Agent Worlds Visualiser for a Mobile Phone (completed)

The aim of this project is to build a visualiser of an agent application that runs on a server. The project should allow the translation of an agent environment and the entities it may contain to a user friendly graphical representation that the user can interact with. The visualiser should be able to display the … full description “Agent Worlds Visualiser for a Mobile Phone (completed)”

Control Flow Graph Reconstruction using Control-Flow Integrity (ongoing)

Control flow graphs (CFGs) show the set of possible flows a computer program can have at run-time, in particular, how a certain target can be reached inside (binary) code. CFG are incredibly useful in almost any program analysis technique. For example, when reverse engineering, the control flow graph is the main component to build on … full description “Control Flow Graph Reconstruction using Control-Flow Integrity (ongoing)”

Data Stewardship (available)

Starting Date: June 2019 Duration: 5 weeks (10 weeks part-time) Time commitment: Full time/Part time Prerequisites: understanding of databases and formats such as JSON; ability to interview and liaise non-experts; ability to write reports. Approximately 80% of the time that a Data Scientist spends on a day to day basis is on finding relevant data … full description “Data Stewardship (available)”

Improving Automatic Bug Detection in JavaScript (completed)

Dynamic symbolic execution (DSE) is an effective tool for bug detection in real software. Like unit testing and fuzzing DSE executes portions of a program, exposing bugs through runtime program exceptions. In DSE, some inputs to the program under test are made “symbolic” while the rest are fixed. Whenever the symbolic execution encounters a conditional operation … full description “Improving Automatic Bug Detection in JavaScript (completed)”

Jupyter notebooks (available)

Starting Date: June 2019 Duration: 10 weeks Time commitment: Full time Prerequisites: experience with Python (useful) and Javascript programming (essential). It may be useful to be willing to learn about functional programming (but this is not essential). Jupyter notebooks [1] are examples of literate programming [2] where code and outputs from the code as well … full description “Jupyter notebooks (available)”

Machine Learning vs Machine Learning in Malware Evasion (available)

Machine learning is a popular approach to signature-less malware detection because it can generalize to new (unseen) malware families. Some recent works have proposed the use of AI/ML-powered malware to bypass machine learning anti-malware systems. The goal of the project is to model the system of malware vs anti-malware systems as two opponents using various … full description “Machine Learning vs Machine Learning in Malware Evasion (available)”

Mathematical Modelling of Cyber-Attackers vs Defenders using AI/ML (available)

Machine learning is a popular approach to signature-less malware detection because it can generalize to new (unseen) malware families. Some recent works have proposed the use of AI/ML-powered malware to bypass machine learning anti-malware systems (for instance, adversarial machine learning). The goal of the project is to model the system of malware vs anti-malware systems … full description “Mathematical Modelling of Cyber-Attackers vs Defenders using AI/ML (available)”

Metagenomics pipeline (available)

Starting Date: June 2019 Duration: 10 weeks Time commitment: Full time Prerequisites: experience with Python programming or workflow software (desirable), experience of querying web databases using RESTful interfaces. Metagenomics is the genomic sampling of environments (e.g. soil, sea water the human microbiome) which are composed of an unknown range of different species (usually bacteria and … full description “Metagenomics pipeline (available)”

Predicting Debug Symbols for Closed Source Binaries (completed)

Reverse engineering binaries, whether malicious or benign, is made more difficult by the absence of debug information. Variables and functions have had their identifiers “stripped”, so reverse engineers have to manually name them during analysis based on human understanding of the code functionality. The goal of this project is to use machine learning to predict … full description “Predicting Debug Symbols for Closed Source Binaries (completed)”

REST API and web frontend for a JavaScript symbolic testing framework (completed)

ExpoSE.js is a symbolic testing framework being developed at Royal Holloway designed to assist developers in improving the security and reliability of JavaScript applications, a language for which traditional software testing solutions have failed to produce satisfactory results. Symbolic execution is a technique which allows for the systematic enumeration of feasible paths of a program. … full description “REST API and web frontend for a JavaScript symbolic testing framework (completed)”

Siri for Secure Programming – On-fly Secure Programming Assistant (available)

Project Description Secure coding is a set of best practices for making software (during development) as secure and stable as possible. It encompasses everything from recommendations for cryptographic usage, moving sensitive data, accessing a file system, and managing memory. As the security landscape is always changing, secure coding requires programmers to be up to date … full description “Siri for Secure Programming – On-fly Secure Programming Assistant (available)”

Smart IDE for Cascading Style Sheets in Web Development (completed)

You will construct an experimental IDE to aid programmers in writing Cascading Style Sheets (CSS) for web applications. Style sheets dictate how a web page appears, and consist of a series of rules which are applied to elements of the web page. Determining exactly which rule should be applied to which element is not entirely … full description “Smart IDE for Cascading Style Sheets in Web Development (completed)”

Virtual Trusted Platform Module (vTPM) Migration in Cloud Environments (available)

TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate a computer platform. For instance, a TPM can be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and … full description “Virtual Trusted Platform Module (vTPM) Migration in Cloud Environments (available)”

Workflow Description Language frontend (available)

Starting Date: June 2019 Duration: 10 weeks Time commitment: Full time Prerequisites: experience with Python or Java programming (essential), experience of using container software such as Docker and deploying applications on clouds. The Workflow Description Language [1] (WDL – pronounced ‘widdle’) is a scripting language designed to build Scientific workflows (specifically for Bioinformatics applications). WDL … full description “Workflow Description Language frontend (available)”

Working on computer mediated artwork with the Tate Gallery (completed)

The Tate Gallery owns a set of major artworks which are computer mediated; that is they employ computers to manage interaction with gallery visitors in a variety of often technically challenging ways. We are working with the conservators at the Tate to document these systems and to think about managing their future in the long … full description “Working on computer mediated artwork with the Tate Gallery (completed)”