| EPSRC Reference: |
EP/J009075/1 |
| Title: |
New Techniques for Finding and Analysing Information Leaks |
| Principal Investigator: |
Chothia, Dr TC |
| Other Investigators: |
|
| Researcher Co-Investigators: |
|
| Project Partners: |
|
| Department: |
School of Computer Science |
| Organisation: |
University of Birmingham |
| Scheme: |
First Grant - Revised 2009 |
| Starts: |
02 April 2012 |
Ends: |
01 August 2013 |
Value (£): |
88,652
|
| EPSRC Research Topic Classifications: |
| Fundamentals of Computing |
Information & Knowledge Mgmt |
|
| EPSRC Industrial Sector Classifications: |
|
| Related Grants: |
|
| Panel History: |
| Panel Date | Panel Name | Outcome |
|
06 Sep 2011
|
EPSRC ICT Responsive Mode - Sep 2011
|
Announced
|
|
|
Summary on Grant Application Form |
We all rely on the security of computer systems in our daily lives; from using a credit card or ATM, to checking our e-mail, we need the computer systems around us to keep our secrets and to preserve our privacy. It would be misleading to think of these systems as either perfectly secure, or entirely broken and open to abuse. For example, some systems can be broken by brute force but still provide some protection against a casual attacker, whereas other systems might leak a small amount of information that could be exploited by an attacker over time. Understanding and measuring the different levels of security that a system might offer is vital if we are going to develop a safe, efficient digital world.
This project will develop new, effective techniques to find and measure security flaws in computer systems. We will use information theory to measure how much information an attacker can learn about the secret information inside a system by observing its public outputs. The key novelty of our approach is to use a combination of statistics and information theory to measure how secure a system is from trial runs of that system.
We will use concepts, such as network information theory and differential entropy, to develop general definitions of quantitative security. These concepts have never before been applied in the field of computer security, and they will lead to better, more expressive definitions that can be applied in a wide range of situations.
Using our theoretical work, we will develop automatic analysis tools, and we will use these to assess the security of a range of systems, including the Freenet anonymity system and RFID tags. We hope that this will serve as an example to other developers and researchers, showing that our tools make information theory-based analysis methods practical and easy to use. This may potentially lead to improved security of many commercial computer systems and faster, easier ways to find information leaks.
|
|
Key Findings |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
|
Potential use in non-academic contexts |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
|
Impacts |
|
| Description |
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk |
| Summary |
|
| Date Materialised |
|
|
|
|
Sectors submitted by the Researcher |
|
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
|
| Project URL: |
|
| Further Information: |
|
| Organisation Website: |
http://www.bham.ac.uk |