John Clark's Research

Research

Community Things (2003)

Regular reviewer as part of EPSRC College.

GECCO (Search Based Software Engineering) (PC)
Indocrypt 2003 (PC)
CEC (Cryptology and Security) (PC and invited session speaker)
UK SoftTest II (PC and local organiser).
TestCom 2004 (PC)
Tutorial at Indocrypt 2003 on Evolutionary Computing Approaches in Cryptology (December 6th 2003)
Dec 8-12th. Conference on Evolutionary Computation (CEC) 2003 - Special Session on Evolutionary Computation in Computer Security (invited speaker).

Here are some people I have worked with over the past few years (the founders of testing work at York)

Dr. Christophe Meudec (now at Carlow).
Dr. Nigel Tracey (Automated Test Data Generation) now with Realogy (DPhil - July 2001)
Dr. Simon Burton (Automated Test Data Generation) now at Daimler Chrysler (DPhil - July 2002)
Dr. Sun Woo Kim (Java Mutation Testing) now in South Korea (DPhil - July 2001)

Here are some current and soon to be PhD students (That's what we do now. DPhil's are no more, alas!):

Paul Massey (Quantum Computing, part-time, applying genetic programming techniques to quantum software - since October 2000). Co-supervised with Susan Stepney.
Jill (Thitima) Srivratanakul (Safety techniques in security, applied to aviation - since October 2001). Sponsored by the Royal Thai Government. Co-supervised with Fiona Polack.
Jenny (Yuan) Zhan (integrated design and testing for embedded systems via metaheuristics search - since January 2002) Rolls Royce UTC.
Matthew Russell (Metaheuristic search and cryptanalsys - (started October 2002) EPSRC departmental quota studentship. Co-supervised with Susan Stepney.
Chen Hao (working on metaheuristic search and protocols) (started October 2002). Co-supervised with Jeremy Jacob
Jafar Alhousseini - PKI rollout issues (from Jan 2004)
Joss Wright (non-standard models of security, anionymity and fairness etc.) From October 2003. Co-supervised with Susan Stepney.
One more - to be finalised soon.

MSc Research Students

Mark Chen. On automated testing of Handel C programs (for FPGAs) from November 2002. Co-supervised with Susan Stepney.
Liu Yang. On pervasive conmputing (from April 1 2003). Co-supervised with Susan Stepney.
Hong Lin. On artificial immune systems and intrusion detection. Co-supervised with Susan Stepney. From October 2003 (or very close to that:-)))

UG Project students October 2003- March 2004 (all research oriented - for a change)

Non-standard cryptanalysis (1)
Non-standard cryptanalysis (2)
Heuristic boolean function generation.
Evolutionary approaches to the geometry problems.
Genetic programming for DNA computing.
Model based testing (self defined)
Intrusion detection (self-defined)

It's fun and more productive to work with others who can do things I cannot. I am currently looking at the unification of security and safety concepts and techniques working with Fiona Polack (software engineering and general system modelling), Tim Kelly (safety, requirements, architectures) and Susan Stepney (just about everything). I am part of the EPSRC SEMINAL Network (looking into applications of metaheuristic search for software engineering applications). I am also part of the EPSRC's FORTEST Network (formal methods and testing).

Previous EPSRC grants:

SEMSPLC (rated alpha-4)
ROPA: Verification of Non-functional Requirements (rated alpha-4)
CONVERSE: (rated uniformly alpha-4/tending to outstanding)

Some recent collaborative papers:

FORTEST: Formal Methods and Testing. Position paper to COMPSAC 2002. Jonathan Bowen, Kirill Bogdanov, John Clark, Rob Hierons, Mark Harman, Paul Krause.

Pointers to some papers on Security and Cryptography

Invited session paper. Exact title to be decided but had better be finished by September 2nd. John Clark. To be presented at Conference on Evolutionary Computation 2003. Special session on Computer Security. December 2003, Canberra.
Almost Boolean Functions: the design of boolean functions by spectral inversion. John A Clark, Jeremy L Jacob., Subhamoy Maitra and Pante Stanica. To be presented at Conference on Evolutionary Computation 2003. Special session on Computer Security. December 2003, Canberra.
Automatic Design of Security Protocols. Chen Hao, John Clark and Jeremy Jacob. To be presented at Conference on Evolutionary Computation 2003. Special session on Computer Security. December 2003, Canberra.
Secret Agents Leave Big Footprints: How to plant a trapdoor in a cryptographic function and why you might not get away with it. Clark, Jacob, Stepney. GECCO 2003. Chicago, 11-15 July 2003. A bit of fun!!!
"Smart Devices and Software Agents: the Basics of Good Behaviour", Howard Chivers, John Clark, and Susan Stepney. Accepted for publication at. First International Conference on Security in Pervasive Computing. March 2003.
"Evolving Boolean Functions with Multple Criteria". John A Clark, Jeremy L Jacob, Susan Stepney, Subhamoy Maitra and William Millan. Accepted for Indocrypt 2002. Hydrabad, India. Dec 2002.
DPhil Thesis. Metaheuristic Search as a Cryptological Tool (YCST-2002-07.ps.gz)
The Heuristic Evolution of Security and Insecurity. (General article) John Clark and Jeremy Jacob. ERCIM News No. 49, April 2002.
Fault Injection and a Timing Channel on an Analysis Technique. John A Clark and Jeremy L Jacob. To appear in Proceedings of Eurocrypt 2002.
Protocols are Programs Too: the Meta-heuristic Search for Security Protocols. John A Clark and Jeremy L Jacob. IS&T Special Issue on Metheuristics for Software Engineering (December 2001).
Two Stage Optimisation in the Design of Boolean Functions John A Clark and Jeremy L Jacob. Proceedings of the 5th Australian Conference on Security and Information Privacy 2000 (ACSIP 2000).
Searching for a Solution: Engineering Tradeoffs and the Evolution of Provably Secure Protocols. John A Clark and Jeremy L Jacob. In proceedings of IEEE Symposium on Security and Privacy, Oakland, 14-17 May, 2000.
On the Security of Recent Protocols (Postscript) Information processing Letters 56 (1995). John A Clark and Jeremy L Jacob. pp 151-155.
Attacking Authentication Protocols (Postscript) John A Clark and Jeremy L Jacob. HISJ Vol 1 No. 5 1996.
An Introduction to Security in Distributed Systems. Jonathan D Moffett and John A Clark, HISJ Vol 1 No 3, 1995.
Automated Intrusion Detection Leigh Rowland and John A Clark. HISJ Vol 1 No. 2 1995.

Security Work Submitted, In Preparation or In Progress (2003)

Here is the work I am directly involved in this year that will hopefully appear in print soon:

CSP and Mutation for Security. Jill S, JAC, FACP, SS. (Submitted)
Security Zonal Analysis (JS, JAC, FACP). Yellow report soon to be completed (Sept 2003)
Paper on use cases and HAZOPs for security. (JS, JAC, FACP). Journal paper to be submitted (Sept 2003)
Metaheuristics for Cryptanalytic Approximations. John A Clark and Jeremy L Jacob (Work in progress. Also some interesting related work being done by Matthew Russell, one of my MMath students). See Project list for 2001-2202
Towards a Unified Critical Systems Development Approach. John Clark, Tim Kelly, Fiona Polack and Susan Stepney. In preparation.
Security Protocols Review (DRAFT) (Gzipped postscript available for comment). Security Protocols Review (DRAFT) John A Clark and Jeremy L Jacob (Gzipped postscript available for comment).

Please note also the very useful formalisation by Clóvis Freire Júnior of the University of Brasilia. This is available here.
Please note also new security protocols web page. This is available here.

Security Protocols Review (DRAFT) (Postscript available for comment).
Implementation Dependencies (Gzipped Postscript available for comment).
Finalisation may break security properties(with Susan Stepney and Howard Chivers).

My interest lies predominantly in cryptanalysis using metaheuristic search techniques. I have been working at this for some time. The Eurocrypt 2002 paper is the first of this to see publication. There will be more to come. I also have a more general interest in quantum things and hope to push some work in this area with respect to security.

The most interesting work I am doing at the moment is in cluster analysis and self-organising networks with particular application to cryptanalysis. Written in green ink to reflect what most people think of this.

Before any more people ask - we WILL update the protocols review!

Look out for Boyd and Mathuria's new book "Protocols for Key Establishment" (Spinger). In Prep (23.05.2002).

Pointers to some papers on Software Testing

Software Testing has once again become a research focus at York. I have been primarily interested in testing of secure systems and protocols but now I manage the testing group here. We are fortunate in working with a number of Research Associates and Students who make software testing fun. They are responsible for organising our local TestSig and organsised a UK research testing workshop here at York (17-18 September 1998 - see TestSig for details).

Here are some (postscript) papers that have resulted. For latest info on papers (and other formats, e.g. PDF) refer to the TestSig publications page . Papers with Nigel Tracey as primary author:

Automated Program Flaw Finding using Simulated Annealing Nigel Tracey, John Clark and Keith Mander. In Software Engineering Notes Issue 23 Number 2, the Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). USA, March 1998. Pages 73-81.
The Way Forward for Unifying Dynamic Test-Case Generation: The Optimisation-Based Approach. Nigel Tracey, John Clark and Keith Mander. In the Proceedings of the IFIP International Workshop on Dependable Computing and Its Applications (DCIA). South Africa, January 1998. Pages 169-180.
An Automated Framework for Structural Test Data Generation Nigel Tracey, John Clark, Keith Mander and John McDermid. In the Proceedings of the ACM/IEEE Automated Software Engineering1998, Honolulu.
Automated test-data generation for exception conditions Nigel Tracey, John Clark, Keith Mander and John McDermid. Software Practice and Experience, January 2000.
Integrating Safety Analysis with Automatic Test-Data Generation for Software Safety Verification Nigel Tracey, John Clark, John McDermid and Keith Mander. In the Proceedings of 17th International System Safety Conference. August 1999. Pages 128-137.
Integrating Automated Testing with Exception Freeness Proofs for Safety Critical Systems Nigel Tracey, John Clark, Keith Mander and John McDermid. In the Proceedings of 4th Australian Workshop on Safety Critical Systems and Software. Australian Computer Society. November 1999.
A Search Based Automated Test Data Generation for High Integrity Systems. Nigel Tracey, John Clark, Keith Mander and John McDermid. Chapter 12 of Systems Engineering for Buisness Process Change (New Directions). Peter Henderson (Ed). Springer. ISBN 1852333995.

This all dovetails nicely with Simon Burton's Work on automated test data/case generation. Papers with Simon Burton as primary author

Automated V&V for High Integrity Systems, a Targeted Formal Methods Approach Simon Burton, John Clark, Andy Galloway and John McDermid In Proceedings of the NASA Langley Formal Methods Workshop, 13-15 June 2000.
Proof and Test and Automation. Simon Burton, John Clark and John McDermid. Short paper. Proceedings of the Workshop on Program Analysis and Automated Testing, International Conference in Software Engineering (ICSE) 2000.
Automatic Test Generation from Statechart Specifications. Simon Burton, John Clark and John McDermid. FATES 2001.

Papers with Sun Woo Kim as primary author

Assessing Test Set Adequacy for Object-Oriented Programs Using Class Mutation Sun-Woo Kim, John Clark, and John McDermid. In the Proceedings of Symposium on Software Technology (SoST'99). Pages 72-83, September 1999.
The Rigorous Generation of Java Mutation Operators Using HAZOP Sun-Woo Kim, John Clark, and John McDermid. In the Proceedings of the 12th International Conference on SOFTWARE & SYSTEMS ENGINEERING and their APPLICATIONS (ICSSEA'99). December 1999.
The Rigorous Generation of Java Mutation Operators Using HAZOP (Technical Report) Sun-Woo Kim, John Clark, and John McDermid. Under review at the moment. August 1999. This is a more detailed version of the above paper.
Class Mutation: Mutation Testing For Object Oriented Programs Sun-Woo Kim, John Clark, and John McDermid. In the Proceedings of the FMES 2000. October 2000.
Investigating the Applicability of Traditional Test Adequacy Criteria For Object Oriented Programs Sun-Woo Kim, John Clark, and John McDermid. In the Proceedings of the ObjectDays 2000. October 2000.
Investigating the effectiveness of Object Oriented Testing Strategies with the Mutation Method Sun-Woo Kim, John Clark, and John McDermid. In the Proceedings of the Mutation 2000. San Jose 6-7 October 2000. One of three papers also selected to appear in a special issue of STVR.

Collective papers with a significant V&V component:

CONVERSE: A Change-Oriented Process for Engine Controllers Darren Buttle, John Clark, John McDermid, Alan Stephenson and Nigel Tracey IEE Software. Vol. 146(3)130-136, June 1999.
Towards Industrially Applicable Formal Methods: Three Small Steps, and One Giant Leap. John McDermid, Andy Galloway, Simon Burton, John Clark, Ian Toyn, Nigel Tracey and Sam Valentine. In the Proceedings of IEEE ICFEM (International Conference on Formal Engineering Methods). December 1998.
A Safety Change Oriented Process for Safety-Critical Systems Nigel Tracey, Alan Stephenson, John Clark and John McDermid. In the Proceedings of Software Change and Evolution Workshop. IEEE International Conference on Software Engineering. May 1999.
Analysing High Integrity Systems by John A Clark, John A McDermid and Alan Burns. Computing & Control Engineering Journal, Vol 5 No 1, Feb 1994.

Envisaged further work. More on security and e-commerce. More on testing, particularly formal methods and testing, testing OO languages and higher level testing. Work on reverse engineering (a la Michael Ernst) and falsification. Also quantum computing. It is unlikely that work on testing precision of programs and time-precision tradeoffs will ever get done at all despite being an interest since 1996:-)) Or then again, maybe it might.

Here are some people working in testing in the UK

Pointers to some papers on PLCs

SEMSPLC: The Virtual PLC Development Environment (Word)
SEMSPLC: Holistic Schedulability Analysis for Hard Real-time Systems (Postscript) A variant of this appeared in Microprocessing and Microprogramming 40 (1994). Ken Tindell and John Clark.
SEMSPLC: Adding Offsets to Hard Real Time Schedulability Analysis (Postscript) (Ken Tindell)
The Satisfaction of PLC Timing Constraints. John Clark and Ken Tindell, HISJ Volume 1 No 2. 1994.

Other Papers

Four Methods in Maintenance Scheduling. Edmund Burke, John Clark and Alistair Smith. Proceedings of the International Conference on Neural Networks and Genetic Algorithms 1997 (ICANNGA 97).

Quantum Computing and Security

Working in the area of Genetic Programming for Quantum Algorithms with Paul Massey. I am currently thinking about other aspects of heuristic techniques and quantum artifacts (e.g. use of model checking and evolutionary techniques for the automated design synthesis of quantum protocols).

Formal Methods

Together with Jeremy Jacob I provide advice to UK Govt. on aspects relating to the computer security evaluation of high integrity products to the highest confidence levels (principally ITSEC E6). Progress doesn't just happen in academia - this really is at the leading edge of industrial formal methods.

Field Programmable Gate Arrays

Don't you just love them? You should. See in FPGAsPart of NonstandardComp