Software Engineering and Safety

The Software Engineering and Safety group has a number of research themes including:

  • Contingency planning for software security: increasing the resilience of computational infrastructures to adverse events including cybersecurity threats, major bugs and blackouts;
  • Software engineering for space based systems: developing new architectures and design techniques for space related software, including human space flight and satellite based location services;
  • Safety-critical software engineering: analysing the causes of failure in complex software systems ranging from aviation through to healthcare and alternative energy applications;
  • Computer forensics: examining the recovery and analysis of any type of digital data from any type of digital media so that it will stand up in a court of law, including examining the dependability of forensic software, the effectiveness of extractions in both pervasive and traditional technologies;
  • Dependable social technical systems: using modelling and simulation of socio-technical systems to improve dependability and predict potential failures.

Academic Staff: Prof Chris Johnson, Dr Inah Omoronyia, Dr Ronald R Poet, Professor David Watt.

Research Assistants and Research Students: Ms Arniyati Ahmad, Mr Gianfranco Elena, Mr Iain Gavin, Ms Wendy Goucher, Mr George Grispos, Mr Almoaid Owaidah, Mr Stefan Raue, Mr Robbie Simpson.

  • computational trust
  • contingency planning for software security
  • cyber-security
  • digital forensics
  • dependable heterogeneous software infrastructures
  • dependable software based systems
  • security of space based infrastructures
  • software engineering for science
  • steganography

This Week’s EventsAll Upcoming EventsPast EventsWebapp

This Week’s Events

There are no events scheduled for this week

Upcoming Events

There are no upcoming events

Past Events

Reducing the password burden: Investigating the effectiveness of data-driven authentication on mobile (04 November, 2014)

Speaker: Dr Mike Just
Recent research on the effectiveness of performing implicit authentication on smart phones, where sensor data is used to authenticate a user based upon their behaviour.

I will overview our group's recent research on the effectiveness of performing implicit authentication on smart phones, where sensor data is used to authenticate a user based upon their behaviour. In addition to results related to usability, security, and resource consumption, I will discuss some practical deployment issues related to training duration, and behaviour stability.

Mike is a Senior Lecturer and the Associate Director of the Interactive and Trustworthy technologies group at GCU. He has published on many areas of computer security and cryptography, and is particularly interested in building usable security solutions. In 2003 he designed the Government of Canada's online account recovery solution, used by more than 6 million citizens and businesses. He recently lead a two-year EU project investigating the use of mobile phone sensors for authentication, that will be the subject of this presentation. Mike obtained his PhD from Carleton University (Canada), and in addition to his academic work, he spent 10 years in both the private and public sectors. You can find more information, including publications, at

What I've learned so far about the recognition-based graphical passwords (Users and Developers Guidelines) (28 October, 2014)

Speaker: Hani Aljahdali
Development of Graphical Authentication Schemes

This talk will present guidelines about developing and using recognition-based graphical passwords properly in terms of usability and security. Those guidelines are based on in depth-interviews with 23 graphical password users from my previous studies. The guidelines will show the aspects that need to be considered for future work in the field of recognition-based graphical passwords.  

A review of multiple graphical password user studies and reported results (21 October, 2014)

Speaker: Soumyadeb Chowdhury
Overview of user studies in graphical authentication.

This  talk will present a brief review of all the user studies (known to me) in the field of GASs that had explored the memorability of multiple graphical passwords . The review for each of the user studies will discuss the system used for the experiment, the experimental protocol and the results obtained from the experiment and our inferences (which are based upon the research published by the respective authors).

Chiasson, S. et al., 2009. Multiple Password Interference in Text and Click-Based Graphical Passwords. In Proceedings of the 16th ACM conference on Computer and Communications Security. New York, 2009. ACM. 

Everitt, K.M., Bragin, T., Fogarty, J. & Kohno, T., 2009. A Comprehensive Study of Frequency, Interference, and Training of Multiple Graphical Passwords. In Proceedings of The 27th International Conference on Human Factors in Computing Systems- CHI., 2009

Moncur, W. & Leplatre, G., 2007. Pictures at the ATM: Exploring the Usability of Multiple Graphical Passwords. In Proceedings of the ACM SIGCHI., 2007

Chowdhury, S., Poet, R. & Mackenzie, L., 2014. Passhint: Memorable and Secure Authentication. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '14)., 2014. ACM Press

Android Permissions (14 October, 2014)

Speaker: Rosanne English
HUSH Research Group Talk

Elementary, my dear Java: Detecting patterns in object-oriented code (19 November, 2013)

Speaker: Jeremy Singer
SEIS lunchtime seminar

In this talk I will review the ideas of low-level code patterns for Java. I will show examples of these code patterns, discuss how they can be detected and give a short survey of useful applications. I may also bring a pipe and deer-stalker, in true Holmesian style.

Engineering Adaptive Software Systems (19 March, 2013)

Speaker: Dr Arosha Bandara

Adaptive software systems have been the focus of significant research activity due to their promise of addressing some of the complexity challenges associated with large software intensive systems.  In 2003, Kephart and Chess published their vision of autonomic computing, which aimed to address some of the challenges of software complexity.  In essence, they proposed that software architectures should incorporate a layer, analogous to the autonomic nervous system, that could adapt the behaviour of the system to meet particular quality attributes (e.g., security, usability, etc.). The challenges of engineering such systems encompass a range of computing disciplines, that include requirements engineering, software architectures and usability.  This talk will explore these challenges, drawing on work being done at The Open University in the areas of adaptive user interfaces, information security and privacy. 

Proactive Social Media Use of Emergency Authorities (19 March, 2013)

Speaker: Preben Bonnen & Martin Marcher
Preben Bonnén and Martin Marcher will be discussing the opportunities and perspectives of proactive social media use by civil authorities in the context of civil protection.

In the summer of 2012, the Danish Forum for Civil Protection and Emergency Planning / Forum for Samfundets Beredskab (FSB), started a large project focusing on the authorities' proactive use of social media, primarily Facebook and Twitter. The inspiration came from the Norwegian and Swedish police, who not only proactively use Facebook and Twitter, but they have also previously made thorough considerations regarding the possibilities and prospects for the use of social media.

The rationale behind the launch of an analysis, and later that year a seminar the 2nd of November 2012 in the Danish Parliament, were the growing challenges authorities are facing in relation to both the media and the press, and in relation to social media. In all cases there is an expectation of quick information, and even so more, in the possible event of a major incident where questions and the need for information would multiply. But when questions are many, the information from the authorities is typically and usually moderate. That may change with proactive use of social media.

Basically, there isn’t much that can prevent authorities using social media in ensuring society preparedness.  For example, the police force can use social media tools to convey important information to the public, create campaigns targeting specific social segments, communicate enquiries regarding criminals or missing persons, and issue traffic warnings. Besides reaching their target audience, who may not usually be involved in dialogue with police, there is a good possibility of increasing dialogue with the general public. This can be achieved through chats with the public on various issues chosen by citizens themselves, on issues they find relevant within their own society. In conclusion, police presence on social media over time will be expected as a normal part of their everyday job. Preben Bonnén and Martin Marcher from Forum for Civil Protection and Emergency Planning (FSB) will present a detailed presentation discussing the opportunities and perspectives that present themselves to authorities in society preparedness, and to what extent they do so. 

Further Adventures with the Raspberry Pi Cloud (05 March, 2013)

Speaker: David White, Jeremy Singer (and L4 project student)

With money from GU Chancellor's Fund, we have been constructing a scale model of a cloud datacenter out of Raspberry Pi boards. In this presentation, we will give details of the aims of the project, potential deployment in research and teaching contexts, and progress to date.

Why am I not running the world? (26 February, 2013)

Speaker: Dave McKay

Inspired by Suranga Chandratillake’s Turing lecture, I want to develop his theme of the “The Boffin Phallacy”. Using wild assertions and examples from my own career, and with no humility whatsoever, I will point out some things that Suranga missed. I will put aside fears of losing my academic friends and alienating academic researchers everywhere, and try to show that a business life is exciting and sexy. Along the way, I hope to suggest some ways that we can turn out computing graduates who will one day run the globe.

The Black Hole Methodology (19 February, 2013)

Speaker: Wendy Goucher

Research is tough, demanding, frustrating and not always rewarding.  And then there is the inescapable problem.  In this case it was “ How do you prove there is a problem?” and thereby is the issue.  There is no way to prove it because the evidence is invisible or non-existent.  This is the story of how that obstacle was tackled.  The solution wasn’t perfect, but it was a way forward.

Information processing in emergency management environments (12 February, 2013)

Speaker: Stefan Raue

In this talk I will discuss some of my work on information processing in emergency management environments. In particular, I will focus on crowdsourcing techniques to improve the response to adverse events resulting from natural or man-made hazards. I will talk about the information needs of emergency services during the early stages of response, and discuss the information processing activities to which crowdsourcing activities could be beneficial. There are multiple technical, social and ethical challenges arising from the prospect of involving the crowd in large-scale information processing tasks in this time- and safety-critical environment.

Multicriteria Optimization Approach to Select Images as Passwords in Recognition Based Graphical Authentication Systems (05 February, 2013)

Speaker: Soumyadeb Chowdhury

Recognition-based graphical authentication systems (RGBSs) use images as passwords. The major goal of our research is to investigate the usability and guessability i.e. vulnerability of the different image types, Mikon, doodle, art and object (sports, food, sculptures etc) to written and verbal descriptions, when used as passwords in RBGS. We conducted two longitudinal user studies over a period of 4 months to evaluate the usability (100 users) and guessability based on verbal descriptions (70 users), of  these image types when used as passwords in RGBSs. After deriving conclusions based on a statistical analysis of the data, the research question was “How to rank image types based on both the criteria”. Usability and guessability are in conflict, when assessing the suitability of an image for use as a password. Since the statistical analysis alone does not unambiguously identify the most suitable image to be used as password, here, we present a new approach which effectively integrates a series of techniques to rank images, taking into account the conflicting criteria.

Who is old - and why should we care? (29 January, 2013)

Speaker: Dr Alistair Edwards

Events Webapp