Skip to main content

Research Repository

Advanced Search

Cryptography across industry sectors (2017)
Journal Article
Buchanan, W. J., Woodward, A., & Helme, S. (2017). Cryptography across industry sectors. Journal of Cyber Security Technology, 1(3-4), 145-162. https://doi.org/10.1080/23742917.2017.1327221

Security adoption varies across industry sectors, where some companies such as Google, Apple and Microsoft are strong advocates of the adoption of HTTPS, while other companies, especially for news sites, have weak adoption. This paper provides a samp... Read More about Cryptography across industry sectors.

How WannaCry caused global panic but failed to turn much of a profit (2017)
Newspaper / Magazine
Buchanan, B. (2017). How WannaCry caused global panic but failed to turn much of a profit. https://theconversation.com/how-wannacry-caused-global-panic-but-failed-to-turn-much-of-a-profit-77740

The WannaCry cyber-attack led to panic across the globe, showing just how important it is for organisations to have secure operating systems. This was not even the most sophisticated malware around. Numerous networks could easily cope with it and it... Read More about How WannaCry caused global panic but failed to turn much of a profit.

Numerical Encoding to Tame SQL Injection Attacks (2017)
Presentation / Conference Contribution
Uwagbole, S. O., Buchanan, W. J., & Fan, L. (2017, May). Numerical Encoding to Tame SQL Injection Attacks. Presented at 3RD IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Lisbon, Portugal

Recent years have seen an astronomical rise in SQL Injection Attacks (SQLIAs) used to compromise the confidentiality, authentication and integrity of organisations' databases. Intruders becoming smarter in obfuscating web requests to evade detection... Read More about Numerical Encoding to Tame SQL Injection Attacks.

A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks (2017)
Journal Article
Sheykhkanloo, N. M. (2017). A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks. International Journal of Cyber Warfare and Terrorism, 7(2), 16-41. https://doi.org/10.4018/ijcwt.2017040102

Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the sec... Read More about A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks.

The next cyberattack could come from sound waves (2017)
Newspaper / Magazine
Buchanan, B. (2017). The next cyberattack could come from sound waves. https://theconversation.com/the-next-cyberattack-could-come-from-sound-waves-74716

You might think your smartphone or laptop is relatively safe from cyber attacks thanks to anti-virus and encryption software. But your devices are increasingly at risk from “side-channel” attacks, where an intruder can bypass traditional network entr... Read More about The next cyberattack could come from sound waves.

The Greater The Power, The More Dangerous The Abuse: Facing Malicious Insiders in The Cloud (2017)
Presentation / Conference Contribution
Pitropakis, N., Lyvas, C., & Lambrinoudakis, C. (2017, February). The Greater The Power, The More Dangerous The Abuse: Facing Malicious Insiders in The Cloud. Presented at The Eighth International Conference on Cloud Computing, GRIDs, and Virtualization, Athens, Greece

The financial crisis made companies around the world search for cheaper and more efficient solutions to cover their needs in terms of computational power and storage. Their quest came to end with the birth of Cloud Computing infrastructures. However,... Read More about The Greater The Power, The More Dangerous The Abuse: Facing Malicious Insiders in The Cloud.

An Improvement of Tree-Rule Firewall for a Large Network: Supporting Large Rule Size and Low Delay (2017)
Presentation / Conference Contribution
Chomsiri, T., He, X., Nanda, P., & Tan, Z. (2016, August). An Improvement of Tree-Rule Firewall for a Large Network: Supporting Large Rule Size and Low Delay. Presented at 2016 IEEE Trustcom/BigDataSE/ISPA

The firewalls were invented since 1990s [1] and have been developed to operate more secure and faster. From the first era of the firewalls until today, they still regulate packet based on a listed rule. The listed rule is the set of rule sequence whi... Read More about An Improvement of Tree-Rule Firewall for a Large Network: Supporting Large Rule Size and Low Delay.

Towards Trust and Governance in Integrated Health and Social Care Platforms (2017)
Book Chapter
Buchanan, W., Thuemmler, C., Spyra, G., Smales, A., & Prajapati, B. (2017). Towards Trust and Governance in Integrated Health and Social Care Platforms. In Health 4.0: How Virtualization and Big Data are Revolutionizing Healthcare (219-231). (1). Springer. https://doi.org/10.1007/978-3-319-47617-9_11

The way we are sharing health and care data will be changing considerably over the years to come. One of the reasons is an increasing move towards patient-centric approaches where services are built around the citizens, rather than citizens integrate... Read More about Towards Trust and Governance in Integrated Health and Social Care Platforms.

Security for Cyber-Physical Systems in Healthcare (2017)
Book Chapter
Saleem, K., Tan, Z., & Buchanan, W. (2017). Security for Cyber-Physical Systems in Healthcare. In Health 4.0: How Virtualization and Big Data are Revolutionizing Healthcare (233-251). Springer. https://doi.org/10.1007/978-3-319-47617-9_12

The great leap forward of cyber-physical systems has made provision for future personalized medicine. However, these systems are prone to cyber attacks. To provide patients with secure and reliable healthcare experience, the security issues of cyber-... Read More about Security for Cyber-Physical Systems in Healthcare.

Protecting Documents with Sticky Policies and Identity-Based Encryption (2016)
Presentation / Conference Contribution
Spyra, G., & Buchanan, W. J. (2016, December). Protecting Documents with Sticky Policies and Identity-Based Encryption. Presented at Future Technologies Conference (FTC) 2016, San Francisco, CA, USA

Documents are increasingly being held in public cloud-based systems, and there thus increasingly exposed to accesses from malicious entities. This paper focuses on the integration of sticky policies that are embedded into OOXML (Open Office XML) pr... Read More about Protecting Documents with Sticky Policies and Identity-Based Encryption.

Automatically Detecting Fallacies in System Safety Arguments (2016)
Presentation / Conference Contribution
Yuan, T., Manandhar, S., Kelly, T., & Wells, S. (2015, October). Automatically Detecting Fallacies in System Safety Arguments. Presented at 15th International Workshop on Computational Models of Natural Argument (CMNA15), Bertinoro, Italy

Safety cases play a significant role in the development of safety-critical systems. The key components in a safety case are safety arguments, that are designated to demonstrate that the system is acceptably safe. Inappropriate reasoning with safety a... Read More about Automatically Detecting Fallacies in System Safety Arguments.

U-Prove Based Security Framework for Mobile Device Authentication in eHealth Networks (2016)
Presentation / Conference Contribution
Zeb, K., Saleem, K., Al Muhtadi, J., & Thuemmler, C. (2016, September). U-Prove Based Security Framework for Mobile Device Authentication in eHealth Networks. Presented at 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom)

Cybersecurity in the health care domain is one of the most important and critical issues of this era. In fact, it was reported in 2014 that on the black market medical records are worth 10 times more than credit card details [1]. Datasets experience... Read More about U-Prove Based Security Framework for Mobile Device Authentication in eHealth Networks.

HI-risk: A method to analyse health information risk intelligence (2016)
Presentation / Conference Contribution
Buchanan, W. J., & van Deursen, N. (2016, September). HI-risk: A method to analyse health information risk intelligence. Presented at 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom)

Information security threat intelligence is a prevalent topic amongst researchers, long-established IT-vendors and start-ups. The possibilities of Big Data analytics to security threat and vulnerability scanning offer a significant development in the... Read More about HI-risk: A method to analyse health information risk intelligence.

Will quantum computers be the end of public key encryption? (2016)
Journal Article
Buchanan, W., & Woodward, A. (2016). Will quantum computers be the end of public key encryption?. Journal of Cyber Security Technology, 1(1), 1-22. https://doi.org/10.1080/23742917.2016.1226650

The emergence of practical quantum computers poses a significant threat to the most popular public key cryptographic schemes in current use. While we know that the well-understood algorithms for factoring large composites and solving the discrete log... Read More about Will quantum computers be the end of public key encryption?.

Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA) (2016)
Journal Article
Lo, O., Buchanan, W. J., & Carson, D. (2016). Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA). Journal of Cyber Security Technology, 1(2), 88-107. https://doi.org/10.1080/23742917.2016.1231523

This article demonstrates two fundamental techniques of power analysis, differential power analysis (DPA) and correlation power analysis (CPA), against a modern piece of hardware which is widely available to the public: the Arduino Uno microcontrolle... Read More about Power analysis attacks on the AES-128 S-box using differential power analysis (DPA) and correlation power analysis (CPA).

Sticky policy enabled authenticated OOXML (2016)
Presentation / Conference Contribution
Spyra, G., Buchanan, W. J., & Ekonomou, E. (2016, July). Sticky policy enabled authenticated OOXML. Presented at IEEE Technically Sponsored SAI Computing Conference 2016, London, UK

This paper proposes a secure document sharing construction, which addresses confidentiality and authenticity concerns related to cloud-based data sharing. The goal of this research is to find an efficient way to share data in the cloud across various... Read More about Sticky policy enabled authenticated OOXML.

Cloud Security, Privacy, and Trust Baselines (2016)
Book Chapter
Pitropakis, N., Katsikas, S., & Lambrinoudakis, C. (2016). Cloud Security, Privacy, and Trust Baselines. In Cloud Computing Security Foundations and Challenges. CRC Press

According to ISO 27001, a threat is a potential event. When a threat turns into an actual event, it may cause an undesirable incident. It is undesirable because the incident may harm an organization or a system, causing a security incident and/or t... Read More about Cloud Security, Privacy, and Trust Baselines.

The Far Side of Mobile Application Integrated Development Environments (2016)
Presentation / Conference Contribution
Lyvas, C., Pitropakis, N., & Lambrinoudakis, C. (2016, September). The Far Side of Mobile Application Integrated Development Environments. Presented at International Conference on Trust and Privacy in Digital Business TrustBus 2016: Trust, Privacy and Security in Digital Business, Porto, Portugal

Smart phones are, nowadays, a necessity for the vast majority of individuals around the globe. In addition to the ubiquitous computing paradigm supported by such devices, there are numerous software applications that utilize the high computational ca... Read More about The Far Side of Mobile Application Integrated Development Environments.