skip to content

Department of Computer Science and Technology

From protecting whistleblowers to preventing the abuse of item-tracking technology, and from software compartmentalisation to cybercrime, a Security Research Showcase in January 2023 highlighted some of the security work being carried out here.   

The event featured a series of lightning talks by PhD students on the following topics.

  • PhD student Jack Hughes talked about Argot as a trust signal: data science techniques for measuring slang, jargon and reputation within underground cybercrime discussion platforms. These platforms can be untrustworthy environments, with pseudonymous profiles sharing information and tools. Jack outlined his research that combines a number of approaches, including natural language processing and data science techniques, to explore how argot is used to signal trust on these platforms.

 

  • Kieron Ivy Turk discussed an evaluation of the effectiveness of the anti-stalking features of personal item-tracking devices. Kieron Ivy has been looking at how personal item-trackers – such as AirTags and Tile trackers – have recently been used in cases of domestic abuse and stalking to track others without their consent. They highlighted some of the anti-stalking features that manufacturers have designed to detect and mitigate the misuse of their products and after testing the effectiveness of these features, identified a wide range of issues and failures.

 

The CHERI project aims to prevent security vulnerabilities at both the hardware and software level through fine-grained memory protection and scalable compartmentalisation that can mitigate the potential exploitation of future unknown vulnerabilities in software. There were two talks on this.

  • In CHERI memory safety: software stack and ecosystem, Research Associate and PhD student Konrad Witaszczyk discussed the current state of available memory-safe software for CHERI.
  • Then Dapeng Gao talked about Library-based software compartmentalisation for CHERI.

 

  • Nicholas Boucher, a third-year PhD student researching attacks on supply chains, compilers, and machine learning, discussed Invisible Hacks - a novel class of attacks that can target most modern programming languages as well as most deployed text-based machine learning systems.

 

  • In his presentation, Dimitrije Erdeljan told us about DisplayPort electromagnetic eavesdropping - or, eavesdropping on computer displays through their unintentionally-emitted electromagnetic radiation.

 

  • Then Ceren Kocaogullar brought the event to a close with her talk Pudding: Private User Discovery In anonymity Networks. Highlighting her research into making distributed systems more private, secure and usable, she described a new security protocol – called Pudding – which provides a practical and privacy-preserving mechanism for finding other users in anonymity networks. "Unlike encrypted messaging apps such as Signal, Telegram, and WhatsApp," Ceren explained, "anonymity networks not only hide the conversation contents but also protect metadata, which is information such as when, with whom, and how frequently parties communicate. Making metadata-private communication more accessible, Pudding protocol aims to help privacy-sensitive users such as whistleblowers to benefit from the protection of anonymity networks."

 


Published by Rachel Gardner on Thursday 26th January 2023