Prof Arosha Bandara

tbc

The main objectives of this collaborative project are as follows. O1. Investigate notations and structures for modelling security requirements to protect assets from changing hazards in a dynamic environment O2. Develop forward-engineering and reverse-engineering techniques for design-time and run-time traceability between security design of the cloud service and requirements for information security O3. Investigate methods for adapting and validating the system design in the face of changing contexts, whilst providing assurance that the information security requirements are being met O4. Deploy practical mechanisms for demonstrate and validate the approach. These research objectives will be refined into a number of research questions including the following.  The notions of “anti-requirements”, and “harm to assets” have been shown to be useful when describing security requirements. Are these notions useful and sufficient when specifying requirements for adaptive information security? (O1)  How can requirements for adaptive information security be elicited? (O1)  What kinds of relationship between static (“designtime”) models and dynamic (run time) models can be used to support security analysis and adaptation? (O2)  To what extent and how traceability from requirements to implementation be reverse-engineering for existing software applications? (O2)  How can users monitor whether their requirements are being satisfied as the cloud services and applications evolve? (O3)  How can developers know to what extent their cloud services and applications meet the requirements of the users, perhaps after some changes have been introduced? (O3)  What is the critical infrastructure needed for these news assurance mechanism to work effectively in the cloud? What is the best way to visualise/notify users at the high level (O4)

We propose to investigate how individuals learn and benefit from their membership of social or functional groups, and how such learning can be automated and incorporated in modern mobile and ubiquitous technologies that increasingly pervade society.

With the prevalence of mobile computing devices and the increasing availability of pervasive services, ubiquitous computing (Ubicomp) is a reality for many people. This reality is generating opportunities for people to interact socially in new and richer ways, and to work more effectively in a variety of new environments. More generally, Ubicomp infrastructures – controlled by software – will determine users’ access to critical services. With these opportunities come higher risks of misuse by malicious agents. Therefore, the role and design of software for managing use and protecting against misuse is critical, and the engineering of software that is both functionally effective while safe guarding user assets from harm is a key challenge. Indeed the very nature of Ubicomp means that software must adapt to the changing needs of users and their environment, and, more critically, to the different threats to users’ security and privacy. ASAP proposes to radically re-conceptualise software engineering for Ubicomp in ways that are cognisant of the changing functional needs of users, of the changing threats to user assets, and of the changing relationships between them. We propose to deliver adaptive software capabilities for supporting users in managing their privacy requirements, and adaptive software capabilities to deliver secure software that underpin those requirements. A key novelty of our approach is its holistic treatment of security and human behaviour. To achieve this, it draws upon contributions from requirements engineering, security & privacy engineering, and human-computer interaction. Our aim is to contribute to software engineering that empowers and protects Ubicomp users. Underpinning our approach will be the development of representations of security and privacy problem structures that capture user requirements, the context in which those requirements arise, and the adaptive software that aims to meet those requirements.

To produce and deliver Arabic language versions of the Introduction to Cyber Security MOOC, to provide awareness level cyber security training covering specific topics of interest to learners in the Arab States of the Gulf.

To develop a short MOOC based on existing material in the TU100 module that covers topics relating to information security - i.e. undertanding information security threats, basic risk analysis, cryptography, network security, malware secruity and digital forensics.

We live in cyber-physical-social spaces where lines between ‘online’ and ‘offline’ are increasingly blurred, but also where violence against women and girls (VAWG) thrives. It is therefore more important now than ever for interdisciplinary research and cross-sectoral dialogue to address this contemporary societal challenge. The Centre for Protecting Women online will be a vehicle for understanding and addressing challenges posed to women’s safety online through a novel, interdisciplinary and ambitious research agenda. E3 funding will support this expansion by combining cross-sectoral, collaborative outputs and interventions which inform law, policy, technology development, and practice to reduce online harms suffered by women and girls, minimise anti-social behaviours online whilst promoting pro-social behaviours and help build tech software that helps ensure accountability, credibility, and helps facilitate justice.

In the last decade, the role of software engineering has changed rapidly and radically. Globalisation and mobility of people and services, pervasive computing, and ubiquitous connectivity through the Internet have disrupted traditional software engineering boundaries and practices. People and services are no longer bound by physical locations. Computational devices are no longer bound to the devices that host them. Communication, in its broadest sense, is no longer bounded in time or place. The Software Engineering & Design (SEAD) group at the Open University (OU) is leading software engineering research in this new reality that requires a paradigm shift in the way software is developed and used. This platform grant will grow and sustain strategic, multi-disciplinary, crosscutting research activities that underpin the advances in software engineering required to build the pervasive and ubiquitous computing systems that will be tightly woven into the fabric of a complex and changing socio-technical world. In addition to sustaining and growing the SEAD group at the OU and supporting its continued collaboration with the Social Psychology research group at the University of Exeter, the SAUSE platform will also enable the group to have lasting impact across several application domains such as healthcare, aviation, policing, and sustainability. The grant will allow the team to enhance the existing partner networks in these areas and to develop impact pathways for their research, going beyond the scope and lifetime of individual research projects.

The Citizen Forensics project reframes key challenges that underlie modern policing in a socio-technical world; a world instrumented with mobile and ubiquitous computing technologies, in which many citizens and communities live, work and play, but which must also manage threats to their wellbeing and their rights. The project aims to support a new engagement between authorities (such as the police) and communities of citizens in order to better investigate (and in the long term reduce) potential or actual threats to citizen security, safety, and privacy. This includes both empowering the police by opening up new ways of citizens providing data in ways that protect privacy and anonymity, and empowering citizens by using these new technologies to also hold the police to account. We will be harnessing many of the so-called Internet of Things, Smart City and Smart Home technologies to encourage and allow citizens to help the police collect and analyse disparate data to improve public safety at both local and ultimately national levels. This multidisciplinary investigation draws upon expertise in computing, policing, psychology and organisational theory. For more information, see https://www.citizenforensics.org/

The aim of this project will be to build a dynamic and resilient socio-technical system that sustains care for people with chronic illnesses in old age. Its principle novelty will be the integration of human and technical resources into a single system that will have resilient care at its heart. Resilience will mean both social resilience and technical resilience. To deliver social resilience we will explore how technology can help to harness existing social support as well as building wider social capital around older people. To deliver technical resilience we will design systems that integrate existing technological capacity in novel configurations as well as integrating new sensing / Internet of Things capability. However, the key innovation will be that the integrated socio-technical system will allow for the interchange between human assets and technological assets in the delivery of a resilient care architecture for older people. The system will not seek to replace human resource with a technology derived alternative, but to harness the capacities of all elements of the system in a way that serves the needs of the older person. Sometimes the system will respond to need through mobilising human resources, at other times the same need could be met through technological capability. In that sense, the system will have the needs of the older person at its core.

This EngageKTN project is investigating forensic-readiness requirements of unmanned aerial systems, to help identify causes of safety and security related air traffic incidents. Unmanned aerial vehicles (or drones) are increasingly creating challenges for managing the safety of aircraft that share the airspace with them. The collection and use of forensic data associated with drones and surrounding physical contexts is key to effective incident investigations. The research is focusing on the architecture and concept of operations for European unmanned traffic management, and the ability to preserve such vital information as evidence for forensic investigations. The team of the project include Dr. Yijun Yu (PI), Mr. Danny Barthaud (Research Software Engineer), and Prof. Bashar Nuseibeh, Prof. Blaine Price, Prof. Andrea Zisman, Prof. Arosha Bandara at The Open University, and Dr. Anthony P. Rushton, Dr. David L. Bush, and Dr. George S. Koudis at NATS. The project URL is at https://droneidentity.eu.