Community Things (2003)
- Regular reviewer as part of EPSRC College.
Here are some people I have worked with over the past few
years (the founders of testing work at York)
- GECCO (Search Based Software Engineering) (PC)
- Indocrypt 2003 (PC)
- CEC (Cryptology and Security) (PC and invited session speaker)
- UK SoftTest II (PC and local organiser).
- TestCom 2004 (PC)
- Tutorial at Indocrypt 2003 on Evolutionary Computing Approaches
in Cryptology (December 6th 2003)
- Dec 8-12th. Conference on Evolutionary Computation (CEC) 2003
- Special Session on Evolutionary Computation in Computer Security
Here are some current and soon to be PhD students (That's
what we do now. DPhil's are no more, alas!):
Christophe Meudec (now at Carlow).
- Dr. Nigel Tracey (Automated Test
Data Generation) now with Realogy (DPhil - July 2001)
- Dr. Simon Burton (Automated Test Data Generation)
now at Daimler Chrysler (DPhil - July 2002)
- Dr. Sun Woo Kim (Java Mutation Testing) now in
South Korea (DPhil - July 2001)
MSc Research Students
- Paul Massey (Quantum Computing, part-time,
applying genetic programming techniques to quantum software - since
October 2000). Co-supervised with Susan Stepney.
- Jill (Thitima) Srivratanakul (Safety techniques
in security, applied to aviation - since October 2001). Sponsored
by the Royal Thai Government. Co-supervised with Fiona Polack.
- Jenny (Yuan) Zhan (integrated design and testing
for embedded systems via metaheuristics search - since January
2002) Rolls Royce UTC.
- Matthew Russell (Metaheuristic search and
cryptanalsys - (started October 2002) EPSRC departmental quota studentship.
Co-supervised with Susan Stepney.
- Chen Hao (working on metaheuristic search and protocols)
(started October 2002). Co-supervised with Jeremy Jacob
- Jafar Alhousseini - PKI rollout issues (from Jan 2004)
- Joss Wright (non-standard models of security, anionymity
and fairness etc.) From October 2003. Co-supervised with Susan Stepney.
- One more - to be finalised soon.
UG Project students October 2003- March 2004 (all research oriented
- for a change)
- Mark Chen. On automated testing of Handel
C programs (for FPGAs) from November 2002. Co-supervised
with Susan Stepney.
- Liu Yang. On pervasive conmputing (from April 1
2003). Co-supervised with Susan Stepney.
- Hong Lin. On artificial immune systems and intrusion detection.
Co-supervised with Susan Stepney. From
October 2003 (or very close to that:-)))
It's fun and more productive to work with others who
can do things I cannot. I am currently looking at the unification
of security and safety concepts and techniques working with Fiona Polack (software
engineering and general system modelling), Tim Kelly (safety, requirements,
architectures) and Susan Stepney (just about
everything). I am part of the EPSRC SEMINAL Network (looking into applications of metaheuristic search for
software engineering applications). I am also part of the EPSRC's
FORTEST Network (formal methods
- Non-standard cryptanalysis (1)
- Non-standard cryptanalysis (2)
- Heuristic boolean function generation.
- Evolutionary approaches to the geometry problems.
- Genetic programming for DNA computing.
- Model based testing (self defined)
- Intrusion detection (self-defined)
Previous EPSRC grants:
Some recent collaborative papers:
- SEMSPLC (rated alpha-4)
- ROPA: Verification of Non-functional
Requirements (rated alpha-4)
- CONVERSE: (rated uniformly alpha-4/tending
Pointers to some papers on Security and Cryptography
Security Work Submitted, In Preparation
or In Progress (2003)
- Invited session paper. Exact title to be decided
but had better be finished by September 2nd. John Clark. To be
presented at Conference on Evolutionary Computation 2003. Special session
on Computer Security. December 2003, Canberra.
- Almost Boolean Functions: the design of boolean functions by
spectral inversion. John A Clark, Jeremy L Jacob., Subhamoy Maitra and
Pante Stanica. To be presented at Conference on Evolutionary Computation
2003. Special session on Computer Security. December 2003, Canberra.
- Automatic Design of Security Protocols. Chen Hao, John Clark
and Jeremy Jacob. To be presented at Conference on Evolutionary Computation
2003. Special session on Computer Security. December 2003, Canberra.
Agents Leave Big Footprints: How to plant a trapdoor in a cryptographic
function and why you might not get away with it. Clark, Jacob,
Stepney. GECCO 2003. Chicago, 11-15 July 2003. A bit of fun!!!
- "Smart Devices
and Software Agents: the Basics of Good Behaviour", Howard Chivers, John Clark, and Susan Stepney. Accepted
for publication at. First International Conference on Security in
Pervasive Computing. March 2003.
Boolean Functions with Multple Criteria". John A Clark,
Jeremy L Jacob, Susan Stepney, Subhamoy Maitra and William Millan. Accepted
for Indocrypt 2002. Hydrabad, India. Dec 2002.
- DPhil Thesis. Metaheuristic
Search as a Cryptological Tool (YCST-2002-07.ps.gz)
Heuristic Evolution of Security and Insecurity. (General article)
John Clark and Jeremy Jacob. ERCIM News No. 49, April 2002.
Injection and a Timing Channel on an Analysis Technique.
John A Clark and Jeremy L Jacob. To appear in Proceedings of Eurocrypt
are Programs Too: the Meta-heuristic Search for Security Protocols.
John A Clark and Jeremy L Jacob. IS&T Special Issue
on Metheuristics for Software Engineering (December 2001).
- Two Stage
Optimisation in the Design of Boolean Functions John A Clark
and Jeremy L Jacob. Proceedings of the 5th Australian Conference on
Security and Information Privacy 2000 (ACSIP 2000).
for a Solution: Engineering Tradeoffs and the Evolution of Provably Secure
Protocols. John A Clark and Jeremy L Jacob. In proceedings of
IEEE Symposium on Security and Privacy, Oakland, 14-17 May, 2000.
- On the Security
of Recent Protocols (Postscript) Information processing Letters
56 (1995). John A Clark and Jeremy L Jacob. pp 151-155.
Authentication Protocols (Postscript) John A Clark and Jeremy
L Jacob. HISJ Vol 1 No. 5 1996.
- An Introduction to Security in Distributed Systems.
Jonathan D Moffett and John A Clark, HISJ Vol 1 No 3, 1995.
- Automated Intrusion Detection Leigh Rowland
and John A Clark. HISJ Vol 1 No. 2 1995.
Here is the work I am directly involved in this year that will hopefully
appear in print soon:
My interest lies predominantly in cryptanalysis using metaheuristic
search techniques. I have been working at this for some time. The
Eurocrypt 2002 paper is the first of this to see publication. There
will be more to come. I also have a more general interest in quantum
things and hope to push some work in this area with respect to security.
- CSP and Mutation for Security. Jill S, JAC, FACP, SS.
- Security Zonal Analysis (JS, JAC, FACP).
Yellow report soon to be completed (Sept 2003)
- Paper on use cases and HAZOPs for security.
(JS, JAC, FACP). Journal paper to be submitted (Sept 2003)
- Metaheuristics for Cryptanalytic Approximations.
John A Clark and Jeremy L Jacob (Work in progress. Also some
interesting related work being done by Matthew Russell, one of my MMath
students). See Project
list for 2001-2202
- Towards a Unified Critical Systems Development
Approach. John Clark, Tim Kelly, Fiona Polack and Susan Stepney.
Protocols Review (DRAFT) (Gzipped postscript available for comment).
Protocols Review (DRAFT) John A Clark and Jeremy L Jacob (Gzipped
postscript available for comment).
- Please note also the very useful formalisation
by Clóvis Freire Júnior of the University of Brasilia.
This is available here.
- Please note also new security protocols web page.
This is available here.
Protocols Review (DRAFT) (Postscript available for comment).
Dependencies (Gzipped Postscript available for comment).
- Finalisation may break security
properties(with Susan Stepney and Howard Chivers).
The most interesting work I am doing at the moment
is in cluster analysis and self-organising networks with particular
application to cryptanalysis. Written in green ink to reflect what
most people think of this.
Before any more people ask - we WILL update the protocols review!
Look out for Boyd and Mathuria's new book "Protocols for Key Establishment"
(Spinger). In Prep (23.05.2002).
Pointers to some papers on Software Testing
Software Testing has once again become a research focus
at York. I have been primarily interested in testing of secure systems
and protocols but now I manage the testing group here. We are fortunate
in working with a number of Research Associates
and Students who make software testing fun. They are responsible
for organising our local TestSig
and organsised a UK research testing workshop here at York (17-18
September 1998 - see TestSig for details).
Here are some (postscript) papers that have resulted. For latest info
on papers (and other formats, e.g. PDF) refer to the TestSig publications
page . Papers with Nigel Tracey as primary author:
This all dovetails nicely with Simon Burton's Work on automated
test data/case generation. Papers with Simon Burton as primary author
Program Flaw Finding using Simulated Annealing Nigel Tracey,
John Clark and Keith Mander. In Software Engineering Notes Issue 23
Number 2, the Proceedings of the ACM/SIGSOFT International Symposium
on Software Testing and Analysis (ISSTA). USA, March 1998. Pages 73-81.
- The Way
Forward for Unifying Dynamic Test-Case Generation: The Optimisation-Based
Approach. Nigel Tracey, John Clark and Keith Mander. In the
Proceedings of the IFIP International Workshop on Dependable Computing
and Its Applications (DCIA). South Africa, January 1998. Pages 169-180.
- An Automated
Framework for Structural Test Data Generation Nigel Tracey, John
Clark, Keith Mander and John McDermid. In the Proceedings of the ACM/IEEE
Automated Software Engineering1998, Honolulu.
test-data generation for exception conditions Nigel Tracey,
John Clark, Keith Mander and John McDermid. Software Practice and
Experience, January 2000.
Safety Analysis with Automatic Test-Data Generation for Software
Safety Verification Nigel Tracey, John Clark, John McDermid
and Keith Mander. In the Proceedings of 17th International System Safety
Conference. August 1999. Pages 128-137.
Automated Testing with Exception Freeness Proofs for Safety Critical
Systems Nigel Tracey, John Clark, Keith Mander and John McDermid.
In the Proceedings of 4th Australian Workshop on Safety Critical Systems
and Software. Australian Computer Society. November 1999.
- A Search Based
Automated Test Data Generation for High Integrity Systems. Nigel Tracey,
John Clark, Keith Mander and John McDermid. Chapter 12 of Systems
Engineering for Buisness Process Change (New Directions). Peter Henderson
(Ed). Springer. ISBN 1852333995.
Papers with Sun Woo Kim as primary author
V&V for High Integrity Systems, a Targeted Formal Methods Approach
Simon Burton, John Clark, Andy Galloway and John McDermid
In Proceedings of the NASA Langley Formal Methods Workshop, 13-15
and Test and Automation. Simon Burton, John Clark and John McDermid.
Short paper. Proceedings of the Workshop on Program Analysis and Automated
Testing, International Conference in Software Engineering (ICSE) 2000.
- Automatic Test Generation from Statechart Specifications.
Simon Burton, John Clark and John McDermid. FATES 2001.
Collective papers with a significant V&V component:
Test Set Adequacy for Object-Oriented Programs Using Class Mutation
Sun-Woo Kim, John Clark, and John McDermid. In the Proceedings
of Symposium on Software Technology (SoST'99). Pages 72-83, September
Rigorous Generation of Java Mutation Operators Using HAZOP Sun-Woo
Kim, John Clark, and John McDermid. In the Proceedings of the 12th
International Conference on SOFTWARE & SYSTEMS ENGINEERING and
their APPLICATIONS (ICSSEA'99). December 1999.
- The Rigorous
Generation of Java Mutation Operators Using HAZOP (Technical Report)
Sun-Woo Kim, John Clark, and John McDermid. Under review
at the moment. August 1999. This is a more detailed version of the
- Class Mutation:
Mutation Testing For Object Oriented Programs Sun-Woo Kim, John
Clark, and John McDermid. In the Proceedings of the FMES 2000. October
the Applicability of Traditional Test Adequacy Criteria For Object Oriented
Programs Sun-Woo Kim, John Clark, and John McDermid. In the
Proceedings of the ObjectDays 2000. October 2000.
the effectiveness of Object Oriented Testing Strategies with the Mutation
Method Sun-Woo Kim, John Clark, and John McDermid. In the Proceedings
of the Mutation 2000. San Jose 6-7 October 2000. One of three papers
also selected to appear in a special issue of STVR.
Envisaged further work. More on security and e-commerce.
More on testing, particularly formal methods and testing, testing
OO languages and higher level testing. Work on reverse engineering
(a la Michael Ernst) and falsification. Also quantum computing. It
is unlikely that work on testing precision of programs and time-precision
tradeoffs will ever get done at all despite being an interest since
1996:-)) Or then again, maybe it might.
A Change-Oriented Process for Engine Controllers Darren Buttle,
John Clark, John McDermid, Alan Stephenson and Nigel Tracey IEE Software.
Vol. 146(3)130-136, June 1999.
Industrially Applicable Formal Methods: Three Small Steps, and One
Giant Leap. John McDermid, Andy Galloway, Simon Burton, John Clark,
Ian Toyn, Nigel Tracey and Sam Valentine. In the Proceedings of IEEE
ICFEM (International Conference on Formal Engineering Methods). December
- A Safety
Change Oriented Process for Safety-Critical Systems Nigel Tracey,
Alan Stephenson, John Clark and John McDermid. In the Proceedings of
Software Change and Evolution Workshop. IEEE International Conference
on Software Engineering. May 1999.
- Analysing High Integrity Systems by John A Clark,
John A McDermid and Alan Burns. Computing & Control Engineering
Journal, Vol 5 No 1, Feb 1994.
Here are some people
working in testing in the UK
Pointers to some papers on PLCs
- Four Methods in Maintenance Scheduling. Edmund
Burke, John Clark and Alistair Smith. Proceedings of the International
Conference on Neural Networks and Genetic Algorithms 1997 (ICANNGA
Quantum Computing and Security
Working in the area of Genetic Programming for Quantum
Algorithms with Paul Massey. I am currently thinking about other
aspects of heuristic techniques and quantum artifacts (e.g. use of model
checking and evolutionary techniques for the automated design synthesis
of quantum protocols).
Together with Jeremy Jacob I provide
advice to UK Govt. on aspects relating to the computer security evaluation
of high integrity products to the highest confidence levels (principally
ITSEC E6). Progress doesn't just happen in academia - this really is
at the leading edge of industrial formal methods.
Field Programmable Gate Arrays
Don't you just love them? You should. See in FPGAsPart