UoY Security Group

Department of Computer Science
Security Group

Home
People
Publications
Projects
Links
Seminars

Publications

2010 |2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998 and beyond

To appear

The Grammatical Evolution of Boolean Functions with Cryptographic Significance. Mark Read and John A Clark.
Mission Specific Security. Yow Tzu Lim, John A Clark, Pau-Chen Cheng and Juan Estevez Tapiador. COMPLETE - TO BE SUBMITTED.

2011

Masquerade mimicry attack detection: A randomised approach. Juan E. Tapiador and John A. Clark. Computers & Security",V(3) No. 5, pp 297 – 310, 2011. http://www.sciencedirect.com/science/article/pii/S0167404811000654
Evolutionary compuitation techniques for intrusion detection in Mobile ad hoc networks. Sevil Sen and John A Clark. In oress. Computer Networks (Elsevier) 2011. .doi:10.1016/j.comnet.2011.07.001
Decorrelating WSN Traffic Patterns with Maximally Uninformative Constrained Routing. Juan E Tapiador, Mudhakar Srivatsa, John A Clark and John A McDermid. WNCS 2011

2010

Information-Theoretic Detection of Mimicry Masquerade Attacks. J.E. Tapiador, J.A. Clark. Original paper accepted to Network and System Security 2010. One of ten papers invited for extension and further reviewing to Computers and Security). Original conference acceptance rate was 15%. 10 from 30 accepted papers invited.
Risk Based Access Control with Uncertain and Time-dependent Sensitivity.
J.A. Clark, J.E. Tapiador, J. McDermid, P.-C. Cheng, D. Agrawal, N. Ivanic, D. Sloggett
(download). To appear as a book chapter, selected from those papers accepted to SECRYPT 2010
A shoal of phish: four studies of individual differences in detecting phishing emails. Mark Blyth, Helen Petrie, and John A Clark. Delivered at CHI 2011
Metaheuristic Traceability Attack against SLMAP, an RFID Lightweight Authentication Protocol. Julio C Hernandez-Castro, Juan M E Tapiador, Pedro Peris Lopez, John A Clark and El Ghazali Tabli. International Journal of Foundations of Computer Science (IJFCS) Special Issue
Learning Autonomic Security Reconfiguration Policies. J.E. Tapiador, J.A. Clark
Third IEEE International Symposium on Trust, Security and Privacy for Emerging Applications (TSP-10) (download)
Risk Based Access Control with Uncertain and Time-dependent Sensitivity.
J.A. Clark, J.E. Tapiador, J. McDermid, P.-C. Cheng, D. Agrawal, N. Ivanic, D. Sloggett
SECRYPT 2010 (download)
Information-Theoretic Detection of Mimicry Masquerade Attacks
J.E. Tapiador, J.A. Clark. Network and System Security 2010. (download)
A Perspective on Trust, Security and Autonomous Systems. Will Harwood, Jeremy L Jacob, and John A Clark. LIS 2010. (download)
Networks of Trust and Distrust: Towards Logical Reputation Systems. Will Harwood, Jeremy L Jacob, and John A Clark. (download)
The Phish in the Pond: Scam emails as literature . Mark Blythe and John A Clark. Critical Dialogue: Interaction, Experience and Cultural Theory Workshop on April 10 2010, in association with ACM CHI 2010 in Atlanta, Georgia (download)
Fine-Grained Timing using Genetic Programming.
D.R. White, J.E. Tapiador, J.C. Hernandez-Castro, J.A. Clark
EuroGP 2010, LNCS 6021:325-336. Springer-Verlag. (download)
Boolean Coherence: Does it make sense‌ Will Harwood, Jeremy L Jacob, and John A Clark. Logics in Systems Analysis, Edinburgh, July 2010 (download)
Optimising IDS Sensor Placement. Hao Chen, John A. Clark, Siraj A. Shaikh, Howard Chivers, Philip Nobles (download)
Defending the Weakest Link: Detection of Phishing Websites by User Behaviours. Xun Dong, Jeremy Jacob and John A Clark. Telecommun Syst (2010) 45: 215–226. DOI 10.1007/s11235-009-9247-9 (download)
Dynamic Security Policy Learning. Yow Tzu Lim, Pau Chen Cheng, Pankaj Rohatgi, John A Clark. IBM Research Report RC24865. (Published by IBM) (download)
Continuous Security Policy Learning. Yow Tzu Lim , Pau-Chen Cheng, Pankhaj Rohatgi, and John A Clark. 1st ACM Workshop on Information Security Governance.
Towards scalable intrusion Detection. Shaikh, S.A., Chivers, H., Nobles, P., Clark, J.A. and Chen, H. Network Security. Elsevier.
Security Threats in Mobile Ad Hoc Networks. Sevil ‌en, John A.Clark, Juan E. Tapiador (Book Chapter) (download)
Risk Profiles and Distributed Risk Assessment. Howard Chivers, John A Clark and Pau-Chen Cheng (IBM). JOURNAL ACCEPTED TO: Computers and Security. (download)
Knowing Who to Watch: Accumulating Evidence of Subtle Attacks. Howard Chivers, John A. Clark, Philip Nobles, Siraj A. Shaikh and Hao Chen. Information Systems Frontiers. DOI: 10.1007/s10796-010-9268-7 (download)
Power-Aware Intrusion Detection on Mobile Ad Hoc Networks. Sevil Sen, John A. Clark, and Juan E. Tapiador. AdHocNets 2009. (download)
A Multi-Objective Optimisation Approach to IDS Sensor Placement. Hao Chen, John A. Clark, Juan E. Tapiador, Siraj A. Shaikh, Howard Chivers, and Philip Nobles. CICIS 2009. (download)

2009

P. Peris-Lopez, J.C. Hernandez-Castro, J.E. Tapiador, E. San Millan, J.C.A. van der Lubbe. Security Flaws in an Efficient Pseudo-Random Number Generator for Low-Power Enviroments. 1st International Workshop on Security in Emerging Wireless Communication and Networking Systems (SEWCN09), in conjunction with SecureComm09, Athens, Greece, September 14 2009.
E. Palomar, A. Ribagorda, J.E. Tapiador, J.C. Hernandez-Castro. Effects of Cooperation-based Peer-to-Peer Authentication on System Performance. 2009 Workshop on Secure Multimedia Communication and Services (SECMCS'09). Wuhan, China, November 18-20, 2009
P. Peris, T. Li, J.C. Hernandez-Castro, J.E. Tapiador. Practical Attacks on a Mutual Authentication Scheme under the EPC Class-1 Generation-2 Standard. Computer Communications 32(7-10):1185-1193 (2009)
S. Sen, J.A. Clark, J.E. Tapiador Power-Aware Intrusion Detection in Mobile Ad Hoc Networks 1st International Conference on Ad Hoc Networks (AdHocNets 2009). Niagara Falls, Ontario, Canada, September 23-25, 2009.
H. Chen, J.A. Clark, J.E. Tapiador, S.A. Shaikh, H. Chivers, P. Nobles A Multi-Objective Optimisation Approach to IDS Sensor Placement 2nd International Workshop on Computational Intelligence in Security for Information Systems (CISIS 2009). Burgos, Spain, September 23-26, 2009
Sevil Sen and John A Clark. Intrusion Detection in Mobile Ad Hoc Networks. Guide to Wireless Ad Hoc Networks, Chapter 17. Springer-Verlag, January 2009.
Sevil Sen and John A Clark. A Grammatical Evolution Approach to Intrusion Detection on Mobile Ad Hoc Networks. WiSec 2009.
Julio C Hernandez-Castro, Juan M E Tapiador, Pedro Peris Lopez, John A Clark and El Ghazali Tabli. Metaheuristic Traceability Attack against SLMAP, an RFID Lightweight Authentication Protocols. Proceedings of the 23rd IEEE International Parallel & Distributed Processing Symposium 2009. May 2009.
Shaikh, S.A., Chivers, H., Nobles, P., Clark, J.A. and Chen, H. A Deployment Value Model for Intrusion Detection Sensors. Proceedings 3rd International Conference on Information Security and Assurance. LNCS 5576.
Howard Chivers, Philip Nobles, Siraj A. Shaikh, John A. Clark, Hao Chen. Accumulating Evidence of Insider Attacks. 1st International workshop on Managing Insider Threats (MIST). Held in Conjunction with IFIPTM.
Shaikh, S.A., Chivers, H., Nobles, P., Clark, J.A. and Chen, H. Towards scalable intrusion detection. Network Security, Volume 2009, Issue 6, June 2009, Pages 12-16.
Yow Tzu Lim , Pau-Chen Cheng, Pankhaj Rohatgi, and John A Clark. Continuous Security Policy Learning. 1st ACM Workshop on Information Security Governance, 2009.
J.C. Hernandez-Castro, J.E. Tapiador, P. Peris, T. Li, J.-J. Quisquater Cryptanalysis of the SASI Ultralightweight RFID Authentication Protocol with Modular Rotations. International Workshop on Coding and Cryptography 2009, Ullensvang (Norway), May 10-15, 2009.
P. Peris, J.C. Hernandez-Castro, J.E. Tapiador, T. Li, J.C.A. van der Lubbe. Discovering Weaknesses in Two Recent Lightweight RFID Authentication Protocols RFIDSec 2009.

2008

Jim Woodcock, Susan Stepney, David Cooper, John A. Clark, Jeremy L. Jacob. The certification of the Mondex electronic purse to ITSEC Level E6. Formal Aspects of Computing 20(1):5-19, 2008.
Shaikh, S.A., Chivers, H., Nobles, P., Clark, J.A. and Chen, H. Network Reconnaissance Network Security, Vol 2008, Issue 11, November 2008, Pages 12-16.
Shaikh, S.A., Chivers, H., Nobles, P., Clark, J.A. and Chen, H. Characterising intrusion detection sensors. Network Security, Elsevier. Volume 2008, Issue 9, September 2008, Pages 10-12.
Sevil Sen and John A Clark. Evolving Intrusion Detection Rules on Mobile Ad Hoc Networks. Pacific Rim Conference on Artificial Intelligence (PRICAI) December 2008.
Yow Tzu Lim, Pau Chen-Cheng, John A Clark and Pankaj Rohatgi. Policy Evolution with Genetic Programming: a Comparison of Three Approaches. IEEE Congress on Evolutionary Computation 2008.
Yow Tzu Lim, Pau-Chen Cheng, Pankaj Rohatgi, John A Clark. MLS security policy evolution with genetic programming. ACM GECCO 2008.
Yow Tzu Lim, Pau Chen Cheng, John A Clark and Pankaj Rohatgi. Policy Evolution with Grammatical Evolution. The Seventh International Conference on Simulated Evolution And Learning (SEAL'08). December 2008, Melbourne, Australia.
Xun Dong, John A Clark and Jeremy Jacob. Threat Modelling in User Performed Authentication. 10th International Conference on Information and Computer Security (ICICS) 2008. Birmingham, UK. October 2008.
Xun Dong, John A Clark and Jeremy L Jacob. Modelling User-Phishing Interaction. Human System Interaction, May 25-27, 2008, Krakow, Poland
Xun Dong, Jeremy Jacob and John A Clark. Detection of Phishing Websites by User Behaviours. International Multi-conference on Computer Science and Information Technology. Wisla Poland, October 2008.

2007

J.M.E. Tapiador, J.A. Clark, J.C. Hernandez-Castro. Non-Linear Cryptanalysis Revisited: Heuristic Search for Approximations to S-boxes. IMA Conf. Crypto and Coding 2007. LNCS 4887:99-117. Springer-Verlag.
J.M.E. Tapiador, J.C. Hernandez-Castro, J.A. Clark. Heuristic Search for Non-Linear Cryptanalytic Approximations. CEC 2007. IEEE Press.
John A. Clark, John Murdoch, John A. McDermid, Sevil Sen, Howard R. Chivers, Olwen Worthington and Pankaj Rohatgi. Threat Modelling for MANETs and Sensor Networks. ACITA 2007.
John Murdoch, John A Clark, John McDermid, Howard Chivers, Olwen Worthington and Pankaj Rohatgi. Aggregation of Information Leaked by a MANET. ACITA 2007.

2006

Hao Chen, John A. Clark, Jeremy Jacob. Human competitive security protocols synthesis. GECCO 2006, pp. 1855-1856.

2005

Yang Liu, John A Clark and Susan Stepney. Devices are People Too: Using Process Patterns to Elicit Security Requirements in Novel Domains: a ubiquitous healthcare example. 2nd International Conference on Security in Pervasive Computing 2005.
Jill Srivatanakul, John A Clark and Fiona Polack. Stressing Security Requirements: Exploiting the Flaw Hypothesis Method with Deviational Techniques. Symposium on Requirements Engineering for Information Security, in conjunction with RE 05 - 13th IEEE International Requirements Engineering Conference, Paris, 29 August 2005.
John A. Clark, Susan Stepney, Howard Chivers. Breaking the Model: finalisation and a taxonomy of security attacks. REFINE 2005, Surrey, UK. ENTCS 137(2):225-242, 2005.
Joss Wright, Susan Stepney, John A. Clark, Jeremy Jacob. Formalizing Anonymity: a review.. Technical Report YCS-2005-389, University of York, 2005.

2004

Pantelimon Stanica, Subhamoy Maitra and John A Clark. Results on Rotation Symmetric Bent and Correlation Immune Boolean Functions. Fast Software Encryption 2004. Delhi, India, February 5-7, 2004. Lecture Notes in Computer Science, Vol. 3017.
Hao Chen, John A Clark and Jeremy L Jacob. The Synthesis of Effective and Efficient Security Protocols. Second International Joint Conference on Automated Reasoning (ARSPA). Cork, Ireland. July 2004, pp 25-41. Also: ENTCS Volume 125, Issue 1, March 2005.
Jill Srivatanakul, John A Clark and Fiona Polack. Effective Security Requirements Analysis: HAZOPs and Use Cases. Information Security, 7th International Conference, ISC 2004, Palo Alto, CA, USA, September 27-29, 2004, Proceedings, Lecture Notes in Computer Science , Vol. 3225, pp 416-427.
John A Clark, Jeremy L Jacob and Susan Stepney. The Design of S-Boxes by Simulated Annealing. Next Generation Computing Journal, 2005.
John A Clark, Jeremy L Jacob, Subhamoy Maitra and Pantelimon Stanica. Almost Boolean Functions: the Design of Boolean Functions by Spectral Inversion. Computational Intelligence Volume 20, Number 3, pp 450-462. Special Issue on Evolutionary Computing in Cryptography and Security. August 2004
Hao Chen, John Clark and Jeremy Jacob. Automatic Design of Security Protocols. Computational Intelligence Volume 20, Number 3, pp 503--516. Special Issue on Evolutionary Computing in Cryptography and Security. August 2004
Howard Chivers and John A Clark. Smart Dust -- Friend or Foe? Replacing Identity with Configuration Trust. Computer Networks 46 (2004). COMNET Special Issue on Future Advances in Military Communications Systems and Technologies. pp.723-740.
Phil Brooke, Richard Paige, John A Clark and Susan Stepney. Playing the game: Cheating, Loopholes and Virtual Identity. ACM Computers and Society, 2004.
Hao Chen, John A Clark and Jeremy L Jacob. A Search-based Approach to the Automated Design of Security Protocols.York Computer Science Technical Report YCS-2204-376.
John A Clark, Susan Stepney and Howard Chivers. Breaking the model: finalisation and a taxonomy of security attacks. York Computer Science Technical Report YCS-2004-371.
Jill Srivatanakul, John A Clark and Fiona Polack. Security Zonal Analysis. York Computer Science Technical Report YCS-2004-274. 14 May 2004.
Jill Srivatanakul, John A Clark and Fiona Polack. Writing Effective Security Abuse Cases. Yellow Technical Report YCS-2004-375. 14 May 2004.

2003

Jill Srivatanakul, John Clark, Fiona Polack and Susan Stepney. Challenging Formal Specifications with Mutation: A CSP security Example. APSEC 2003.
Matthew Russell, John A. Clark, Susan Stepney. Using Ants to Attack a Classical Cipher. Genetic and Evolutionary Computation Conference: AAAI Genetic and Evolutionary Computation Conference (GECCO) 2003, Chicago, USA, July 2003. Poster Paper. pp.146-147. Lecture Notes in Computer Science Vol 2723.
Howard Chivers, John Clark and Susan Stepney. Smart Devices and Software Agents: the Basics of Good Behaviour. First International Conference on Security in Pervasive Computing, Boppard, Germany, March 12-14, 2003. Lecture Notes in Computer Science 2802.
P.J. Brooke and R.F. Paige. Fault Trees for Security System Analysis and Design. Journal of Computers and Security, 22(3):256-264, Elsevier, May 2003.
John A Clark, Jeremy L Jacob, Susan Stepney. Secret Agents Leave Big Footprints: How to plant a trapdoor in a cryptographic function and why you might not get away with it. GECCO 2003. Chicago, 11-15 July 2003.
John A. Clark, Jeremy L. Jacob, Subhamoy Maitra, Pantelimon Stanica. Almost Boolean Functions: the Design of Boolean Functions by Spectral Inversion. Conference on Evolutionary Computation. Special Session on Evolutionary Computation in Computer Security and Cryptography. Canberra, 8-12 December 2003. Also in Journal of Computational Intelligence -- Special Issue on Evolutionary Computing in Security and Cryptology.
Matthew Russell, John A Clark and Susan Stepney. Making the most of Two Heuristics: Breaking Transposition Ciphers with Ants. Conference on Evolutionary Computation. Special Session on Evolutionary Computation in Computer Security and Cryptography. Canberra, 8-12 December 2003.
John A Clark. Nature-Inspired Cryptography: Past, Present and Future. (Invited paper.) Conference on Evolutionary Computation. Special Session on Evolutionary Computation in Computer Security and Cryptography. Canberra, 8-12 December 2003.
Hao Chen, John A. Clark, Jeremy L. Jacob. Automated Design of Security Protocols. Conference on Evolutionary Computation. Special Session on Evolutionary Computation in Computer Security and Cryptography. Canberra, 8-12 December 2003.
Andreas Schaad. A Framework for Organisational Control Principles. PhD Thesis, Department of Computer Science, University of York, 2003.
Moffett, J. D. and Nuseibeh, B.A. A Framework for Security Requirements Engineering. Report YCS 368 (2003). Department of Computer Science, University of York.
Kern, A., Schaad, A. and Moffett, J. D. An Administration Concept for the Enterprise Role-Based Access Control Model. 8th ACM Symposium on Access Control Models and Technologies: SACMAT 2003, Lake Como, Italy,June 2003. ACM Press.

2002

Schaad, A. and J. Moffett. A Framework for Organisational Control Principles. 18th Annual Computer Security Applications Conference. 2002. Las Vegas, Nevada, USA.
Kern, A., Kuhlmann, M., Schaad, A., Moffett, J. Observations on the Role life-cycle in the context of Enterprise Security Management. In 7th ACM Symposium on Access Control Models and Technologies (SACMAT). 2002. Monterey, CA. (ACM).
Schaad, A. and J. Moffett. A Lightweight Approach to Specification and Analysis of Role-based Access Control Extension. In 7th ACM Symposium on Access Control Models and Technologies (SACMAT). 2002. Monterey, CA. June 2002. ACM Press.
John A Clark and Jeremy L Jacob. Fault Injection and a Timing Channel on an Analysis Technique. Eurocrypt 2002. Amsterdam. April 28- May 2, 2002.
John A Clark. Metaheuristic Search as a Cryptological Tool. DPhil Thesis.
John Clark and Jeremy Jacob. The Heuristic Evolution of Security and Insecurity. ERCIM News No. 49, April 2002.
Schaad, A. and J. Moffett. Delegation of Obligations. In 3rd IEEE Workshop on Policies for Distributed Systems and Networks (POLICY 2002). 2002. Monterey, CA, USA, June 2002.
John A Clark, Jeremy L Jacob, Susan Stepney, Subhamoy Maitra and William Millan. Evolving Boolean Functions Satisfying Multiple Criteria. Indocrypt 2002. Hydrabad, India. Dec 2002.

2001

John A Clark and Jeremy L Jacob. Protocols are Programs Too: the Meta-heuristic Search for Security Protocols. Information and Sofware Technology, Special Issue on Meta-heuristics for Software Engineering 43(14):891-904, Dec 2001.
Andreas Schaad and Jonathan Moffett. The Incorporation of Control Principles into Access Control Policies. Extended Abstract, Policy 2001 Workshop Bristol, UK
Andreas Schaad. Conflict Detection in a Role-based Delegation Model. In 17th Annual Computer Security Applications Conference, New Orleans, December 2001.
Schaad, A., J. D. Moffett, et al. The Role-Based Access Control System of a European Bank: A Case Study and Discussion. SACMAT 2001: 6th ACM Symposium on Access Control Models and Technologies, Chantilly, VA, USA. ACM Press.

2000

John A Clark and Jeremy L Jacob. Two Stage Optimisation in the Design of Boolean Functions. Proceedings of the 5th Australian Conference on Security and Information Privacy 2000 (ACSIP 2000).
John A Clark and Jeremy L Jacob. Searching for a Solution: Engineering Tradeoffs and the Evolution of Provably Secure Protocols. In proceedings of IEEE Symposium on Security and Privacy, Oakland, 14-17 May, 2000.
Susan Stepney, David Cooper, and Jim Woodcock. An Electronic Purse: Specification, Refinement, and Proof. Technical Monograph PRG-126, Oxford University Computing Laboratory. July 2000.
Susan Steney and David Cooper. Segregation with Communication. ZB2000: First International Conference of B and Z Users, York, UK, August 2000. LNCS 1878:451--470. Springer, 2000.

1999

Moffett, J. D. and E. C. Lupu. The Uses of Role Hierarchies in Access Control. 4th ACM Workshop on Role Based Access Control (RBAC), 27-29 October 1999, George Mason University, Fairfax, VA.
Eames, D. and Moffett, J. D. The Integration of Safety and Security Requirements. Safecomp'99, 27-29 Sept 1999, Toulouse, France.

1998 and beyond

Moffett, J. D. Control Principles and Role Hierarchies. 3rd ACM Workshop on Role Based Access Control (RBAC), George Mason University, Fairfax, VA, 22-23 October 1998.
J. A. Clark and J. L. Jacob. A survey of Authentication Protocol Literature. 1997
J. A. Clark and J. L. Jacob. On the Security of Recent Protocols. Information Processing Letters 56, pp.151-155, 1995.
J. A. Clark and J. L. Jacob. Attacking Authentication Protocols. High Integrity Systems Journal Vol 1 No 5, 1996.
J. D. Moffett and J. A. Clark. An Introduction to Security in Distributed Systems. High Integrity Systems Journal Vol 1 No 3, 1995.
Leigh Rowland and J. A. Clark. Automated Intrusion Detection. High Integrity Systems Journal Vol 1 No. 2 1995.
Moffett, J. D. Distributed Systems Security. In Kent, A. Williams, J.G. (Eds.), Encyclopaedia of Microcomputers, vol 15. New York: Marcel Dekker Inc. 1995.
Moffett, J. D. Specification of Management Policies and Discretionary Access Control. In M. S. Sloman (Ed.), Network and Distributed Systems Management (pp. 455-479, Chapter 17). Addison-Wesley, 1994.
Moffett, J. D., Clark, J. A. An Introduction to Security in Distributed Systems High Integrity Systems Journal 1(1):83-92, 1994.
Moffett, J. D., Sloman, M. S. Policy Conflict Analysis in Distributed System Management. Journal of Organizational Computing, 4(1):1-22, 1994.
Moffett, J. D., Sloman, M. S. Policy Hierarchies for Distributed Systems Management. IEEE Journal on Selected Areas in Communications 11(9):1404-1414, 1993
Moffett, J. D. Delegation of Authority Using Domain Based Access Rules. PhD Thesis. Dept of Computing, Imperial College, University of London. 1990

Page last updated 8 Sep 2009.