Skip to main content

Research Repository

Advanced Search

Protecting Documents with Sticky Policies and Identity-Based Encryption (2016)
Presentation / Conference Contribution
Spyra, G., & Buchanan, W. J. (2016, December). Protecting Documents with Sticky Policies and Identity-Based Encryption. Presented at Future Technologies Conference (FTC) 2016, San Francisco, CA, USA

Documents are increasingly being held in public cloud-based systems, and there thus increasingly exposed to accesses from malicious entities. This paper focuses on the integration of sticky policies that are embedded into OOXML (Open Office XML) pr... Read More about Protecting Documents with Sticky Policies and Identity-Based Encryption.

Automatically Detecting Fallacies in System Safety Arguments (2016)
Presentation / Conference Contribution
Yuan, T., Manandhar, S., Kelly, T., & Wells, S. (2015, October). Automatically Detecting Fallacies in System Safety Arguments. Presented at 15th International Workshop on Computational Models of Natural Argument (CMNA15), Bertinoro, Italy

Safety cases play a significant role in the development of safety-critical systems. The key components in a safety case are safety arguments, that are designated to demonstrate that the system is acceptably safe. Inappropriate reasoning with safety a... Read More about Automatically Detecting Fallacies in System Safety Arguments.

U-Prove Based Security Framework for Mobile Device Authentication in eHealth Networks (2016)
Presentation / Conference Contribution
Zeb, K., Saleem, K., Al Muhtadi, J., & Thuemmler, C. (2016, September). U-Prove Based Security Framework for Mobile Device Authentication in eHealth Networks. Presented at 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom)

Cybersecurity in the health care domain is one of the most important and critical issues of this era. In fact, it was reported in 2014 that on the black market medical records are worth 10 times more than credit card details [1]. Datasets experience... Read More about U-Prove Based Security Framework for Mobile Device Authentication in eHealth Networks.

HI-risk: A method to analyse health information risk intelligence (2016)
Presentation / Conference Contribution
Buchanan, W. J., & van Deursen, N. (2016, September). HI-risk: A method to analyse health information risk intelligence. Presented at 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom)

Information security threat intelligence is a prevalent topic amongst researchers, long-established IT-vendors and start-ups. The possibilities of Big Data analytics to security threat and vulnerability scanning offer a significant development in the... Read More about HI-risk: A method to analyse health information risk intelligence.

Will quantum computers be the end of public key encryption? (2016)
Journal Article
Buchanan, W., & Woodward, A. (2016). Will quantum computers be the end of public key encryption?. Journal of Cyber Security Technology, 1(1), 1-22. https://doi.org/10.1080/23742917.2016.1226650

The emergence of practical quantum computers poses a significant threat to the most popular public key cryptographic schemes in current use. While we know that the well-understood algorithms for factoring large composites and solving the discrete log... Read More about Will quantum computers be the end of public key encryption?.

Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA) (2016)
Journal Article
Lo, O., Buchanan, W. J., & Carson, D. (2016). Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA). Journal of Cyber Security Technology, 1(2), 88-107. https://doi.org/10.1080/23742917.2016.1231523

This article demonstrates two fundamental techniques of power analysis, differential power analysis (DPA) and correlation power analysis (CPA), against a modern piece of hardware which is widely available to the public: the Arduino Uno microcontrolle... Read More about Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA).

Sticky policy enabled authenticated OOXML (2016)
Presentation / Conference Contribution
Spyra, G., Buchanan, W. J., & Ekonomou, E. (2016, July). Sticky policy enabled authenticated OOXML. Presented at IEEE Technically Sponsored SAI Computing Conference 2016, London, UK

This paper proposes a secure document sharing construction, which addresses confidentiality and authenticity concerns related to cloud-based data sharing. The goal of this research is to find an efficient way to share data in the cloud across various... Read More about Sticky policy enabled authenticated OOXML.

Cloud Security, Privacy, and Trust Baselines (2016)
Book Chapter
Pitropakis, N., Katsikas, S., & Lambrinoudakis, C. (2016). Cloud Security, Privacy, and Trust Baselines. In Cloud Computing Security Foundations and Challenges. CRC Press

According to ISO 27001, a threat is a potential event. When a threat turns into an actual event, it may cause an undesirable incident. It is undesirable because the incident may harm an organization or a system, causing a security incident and/or t... Read More about Cloud Security, Privacy, and Trust Baselines.

The Far Side of Mobile Application Integrated Development Environments (2016)
Presentation / Conference Contribution
Lyvas, C., Pitropakis, N., & Lambrinoudakis, C. (2016, September). The Far Side of Mobile Application Integrated Development Environments. Presented at International Conference on Trust and Privacy in Digital Business TrustBus 2016: Trust, Privacy and Security in Digital Business, Porto, Portugal

Smart phones are, nowadays, a necessity for the vast majority of individuals around the globe. In addition to the ubiquitous computing paradigm supported by such devices, there are numerous software applications that utilize the high computational ca... Read More about The Far Side of Mobile Application Integrated Development Environments.

If two countries waged cyber war on each another, here’s what to expect (2016)
Newspaper / Magazine
Buchanan, B. (2016). If two countries waged cyber war on each another, here’s what to expect. https://theconversation.com/if-two-countries-waged-cyber-war-on-each-another-heres-what-to-expect-63544

Imagine you woke up to discover a massive cyber attack on your country. All government data has been destroyed, taking out healthcare records, birth certificates, social care records and so much more. The transport system isn’t working, traffic light... Read More about If two countries waged cyber war on each another, here’s what to expect.

Resilient secret sharing cloud based architecture for data vault (2016)
Patent
Lanc, D., Fan, L., MacKinnon, L., & Buchanan, B. (2016). Resilient secret sharing cloud based architecture for data vault

A method of securely storing data including: providing, within a secure data storage system, a plurality of secret sharing methods for selection and identifying a striping policy for storage of the data, in accordance with input preferences. The data... Read More about Resilient secret sharing cloud based architecture for data vault.

A RAM triage methodology for Hadoop HDFS forensics (2016)
Journal Article
Leimich, P., Harrison, J., & Buchanan, W. J. (2016). A RAM triage methodology for Hadoop HDFS forensics. Digital Investigation, 18, 96-109. https://doi.org/10.1016/j.diin.2016.07.003

This paper discusses the challenges of performing a forensic investigation against a multi-node Hadoop cluster and proposes a methodology for examiners to use in such situations. The procedure's aim of minimising disruption to the data centre during... Read More about A RAM triage methodology for Hadoop HDFS forensics.

Applied web traffic analysis for numerical encoding of SQL Injection attack features (2016)
Presentation / Conference Contribution
Uwagbole, S., Buchanan, W., & Fan, L. (2016, July). Applied web traffic analysis for numerical encoding of SQL Injection attack features. Presented at 15th European Conference on Cyber Warfare and Security ECCWS-2016

SQL Injection Attack (SQLIA) remains a technique used by a computer network intruder to pilfer an organisation’s confidential data. This is done by an intruder re-crafting web form’s input and query strings used in web requests with malicious intent... Read More about Applied web traffic analysis for numerical encoding of SQL Injection attack features.

Password Pattern and Vulnerability Analysis for Web and Mobile Applications (2016)
Journal Article
Li, S., Romdhani, I., & Buchanan, W. (2016). Password Pattern and Vulnerability Analysis for Web and Mobile Applications. ZTE Communications, 14, 32-36. https://doi.org/10.3969/j.issn.1673-5188.2016.S0.006

Text⁃based passwords are heavily used to defense for many web and mobile applications. In this paper, we investigated the patterns and vulnerabilities for both web and mobile applications based on conditions of the Shannon entropy, Guessing entropy a... Read More about Password Pattern and Vulnerability Analysis for Web and Mobile Applications.

A survey of Intrusion Detection System technologies (2016)
Presentation / Conference Contribution
Heenan, R., & Moradpoor, N. (2016, May). A survey of Intrusion Detection System technologies. Presented at Post Graduate Cyber Security (PGCS) symposium, Edinburgh

This paper provides an overview of IDS types and how they work as well as configuration considerations and issues that affect them. Advanced methods of increasing the performance of an IDS are explored such as specification based IDS for protecting S... Read More about A survey of Intrusion Detection System technologies.

Introduction to Security Onion (2016)
Presentation / Conference Contribution
Heenan, R., & Moradpoor, N. (2016, May). Introduction to Security Onion. Paper presented at Post Graduate Cyber Security (PGCS) symposium

Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes... Read More about Introduction to Security Onion.

Secret shares to protect health records in Cloud-based infrastructures (2016)
Presentation / Conference Contribution
Buchanan, W. J., Ukwandu, E., van Deursen, N., Fan, L., Russell, G., Lo, O., & Thuemmler, C. (2015, October). Secret shares to protect health records in Cloud-based infrastructures. Presented at BCS Health Informatics 2015

Increasingly health records are stored in cloud-based systems, and often protected by a private key. Unfortunately the loss of this key can cause large-scale data loss. This paper outlines a novel Cloud-based architecture (SECRET) which supports keyl... Read More about Secret shares to protect health records in Cloud-based infrastructures.

The Internet of Things: a security point of view. (2016)
Journal Article
Li, S., Tryfonas, T., & Li, H. (2016). The Internet of Things: a security point of view. Internet Research, 26(2), 337-359. https://doi.org/10.1108/IntR-07-2014-0173

Purpose
-- To provide an in-depth overview of the security requirements and challenges for Internet of Things (IoT) and discuss security solutions for various enabling technologies and implications to various applications.
Design/methodology/approa... Read More about The Internet of Things: a security point of view..

Risk assessment for mobile systems through a multilayered hierarchical Bayesian network. (2016)
Journal Article
Li, S., Tryfonas, T., Russell, G., & Andriotis, P. (2016). Risk assessment for mobile systems through a multilayered hierarchical Bayesian network. IEEE Transactions on Cybernetics, 46(8), 1749-1759. https://doi.org/10.1109/TCYB.2016.2537649

Mobile systems are facing a number of application vulnerabilities that can be combined together and utilized to penetrate systems with devastating impact. When assessing the overall security of a mobile system, it is important to assess the security... Read More about Risk assessment for mobile systems through a multilayered hierarchical Bayesian network..