CyReSE: Cyber Security Research Software Engineering

CyReSE：网络安全研究软件工程

• 批准号: EP/V052284/1
• 负责人: Domhnall Carlin
• 金额: $ 63.35万
• 依托单位: Queen's University Belfast
• 依托单位国家: 英国
• 项目类别: Fellowship
• 财政年份: 2021
• 资助国家: 英国
• 起止时间: 2021 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FV052284%2F1
• 关键词: CyReSE; Cyber; Security; Research; Software

There is a clear need among CSIT researchers, and the wider cyber security research community, for RSE support to develop software for driving research and potential commercialisation of results. This proposal will support a key research project into software-based approaches for IoT attack mitigation. It will establish a novel IoT testbed, including a set of intentionally vulnerable honeypots (a honeynet) to attract the latest attacks for analysis, and consumer devices to test processor-level software-based mitigations to threats. This testbed will also be employed for multi-disciplinary collaboration with University College London into IoT-based tech-abuse. Further I will provide RSE support to three existing research groups: CSIT's thriving Software-Defined Networking (SDN)-Network Function Virtualization (NFV) research group would benefit from a dedicated RSE to drive innovation in research areas where software is replacing traditional hardware-based approaches. I will also support software-driven research frameworks for the ICS security research group, investigating attacks on Critical National Infrastructure. The Malware research group, investigating malware detection by AI models built on dynamic assembly language, will be supported with novel software frameworks to derive research data on emerging threats, including fileless, expected-process and browser-based attacks. These stand-alone facilities will be connected to the CSIT Cyber Range, a £500k training and testing facility that enables simulation of real-world deployment models, and practice in attack and defence strategies. As a dedicated RSE, I will provide a central and consistent role in managing research software artefacts arising from CSIT's research, including the source code, documentation and datasets. This will be supported through the development of web applications to manage research code and data, ensuring the reproducibility, replicability and assurance of research outcomes. A key aim of this proposal is to establish an RSE presence within the university, promoting RSE as a career pathway to attract and retain high level engineers. This has the potential to be the nucleus of the first RSE Chapter in Northern Ireland (NI). Significant time will be committed to outreach and citizenship activities, both within the university and externally, meeting aims of the Society of Research Software Engineers, and of the Fellowship.

CSIT研究人员以及更广泛的网络安全研究社区显然需要RSE支持开发软件，以推动研究和成果的潜在商业化。该提案将支持一个关键的研究项目，该项目涉及基于软件的物联网攻击缓解方法。它将建立一个新的物联网测试平台，包括一组故意脆弱的蜜罐（蜜网），以吸引最新的攻击进行分析，以及消费者设备，以测试基于处理器级软件的威胁缓解措施。该测试平台还将用于与伦敦大学学院的多学科合作，以解决基于物联网的技术滥用问题。此外，我将为三个现有的研究小组提供RSE支持：CSIT蓬勃发展的软件定义网络（SDN）-网络功能虚拟化（NFV）研究小组将受益于专用RSE，以推动软件取代传统硬件方法的研究领域的创新。我还将支持ICS安全研究小组的软件驱动研究框架，调查对关键国家基础设施的攻击。恶意软件研究小组正在研究基于动态汇编语言构建的AI模型的恶意软件检测，将获得新的软件框架的支持，以获取有关新兴威胁的研究数据，包括无文件、预期进程和基于浏览器的攻击。这些独立的设施将连接到CSIT网络靶场，这是一个价值50万英镑的培训和测试设施，可以模拟真实世界的部署模型，并在攻击和防御战略方面进行实践。作为一名专门的RSE，我将在管理CSIT研究中产生的研究软件工件（包括源代码、文档和数据集）方面发挥核心和一致的作用。这将通过开发网络应用程序来管理研究代码和数据，确保研究成果的再现性、可复制性和保证性。该提案的一个主要目的是在大学内建立RSE存在，促进RSE作为吸引和留住高水平工程师的职业途径。这有可能成为北方爱尔兰（NI）第一个RSE分会的核心。重要的时间将致力于外展和公民活动，无论是在大学内外，研究软件工程师协会的会议目标，和奖学金。

项目成果

Where is all the research software? An analysis of software in UK academic repositories.

• DOI: 10.7717/peerj-cs.1546
• 发表时间: 2023
• 期刊: PeerJ. Computer science
• 作者: Carlin D;Rainer A;Wilson D
• 通讯作者: Wilson D