Adaptive Security and Privacy

Adaptive Security and Privacy

Bashar Nuseibeh, ERC Advanced Grant 291652 - ASAP


The ASAP project is organised around three key areas – privacy, security and adaptation – which will be investigated along four dimensions – automation, interaction, representation and analysis. Methodologically, the research will be conducted around four activities: development of conceptual foundations, contextual enquiry, software engineering method development, and applications and demonstrators.

Motivation and Background

With the prevalence of mobile computing devices such as smart phones, and the increasing availability of pervasive services through infrastructures such as Clouds, ubiquitous computing (Ubicomp) is now a reality for many people. This reality is generating opportunities for people to interact socially in new and richer ways, and to work more effectively in a variety of new environments. More generally, Ubicomp infrastructures – controlled by software – are set to determine users’ access to critical services, such as water and power. In the context of the Europe 2020 vision, the ‘social computer’ is an increasingly important component of a modern digital society and therefore a key area of research for Europe.
With these opportunities come higher risks of misuse of technology by legitimate users or malicious agents. Therefore, the role and design of software for managing use and protecting against misuse are increasingly critical, and the engineering of software that is both functionally effective while safe guarding user assets from harm is a key challenge. Following on from this challenge, the very nature of Ubicomp means that software must adapt to the changing needs of users and their environment, and, more critically, to the different threats to users’ security and privacy.

Aims and Objectives

The ASAP research programme aims to radically re-conceptualise software engineering for Ubicomp in ways that are cognisant of the changing functional needs of users, of the changing threats to user assets, and of the changing relationships between them. We propose to deliver adaptive software capabilities for supporting users in managing their privacy requirements, and adaptive software capabilities to deliver secure software that underpin those requirements.
We will develop a conceptual framework, analytical techniques, and automated tools to support software engineers in designing adaptive software – adaptive both in its functionality and in its ability to protect assets. A key novelty of our approach is its holistic treatment of security and human behaviour. To achieve this, it draws upon contributions from requirements engineering, security & privacy engineering, and humancomputer interaction. Our aim is to contribute to software engineering that empowers and protects Ubicomp technology users, and we will therefore focus on security requirements analysis and design, and on interactive security and privacy management at runtime. Underpinning our approach will be the development of representations of security and privacy problem structures that capture user requirements, the context in which those requirements arise, and the adaptive software that aims to meet those requirements.