Our research aims to support the engineering of adaptive systems that continue to satisfy their security and privacy requirements and that are forensically ready. We conduct our research in the context of systems’ social or business environments. Our aim is to exploit, support, or mitigate the interplay between security technologies and human behaviour. This work has been supported significantly by the ERC.

We research the development of secure systems based on the discovery, composition and use of services. This includes the support of proactive and reactive discovery and replacement of services during runtime, and in the presence of failures and for the purpose of service quality improvement. We also focus on important contextual factors that impact adaptive security such as assets and topology.

We also study software developers and software development teams, to better understand the technical and social factors than impact on their ability to write secure software. Two research projects that exemplify this multi-disciplinary line of research include: Why Johnny Doesn’t Write Secure Software : Secure Software Development by the Masses (funded by EPSRC) and Motivating Jenny to Write Secure Software: Community and Culture of Coding (funded by the NCSC).

We also have a wide ranging research programme in privacy engineering research that focusing on software engineering of privacy aware systems (Privacy Arguments, Privacy Awareness Requirements, Privacy Distillation), usable privacy (Privacy Shake, Privacy Itch & Scratch), and the interplay of technology, privacy and society (From Spaces to Places, Contravision, Visual life logging).

Finally, we research techniques for software engineering of forensics-ready system that facilitate the adaptive collection of potential evidence both proactively and reactively. Our work in this area is empirical (Are You Ready), technical (Adaptive Forensics), and applied (Verifiable Limited Disclosure).

Current or recent, externally funded projects include: Adaptive Security and Privacy (ERC), Adaptive Information Security (QNRF), Privacy Dynamics (EPSRC), and Monetize Me (EPSRC), STRETCH (EPSRC), PRIMMA (EPSRC), Johnny (EPSRC), and Jenny (NCSA).