie, L. (2013) Exploring the guessability of image passwords using verbal descriptions. In: TrustCom 2013, 16-18 Jul 2013, Melbourne, Australia.

Dynamic identity federation using security assertion markup language (SAML)
Ferdous, M.S., and Poet, R. (2013) Dynamic identity federation using security assertion markup language (SAML). In: IFIP IDMAN 2013: Policies and Research in Identity Management, 8-9 Apr 2013, London, UK.

Multicriteria optimization to select images as passwords in recognition based graphical authentication systems
Chowdhury, S., Poet, R. , and Mackenzie, L. (2013) Multicriteria optimization to select images as passwords in recognition based graphical authentication systems. In: HCI International 2013, 21 - 26 Jul 2013, Las Vegas, NV, USA. (In Press)

A framework for continuous, transparent mobile device authentication
Crawford, H., Renaud, K. , and Storer, T. (2013) A framework for continuous, transparent mobile device authentication. Computers and Security . ISSN 0167-4048 (doi:10.1016/j.cose.2013.05.005 ) (In Press)

Encouraging second thoughts: obstructive user interfaces for raising security awareness
Storer, T. , Marsh, S., Noël, S., Esfandiari, B., El-Khatib, K., Briggs, P., Renaud, K. , and Bicakci, M.V. (2013) Encouraging second thoughts: obstructive user interfaces for raising security awareness. In: Privacy Security Trust 2013, 10-12 July 2013, Catalonia, Spain.

Investigating information security risks of mobile device use within organizations
Glisson, W.B. , and Storer, T. (2013) Investigating information security risks of mobile device use within organizations. In: 19th Americas Conference on Information Systems, 15-17 Aug 2013, Chicago, IL, USA. (In Press)

Information technology: gateway to direct democracy in China and the world
Cockshott, W.P. , and Renaud, K. (2013) Information technology: gateway to direct democracy in China and the world. International Critical Thought , 3 (1). pp. 76-97. ISSN 2159-8282 (doi:10.1080/21598282.2013.761448 )

Guidelines for designing graphical authentication mechanism interfaces
Renaud, K. (2009) Guidelines for designing graphical authentication mechanism interfaces. International Journal of Information and Computer Security , 3 (1). pp. 60-85. ISSN 1744-1765 (doi:10.1504/IJICS.2009.026621 )

In a world of their own: working on the move
Goucher, W., and Renaud, K. (2011) In a world of their own: working on the move. In: The 25th BCS Conference on Human Computer Interaction, 4-8 Jul 2011, Newcastle Upon Tyne, UK.

Using insights from email users to inform organisational email management policy
Ramsay, J., and Renaud, K. (2012) Using insights from email users to inform organisational email management policy. Behaviour and Information Technology , 31 (6). pp. 587-603. ISSN 0144-929X (doi:10.1080/0144929X.2010.517271 )

Accessible and secure? Design constraints on image and sound based passwords
Gibson, M., Conrad, M., Maple, C., and Renaud, K. (2010) Accessible and secure? Design constraints on image and sound based passwords. In: The International Conference on Information Society (i-society 2010), 28-30 Jun 2010, London, UK.

Distance education as enabler in crossing the digital divide: will the phoenix fly?
Van Biljon, J., and Renaud, K. (2009) Distance education as enabler in crossing the digital divide: will the phoenix fly? In: 3rd International Development Informatics Association Conference, 28-30 Oct 2009, Kruger National Park, South Africa.

Web authentication using Mikon images
Renaud, K. (2009) Web authentication using Mikon images. In: 2009 World Congress on Privacy, Security, Trust and the Management of e-Business, 25-27 Aug 2009, Saint John, NB, Canada.

Musipass: authenticating me softly with "my" song
Gibson, M., Renaud, K. , Conrad, M., and Maple, C. (2009) Musipass: authenticating me softly with "my" song. In: New Security Paradigms Workshop 2009, 8-11 Sep 2009, Oxford, UK.

Armchair authentication
Renaud, K. , and Maguire, J. (2009) Armchair authentication. In: The 23rd British BCS Human Computer Interaction Group Annual Conference on People and Computers: Celebrating People and Technology, 1-5 Sep 2009, Cambridge, UK.

Predicting technology acceptance and adoption by the elderly: a qualitative study
Renaud, K. , and Van Biljon, J. (2008) Predicting technology acceptance and adoption by the elderly: a qualitative study. In: Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists, 6-8 Oct 2008, Wilderness, South Africa.

This Week’s EventsAll Upcoming EventsPast Events

This Week’s Events

There are no events scheduled for this week

Upcoming Events

There are no upcoming events scheduled.

Past Events

Who is old - and why should we care? (29 January, 2013)

Speaker: Dr Alistair Edwards

Multicriteria Optimization Approach to Select Images as Passwords in Recognition Based Graphical Authentication Systems (05 February, 2013)

Speaker: Soumyadeb Chowdhury

Recognition-based graphical authentication systems (RGBSs) use images as passwords. The major goal of our research is to investigate the usability and guessability i.e. vulnerability of the different image types, Mikon, doodle, art and object (sports, food, sculptures etc) to written and verbal descriptions, when used as passwords in RBGS. We conducted two longitudinal user studies over a period of 4 months to evaluate the usability (100 users) and guessability based on verbal descriptions (70 users), of  these image types when used as passwords in RGBSs. After deriving conclusions based on a statistical analysis of the data, the research question was “How to rank image types based on both the criteria”. Usability and guessability are in conflict, when assessing the suitability of an image for use as a password. Since the statistical analysis alone does not unambiguously identify the most suitable image to be used as password, here, we present a new approach which effectively integrates a series of techniques to rank images, taking into account the conflicting criteria.

Information processing in emergency management environments (12 February, 2013)

Speaker: Stefan Raue

In this talk I will discuss some of my work on information processing in emergency management environments. In particular, I will focus on crowdsourcing techniques to improve the response to adverse events resulting from natural or man-made hazards. I will talk about the information needs of emergency services during the early stages of response, and discuss the information processing activities to which crowdsourcing activities could be beneficial. There are multiple technical, social and ethical challenges arising from the prospect of involving the crowd in large-scale information processing tasks in this time- and safety-critical environment.

The Black Hole Methodology (19 February, 2013)

Speaker: Wendy Goucher

Research is tough, demanding, frustrating and not always rewarding.  And then there is the inescapable problem.  In this case it was “ How do you prove there is a problem?” and thereby is the issue.  There is no way to prove it because the evidence is invisible or non-existent.  This is the story of how that obstacle was tackled.  The solution wasn’t perfect, but it was a way forward.

Why am I not running the world? (26 February, 2013)

Speaker: Dave McKay

Inspired by Suranga Chandratillake’s Turing lecture, I want to develop his theme of the “The Boffin Phallacy”. Using wild assertions and examples from my own career, and with no humility whatsoever, I will point out some things that Suranga missed. I will put aside fears of losing my academic friends and alienating academic researchers everywhere, and try to show that a business life is exciting and sexy. Along the way, I hope to suggest some ways that we can turn out computing graduates who will one day run the globe.

Further Adventures with the Raspberry Pi Cloud (05 March, 2013)

Speaker: David White, Jeremy Singer (and L4 project student)

With money from GU Chancellor's Fund, we have been constructing a scale model of a cloud datacenter out of Raspberry Pi boards. In this presentation, we will give details of the aims of the project, potential deployment in research and teaching contexts, and progress to date.

Proactive Social Media Use of Emergency Authorities (19 March, 2013)

Speaker: Preben Bonnen & Martin Marcher

In the summer of 2012, the Danish Forum for Civil Protection and Emergency Planning / Forum for Samfundets Beredskab (FSB), started a large project focusing on the authorities' proactive use of social media, primarily Facebook and Twitter. The inspiration came from the Norwegian and Swedish police, who not only proactively use Facebook and Twitter, but they have also previously made thorough considerations regarding the possibilities and prospects for the use of social media.

The rationale behind the launch of an analysis, and later that year a seminar the 2nd of November 2012 in the Danish Parliament, were the growing challenges authorities are facing in relation to both the media and the press, and in relation to social media. In all cases there is an expectation of quick information, and even so more, in the possible event of a major incident where questions and the need for information would multiply. But when questions are many, the information from the authorities is typically and usually moderate. That may change with proactive use of social media.

Basically, there isn’t much that can prevent authorities using social media in ensuring society preparedness.  For example, the police force can use social media tools to convey important information to the public, create campaigns targeting specific social segments, communicate enquiries regarding criminals or missing persons, and issue traffic warnings. Besides reaching their target audience, who may not usually be involved in dialogue with police, there is a good possibility of increasing dialogue with the general public. This can be achieved through chats with the public on various issues chosen by citizens themselves, on issues they find relevant within their own society. In conclusion, police presence on social media over time will be expected as a normal part of their everyday job. Preben Bonnén and Martin Marcher from Forum for Civil Protection and Emergency Planning (FSB) will present a detailed presentation discussing the opportunities and perspectives that present themselves to authorities in society preparedness, and to what extent they do so. 

Engineering Adaptive Software Systems (19 March, 2013)

Speaker: Dr Arosha Bandara

Adaptive software systems have been the focus of significant research activity due to their promise of addressing some of the complexity challenges associated with large software intensive systems.  In 2003, Kephart and Chess published their vision of autonomic computing, which aimed to address some of the challenges of software complexity.  In essence, they proposed that software architectures should incorporate a layer, analogous to the autonomic nervous system, that could adapt the behaviour of the system to meet particular quality attributes (e.g., security, usability, etc.). The challenges of engineering such systems encompass a range of computing disciplines, that include requirements engineering, software architectures and usability.  This talk will explore these challenges, drawing on work being done at The Open University in the areas of adaptive user interfaces, information security and privacy.