About

Due to the widespread adoption of open-source software development, software vulnerabilities can spread rapidly, especially through widely-used third-party packages. This provides opportunities for attackers to inject malicious code into public open-source libraries or software updates. As a result, downstream software customers may unknowingly incorporate the malicious code into their products, making them susceptible to supply chain attacks.

TRUSTED research project, funded by EPSRC, aims to propose solutions and techniques with formal foundations to develop secure open-source software. This research project will leverage the concept of security summaries to control information flow in large-scale software applications through reliable and sound methods, ensuring the safe and transparent release and reuse of software artifacts.

Project Team

TRUSTED is driven by a team comprising experts from Newcastle University and University of Liverpool, both renowned for their contributions to cutting-edge research in cybersecurity and formal methods. The project industrial partners, the Google‘s security team and OCamlPro contribute invaluable real-world insights and practical experience to the project.

Narges Khakpour

Project Lead, Principal Investigator

Senior Lecturer in Cybersecurity
Newcastle University
narges.khakpour@ncl.ac.uk

Sven Schewe

Principal Investigator

Dominik Wojtczak

Co-Investigator

Open positions We look for a highly motivated individual with background in cybersecurity and/or program analysis to join us.

Publications

Narges Khakpour, and Charilaos Skandylas. Compositional Security Analysis of Dynamic Component-based Systems. 39th IEEE/ACM International Conference on Automated Software Engineering (ASE 2024), Sacramento, California, US.
Narges Khakpour, and David Parker. Partially-Observable Security Games for Attack-Defence Analysis in Software Systems . 22nd International Conference on Software Engineering and Formal Methods (SEFM 2024), Aveiro, Spain.
Ernst Moritz Hahn, Mateo Perez, Sven Schewe, Fabio Somenzi, Ashutosh Trivedi, Dominik Wojtczak. Omega-Regular Decision Processes . 38th Annual AAAI Conference on Artificial Intelligence (AAAI 2024): to appear.
Nicolas Berthier, and Narges Khakpour. Symbolic Abstract Heaps for Polymorphic Information-Flow Guard Inference. 23rd International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI 2023), 66-90, 2023.
Ernst Moritz Hahn, Mateo Perez, Sven Schewe, Fabio Somenzi, Ashutosh Trivedi, Dominik Wojtczak. Omega-Regular Reward Machines. 26th European Conference on Artificial Intelligence (ECAI 2023): 972-979, 2023.

TRUSTED: Security Summaries for Secure Software Development

1 Science Square
Newcastle upon Tyne NE4 5TG
United Kingdom