Project List

A commercial alternative to QKD: filling USB sticks and hard disks with random bits (completed)

Quantum key distribution (QKD) offers unconditional security according to the laws of quantum physics. A QKD system enables its users to securely set up symmetric keys for encryption by sending quantum signals, either over optical fibres or over free-space. In current commercial QKD systems, these symmetric keys are consumed in classical secure communications protocols like … full description “A commercial alternative to QKD: filling USB sticks and hard disks with random bits (completed)”

Agent Worlds Visualiser for a Mobile Phone (completed)

The aim of this project is to build a visualiser of an agent application that runs on a server. The project should allow the translation of an agent environment and the entities it may contain to a user friendly graphical representation that the user can interact with. The visualiser should be able to display the … full description “Agent Worlds Visualiser for a Mobile Phone (completed)”

Blockchain to provide Data Provenance Integrity and Privacy (completed)

Blockchain, also part of the cryptocurrencies, can be viewed as a potentially shared/semi-shared/private, the immutable ledger for recording sequence of events or history of transactions. The blockchain technology can be deployed to provide a high-degree of trust, accountability, and transparency associated with a set of transactions/events – especially log files and data provenance. Data provenance … full description “Blockchain to provide Data Provenance Integrity and Privacy (completed)”

Building a Full Causality Chain Across an Enterprise System (completed)

Data Provenance refers to records of the inputs, entities, systems and process that influence data of interest, providing a historical record of the data and its origins. To provide a holistic view of the data provenance in an enterprise system, the provenance records of the activities carried out on a client workstation is important. Last … full description “Building a Full Causality Chain Across an Enterprise System (completed)”

Building Data Provenance from Database Log Files (completed)

Databases are an integral part of any organisations operations. They act as storage repositories for a large set of data that the respective organisation relies upon for their efficient operations. One of the commonly deployed and open source database application is MySQL. It collects and stores a large set of log files related to the … full description “Building Data Provenance from Database Log Files (completed)”

Data Provenance for Multi-Database Servers Enterprise Architecture (completed)

Enterprise architecture, with increasing frequencies, is based on multiple databases that split the enterprise data among itself and store them on separate database servers. Such a scheme enables an effective load balancing and management of enterprise data. However, my splitting data over multiple databases make it challenging to build a unified data provenance view of … full description “Data Provenance for Multi-Database Servers Enterprise Architecture (completed)”

Detecting broken security in hybrid Android apps (completed)

Many modern Android applications make use of a webview – a component providing easy access to the rendering engine and JavaScript interpreter of a full browser. The content shown by a webview can be loaded from a local resource or a remote server via HTTP and integrates seamlessly with the app. Webviews are popular with developers, … full description “Detecting broken security in hybrid Android apps (completed)”

Disassembling x86 binaries for static analysis and reverse engineering (completed)

The Jakstab static analyser for binaries automatically disassembles x86 binaries for Windows or Linux and reconstructs a control flow graph. It is particularly effective on targets that have been obfuscated with various tricks that throw off regular disassemblers such as IDA Pro. Jakstab disassembles one instruction at a time, translates it into an intermediate language, and then … full description “Disassembling x86 binaries for static analysis and reverse engineering (completed)”

Eclipse plugin for the ART parser generator (completed)

The ART parser generator is one of a new breed of compiler generation tools which provides efficient generalised parsing. This means that language designers have complete freedom to specify syntax in a way that supports downstream processes rather than having to shoehorn their ideas into the constraints imposed by current near-deterministic parser generators like Bison … full description “Eclipse plugin for the ART parser generator (completed)”

Entry into the PACE Parameterized Algorithms and Computational Experiments Challenge (completed)

Parameterized Complexity is a research field that, by its own self-description, strives to provide practical, yet theoretically well-founded ways to deal with computationally hard problems (e.g., so-called NP-hard problems). However, the vast majority of the work in the field is purely theoretical — there is a great toolbox of interesting and powerful algorithmic methods, which have been proven to have … full description “Entry into the PACE Parameterized Algorithms and Computational Experiments Challenge (completed)”

Improving Automatic Bug Detection in JavaScript (completed)

Dynamic symbolic execution (DSE) is an effective tool for bug detection in real software. Like unit testing and fuzzing DSE executes portions of a program, exposing bugs through runtime program exceptions. In DSE, some inputs to the program under test are made “symbolic” while the rest are fixed. Whenever the symbolic execution encounters a conditional operation … full description “Improving Automatic Bug Detection in JavaScript (completed)”

Minimising gene sets through querying ontologies in published literature (completed)

The aim of this project is to build a tool that will determine sets of genes  that have a high priority of being associated with a specific Biological process. Molecular Biology is now generating colossal amounts of data. In particular, there are a variety of technologies that can scan entire genomes or transcriptomes and determine … full description “Minimising gene sets through querying ontologies in published literature (completed)”

Predicting Debug Symbols for Closed Source Binaries (completed)

Reverse engineering binaries, whether malicious or benign, is made more difficult by the absence of debug information. Variables and functions have had their identifiers “stripped”, so reverse engineers have to manually name them during analysis based on human understanding of the code functionality. The goal of this project is to use machine learning to predict … full description “Predicting Debug Symbols for Closed Source Binaries (completed)”

Privacy issues related to Data Provenance of Database containing End-user Data (completed)

Privacy issues related to the data stored, regarding end-users are well understood and studies. However, a large set of data can also be collected that is not directly related to the user but related to the user data – known as data provenance. Data provenance is the field of recording the history of data, from … full description “Privacy issues related to Data Provenance of Database containing End-user Data (completed)”

Real-Time Consumer Centric Data Compliance Auditing (completed)

When a user signs an end user agreement with an organisation, in return of which (s)he will give his/her data to the organisation the users do not have; a) any mechanism to assess that post-agreement the organisation abides by their own agreement and b) to see the operations carried on his/her data (that the organisation … full description “Real-Time Consumer Centric Data Compliance Auditing (completed)”

Real-Time Enterprise System Compliance Auditing with GDPR (completed)

Data compliance audit is a comprehensive review of an organization’s adherence to regulatory guidelines. Traditionally, security or IT consultants evaluate the strength and thoroughness of compliance preparations – usually carried out once a year. With the enforcement of GDPR upon us, a real-time view of compliance could safe an organisation a substantial penalty (4% of … full description “Real-Time Enterprise System Compliance Auditing with GDPR (completed)”

REST API and web frontend for a JavaScript symbolic testing framework (completed)

ExpoSE.js is a symbolic testing framework being developed at Royal Holloway designed to assist developers in improving the security and reliability of JavaScript applications, a language for which traditional software testing solutions have failed to produce satisfactory results. Symbolic execution is a technique which allows for the systematic enumeration of feasible paths of a program. … full description “REST API and web frontend for a JavaScript symbolic testing framework (completed)”

Smart IDE for Cascading Style Sheets in Web Development (completed)

You will construct an experimental IDE to aid programmers in writing Cascading Style Sheets (CSS) for web applications. Style sheets dictate how a web page appears, and consist of a series of rules which are applied to elements of the web page. Determining exactly which rule should be applied to which element is not entirely … full description “Smart IDE for Cascading Style Sheets in Web Development (completed)”

Stable Marriage of Students (completed)

Constraint Satisfaction and the final year projects system Prof Cohen is a world leading researcher in the theory and practice of constraints and has written some tools for the department that need to be improved. At Royal Holloway, we allocate students to projects and staff as supervisors of those projects using a semi-automated process, using … full description “Stable Marriage of Students (completed)”

System Provenance Collection from a Client Workstation (completed)

A client workstation in an enterprise network is used by individual employees. They use this workstation to perform different activities, including accessing the data stored in the enterprise data repositories (i.e., Database). These activities, which relate to accessing the data and then using it on a workstation are the crucial missing element in data compliance … full description “System Provenance Collection from a Client Workstation (completed)”

System Provenance Collection from a Database Server (completed)

A database server is a collection of an Operating System (OS) at its core that hosts a database – accessible from various services and devices in an enterprise network. The activities observed on the database server are of immense importance to show compliance with data governance policies. A crucial element of such a compliance is … full description “System Provenance Collection from a Database Server (completed)”

The Security Theory Map (completed)

Description of the project: Real world security is a multi-dimensional problem and therefore needs multiple theoretical lenses and analyses to understand and positively impact the application of security. This digital tool presents to the user a large range of the underpinning theories about security (and their constituent parts). These theories condition the outputs of security … full description “The Security Theory Map (completed)”

Working on computer mediated artwork with the Tate Gallery (completed)

The Tate Gallery owns a set of major artworks which are computer mediated; that is they employ computers to manage interaction with gallery visitors in a variety of often technically challenging ways. We are working with the conservators at the Tate to document these systems and to think about managing their future in the long … full description “Working on computer mediated artwork with the Tate Gallery (completed)”