Security and Privacy
About Us
We are working on novel and practical solutions to improve the security and privacy of large real-world systems. Our research includes both attack and defense approaches that work on different layers, from web APIs, ML models, core software libraries to micro-architecture, firmware and hardware.
Staff
| Given name | Family name | Position | Profile | |
|---|---|---|---|---|
| Chitchanok | Chuengsatiansup | Senior Lecturer | Profile | c.chuengsatiansup@unimelb.edu.au |
| Shaanan | Cohney | Lecturer | Profile | cohneys@unimelb.edu.au |
| Toby | Murray | Associate Professor | Profile | toby.murray@unimelb.edu.au |
| Olya | Ohrimenko | Associate Professor | Profile | olya.ohrimenko@unimelb.edu.au |
| Thuan | Pham | Arc DECRA Fellow | Profile | thuan.pham@unimelb.edu.au |
| Ben | Rubinstein | Professor | Profile | benjamin.rubinstein@unimelb.edu.au |
Graduate Researchers
| Given name | Family name | Profile | Thesis Title |
|---|---|---|---|
| Zhiyuan | Zhang | Profile | Investigating and mitigating performance interference of shared execution in browsers |
| Jiankai | Jin | Profile | Analysing utility and tradeoffs of multi-party machine learning |
| Lianglu | Pan | Profile | Automated vulnerability and flaw detection in network communications |
| Faxing | Wang | Profile | N/A |
| Wentao | Gao | Profile | Human-in-the-loop fuzzing for effective vulnerability discovery |
| Elisa | Shioji | Profile | N/A |
Projects
AUSMURI-MURI Cybersecurity Assurance for Teams of Computers and Humans
Researchers: Olya Ohrimenko, Toby Murray, Ben Rubinstein
Sensing Semiconductor Devices in Operando with Terahertz Waves
The project is founded upon a unique synergy between side-channel attacks and terahertz technology. It presents opportunities in dual-use of security and non-contact circuit evaluation. This project will focus on a proof of concept in actual scenarios with those semiconductor devices operating at their GHz clock speeds. A novel terahertz system will be purposely built from off-the-shelf components.
Researchers: Chitchanok Chuengsatiansup
Intelligent Technologies for Smart Cryptography
This project aims to improve cybersecurity by automating the process of generating cryptographic software for smart devices. The expected outcomes are tools that automatically produce efficient cryptographic software that resists attacks. The main benefit of this project is to reduce the amount of expert labour required when developing secure software.
Researchers: Chitchanok Chuengsatiansup
Automatic Post-Quantum Cryptographic Code Generation and Optimization
Quantum computers will break currently deployed cryptosystems, risking our privacy in daily email communications, integrity of online business transactions, confidentiality of national secrets, and global digital security. Translating quantum-resistant cryptographic algorithms into efficient implementations requires experts and their time. This project aims at automatizing this process by developing a toolkit to automatically generate optimized post-quantum cryptographic code.
Researchers: Chitchanok Chuengsatiansup
Evaluating Post-Quantum Scheme Implementations
This project addresses an urgent need for quantum-safe and side-channel-secure cryptosystems. The project will develop a toolkit to automatically evaluate side-channel security of cryptographic software implemented in high-level languages. It will further perform an evaluation of the security of implementations of 15 post-quantum schemes in two languages, Java and C#.
Researchers: Chitchanok Chuengsatiansup
Leakage-Free Cryptography: Eliminating Side-Channel Leakage Using Compiler Optimization
This project aims to improve the state of the art of secure cryptographic implementations. We aim to provide three types of tools: (1) Cipher code generation techniques that take a mathematical representation of a cipher and produce optimized and side-channel secure code for the cipher; (2) Side-channel leakage emulators that process an implementation and assess the amount of side channel leakage from it; and (3) Code manipulation techniques, guided by the output of the leakage emulators, that modify code, preserving its semantics while eliminating side channel leakage. These tools will allow rapid development of secure cryptographic code, reducing development cost and allowing fast deployment.
Researchers: Chitchanok Chuengsatiansup
EdTech Privacy
This project investigates both the technological artifacts and governance processes that educational institutions use when deploying technology. Of specific interest are technologies with a security related function, such as exam integrity software.
Researchers: Shaanan Cohney
Novel Secure Protocols
This project looks to create new cryptographic protocols that provide advanced properties, such as mixing deniability and availability, or enabling cryptographically verifiable voting under constraints.
Researchers: Shaanan Cohney
Selective Data Flow-Guided Fuzzing — funded by Google
This project investigates the common blockers that prevent fuzzing from making progress (e.g., to find more vulnerabilities) and explores different solutions from selective data flow-guided fuzzing to automated fuzz driver generation to bypass those blockers.
Researchers: Toby Murray, Van Thuan Pham, Ben Rubinstein
Automated security for embedded systems/IoTs
This project explores practical solutions to fuzz test embedded systems that pose several challenges compared to normal software systems. For instance, we rarely have source code, and those systems have limited computing resources.
Researchers: Shaanan Cohney, Toby Murray, Van Thuan Pham