Control Flow Graph Reconstruction using Control-Flow Integrity (ongoing)

Control flow graphs (CFGs) show the set of possible flows a computer program can have at run-time, in particular, how a certain target can be reached inside (binary) code. CFG are incredibly useful in almost any program analysis technique. For example, when reverse engineering, the control flow graph is the main component to build on … full description “Control Flow Graph Reconstruction using Control-Flow Integrity (ongoing)”

Detecting broken security in hybrid Android apps (completed)

Many modern Android applications make use of a webview – a component providing easy access to the rendering engine and JavaScript interpreter of a full browser. The content shown by a webview can be loaded from a local resource or a remote server via HTTP and integrates seamlessly with the app. Webviews are popular with developers, … full description “Detecting broken security in hybrid Android apps (completed)”

Disassembling x86 binaries for static analysis and reverse engineering (completed)

The Jakstab static analyser for binaries automatically disassembles x86 binaries for Windows or Linux and reconstructs a control flow graph. It is particularly effective on targets that have been obfuscated with various tricks that throw off regular disassemblers such as IDA Pro. Jakstab disassembles one instruction at a time, translates it into an intermediate language, and then … full description “Disassembling x86 binaries for static analysis and reverse engineering (completed)”

Eclipse plugin for the ART parser generator (completed)

The ART parser generator is one of a new breed of compiler generation tools which provides efficient generalised parsing. This means that language designers have complete freedom to specify syntax in a way that supports downstream processes rather than having to shoehorn their ideas into the constraints imposed by current near-deterministic parser generators like Bison … full description “Eclipse plugin for the ART parser generator (completed)”

Improving Automatic Bug Detection in JavaScript (completed)

Dynamic symbolic execution (DSE) is an effective tool for bug detection in real software. Like unit testing and fuzzing DSE executes portions of a program, exposing bugs through runtime program exceptions. In DSE, some inputs to the program under test are made “symbolic” while the rest are fixed. Whenever the symbolic execution encounters a conditional operation … full description “Improving Automatic Bug Detection in JavaScript (completed)”

Machine Learning vs Machine Learning in Malware Evasion (available)

Machine learning is a popular approach to signature-less malware detection because it can generalize to new (unseen) malware families. Some recent works have proposed the use of AI/ML-powered malware to bypass machine learning anti-malware systems. The goal of the project is to model the system of malware vs anti-malware systems as two opponents using various … full description “Machine Learning vs Machine Learning in Malware Evasion (available)”

Online risk behaviour amongst adolescents – an experiment on Cyberbullying and Cyberstalking (available)

Although social media provide a great opportunity to engage with a larger community, it can also encourage risky behaviours such as sharing inappropriate photos, engaging in risky stunts or pranks, engaging in sexual communications, cyberstalking and cyberbullying (Branley & Covey, 2018). It is not yet clear whether online risks are processed the same way as … full description “Online risk behaviour amongst adolescents – an experiment on Cyberbullying and Cyberstalking (available)”

REST API and web frontend for a JavaScript symbolic testing framework (completed)

ExpoSE.js is a symbolic testing framework being developed at Royal Holloway designed to assist developers in improving the security and reliability of JavaScript applications, a language for which traditional software testing solutions have failed to produce satisfactory results. Symbolic execution is a technique which allows for the systematic enumeration of feasible paths of a program. … full description “REST API and web frontend for a JavaScript symbolic testing framework (completed)”

Smart IDE for Cascading Style Sheets in Web Development (completed)

You will construct an experimental IDE to aid programmers in writing Cascading Style Sheets (CSS) for web applications. Style sheets dictate how a web page appears, and consist of a series of rules which are applied to elements of the web page. Determining exactly which rule should be applied to which element is not entirely … full description “Smart IDE for Cascading Style Sheets in Web Development (completed)”

Virtual Trusted Platform Module (vTPM) Migration in Cloud Environments (available)

TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate a computer platform. For instance, a TPM can be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and … full description “Virtual Trusted Platform Module (vTPM) Migration in Cloud Environments (available)”

Working on computer mediated artwork with the Tate Gallery (completed)

The Tate Gallery owns a set of major artworks which are computer mediated; that is they employ computers to manage interaction with gallery visitors in a variety of often technically challenging ways. We are working with the conservators at the Tate to document these systems and to think about managing their future in the long … full description “Working on computer mediated artwork with the Tate Gallery (completed)”