TRUSTED: Security Summaries for Secure Software Development
About
Due to the widespread adoption of open-source software development, software vulnerabilities can spread rapidly, especially through widely-used third-party packages. This provides opportunities for attackers to inject malicious code into public open-source libraries or software updates. As a result, downstream software customers may unknowingly incorporate the malicious code into their products, making them susceptible to supply chain attacks.
TRUSTED research project, funded by EPSRC, aims to propose solutions and techniques with formal foundations to develop secure open-source software. This research project will leverage the concept of security summaries to control information flow in large-scale software applications through reliable and sound methods, ensuring the safe and transparent release and reuse of software artifacts.
Project Team
TRUSTED is driven by a team comprising experts from Newcastle University and University of Liverpool, both renowned for their contributions to cutting-edge research in cybersecurity and formal methods. The project industrial partners, the Google‘s security team and OCamlPro contribute invaluable real-world insights and practical experience to the project.
Narges Khakpour
Project Lead, Principal Investigator
- Senior Lecturer in Cybersecurity
- Newcastle University
- narges.khakpour@ncl.ac.uk
Open positions We look for highly motivated individuals with background in cybersecurity and/or formal methods to join us.
Publications
- Ernst Moritz Hahn, Mateo Perez, Sven Schewe, Fabio Somenzi, Ashutosh Trivedi, Dominik Wojtczak: Omega-Regular Decision Processes. 38th Annual AAAI Conference on Artificial Intelligence (AAAI 2024): to appear.
- Berthier, Nicolas, and Narges Khakpour. “Symbolic Abstract Heaps for Polymorphic Information-Flow Guard Inference.” In the 23rd International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI 2023), 66-90, 2023.
- Ernst Moritz Hahn, Mateo Perez, Sven Schewe, Fabio Somenzi, Ashutosh Trivedi, Dominik Wojtczak: Omega-Regular Reward Machines. 26th European Conference on Artificial Intelligence (ECAI 2023): 972-979, 2023.
TRUSTED: Security Summaries for Secure Software Development
1 Science Square
Newcastle upon Tyne NE4 5TG
United Kingdom