CyReSE: Cyber Security Research Software Engineering
Lead Research Organisation:
Queen's University Belfast
Department Name: Sch of Electronics, Elec Eng & Comp Sci
Abstract
There is a clear need among CSIT researchers, and the wider cyber security research community, for RSE support to develop software for driving research and potential commercialisation of results. This proposal will support a key research project into software-based approaches for IoT attack mitigation. It will establish a novel IoT testbed, including a set of intentionally vulnerable honeypots (a honeynet) to attract the latest attacks for analysis, and consumer devices to test processor-level software-based mitigations to threats. This testbed will also be employed for multi-disciplinary collaboration with University College London into IoT-based tech-abuse. Further I will provide RSE support to three existing research groups: CSIT's thriving Software-Defined Networking (SDN)-Network Function Virtualization (NFV) research group would benefit from a dedicated RSE to drive innovation in research areas where software is replacing traditional hardware-based approaches. I will also support software-driven research frameworks for the ICS security research group, investigating attacks on Critical National Infrastructure. The Malware research group, investigating malware detection by AI models built on dynamic assembly language, will be supported with novel software frameworks to derive research data on emerging threats, including fileless, expected-process and browser-based attacks. These stand-alone facilities will be connected to the CSIT Cyber Range, a £500k training and testing facility that enables simulation of real-world deployment models, and practice in attack and defence strategies. As a dedicated RSE, I will provide a central and consistent role in managing research software artefacts arising from CSIT's research, including the source code, documentation and datasets. This will be supported through the development of web applications to manage research code and data, ensuring the reproducibility, replicability and assurance of research outcomes.
A key aim of this proposal is to establish an RSE presence within the university, promoting RSE as a career pathway to attract and retain high level engineers. This has the potential to be the nucleus of the first RSE Chapter in Northern Ireland (NI). Significant time will be committed to outreach and citizenship activities, both within the university and externally, meeting aims of the Society of Research Software Engineers, and of the Fellowship.
A key aim of this proposal is to establish an RSE presence within the university, promoting RSE as a career pathway to attract and retain high level engineers. This has the potential to be the nucleus of the first RSE Chapter in Northern Ireland (NI). Significant time will be committed to outreach and citizenship activities, both within the university and externally, meeting aims of the Society of Research Software Engineers, and of the Fellowship.
People |
ORCID iD |
| Domhnall Carlin (Principal Investigator / Fellow) |
| Description | Research software training for researchers. |
| Geographic Reach | Local/Municipal/Regional |
| Policy Influence Type | Influenced training of practitioners or researchers |
| Title | A census of research software in 171 academic institutional repositories. |
| Description | A dataset of metadata for 171 UK academic institutional repositories, including a census of research software contained. URL The OAI url id CORE Identifier openDoarId Open DOAR identifier name Name of repository Russell_member If the university is a member of the Russell Group of research intensive universities RSE_group If an RSE group is present (based on Soc of RSE data) email Redacted uri Not used uni_sld Second level domain (the part of the url between . And .ac.uk homepageUrl University website source Not used ris_software the Research Information System software used ris_software_enum Resolve ris_software into similar types (e.g. Eprints 3, EPrints3.3.16 both equal eprints) metadataFormat the protocol used for metadata createdDate Repository creation date location location of university logo University logo (resolves in error) type Only = Repository for this dataset. Can be = journal etc. stats Not used contains_software_set Whether the OAI-PMH software set is present in the repository. Num_sw_records The response of the OAI-PMH query for software (erroneous as discussed in paper) Error The category of error returned by the experiment's OAI-PMH queries (see paper) Manual_Num_sw_records The true amount of software contained in the repository as found by a manual exhaustive search of each university website Category Whether the repository (a) contains software; (b) can contain software, but doesn't yet; (c) has no separate type of research output called software or similar |
| Type Of Material | Database/Collection of data |
| Year Produced | 2023 |
| Provided To Others? | Yes |
| Impact | This dataset is the first such census undertaken. The data included has underpinned a recent journal paper, currently under review by PeerJ Computer Science. |
| URL | https://zenodo.org/record/7603444 |
| Description | Attendance at Research Software Camp: Next Steps in Coding |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | The SSI spring Research Software Camp: Next steps in coding focused on improving computational and training skills and exploring existing resources out there. |
| Year(s) Of Engagement Activity | 2022 |
| Description | Blog post for SSI |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | A blog post for the SSI entitled "Everything including the kitchen sink: securing the Internet of Things". This describes the basis for one of my research directions, namely security solutions for the Internet of things. |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://www.software.ac.uk/blog/2022-06-13-everything-including-kitchen-sink-securing-internet-thing... |
| Description | CSIT Research Seminar Series Presentation |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Postgraduate students |
| Results and Impact | This was my first presentation as an RSE Fellow as part of the CSIT Research Seminar series, giving an overview of RSE and my fellowship plans, which was attended by 30+ postgraduates, academics and business development staff. |
| Year(s) Of Engagement Activity | 2021 |
| Description | Chaired a panel session on Regional RSE groups with the SocRSE Regional SIG |
| Form Of Engagement Activity | A formal working group, expert panel or dialogue |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Professional Practitioners |
| Results and Impact | I presented on the plans to establish an RSE Chapter in NI to the Regional RSE SIG and chaired a panel session on Regional RSE groups. This provided valuable guidance in establishing the RSE NI Chapter, with the other RSE Fellow from QUB (Dr. Andrew Brown) and I forming plans on our steps to progression. |
| Year(s) Of Engagement Activity | 2021 |
| Description | Code for Thought podcast: E01 S03 "Join The Fellowship" |
| Form Of Engagement Activity | A broadcast e.g. TV/radio/film/podcast (other than news/press) |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | I recorded an hour-long podcast for the Software Sustainability Institute. In this episode, I joined 6 of the new EPSRC fellows in the UK. The EPSRC fellowship has been pivotal in putting research software engineering (RSE) firmly on the map in universities and research centres. RSE has become a recognised role not only in the UK, but also in an increasing number of countries around the globe. The key purpose was for us all to talk about our different hopes, ideas and aspirations for our fellowships. |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://codeforthought.buzzsprout.com/1326658/9859960-join-the-fellowship |
| Description | Collaborations Workshop 2022 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Attendance at Collaborations 2022 workshop |
| Year(s) Of Engagement Activity | 2022 |
| Description | Delivered Masterclass on IoT security research to LORCA startup companies |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Industry/Business |
| Results and Impact | LORCA accelerates the growth of the most innovative cyber companies to solve digital challenges faced by enterprises, the economy and society.It is backed by the Department for Digital, Culture, Media & Sport and delivered by Plexal in collaboration with Deloitte and the Centre for Secure Information Technologies. I designed and delivered a second LORCA Masterclass into my research plans, which attracted attention from several companies of the current LORCA cohort. |
| Year(s) Of Engagement Activity | 2021 |
| Description | Empowering communities with open principles |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | This three-hour session provided a taster session for people who are interested in community building and creating an open sharing research culture in their research software, covering the initial steps to create contribution pathways for new and existing community members. |
| Year(s) Of Engagement Activity | 2022 |
| Description | Expert comment for regional news article |
| Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Media (as a channel to the public) |
| Results and Impact | I provided expert comment for a news article "Dozens of Stormont mobile phones and laptops reported lost or stolen in recent years" relating to the cybersecurity implications for such devices. |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://www.belfastlive.co.uk/news/dozens-stormont-mobile-phones-laptops-20683644 |
| Description | PhD in year 3 workshop |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Postgraduate students |
| Results and Impact | Presentation to a workshop for final year PhDs on managing the final stages of the writeup, viva, corrections etc. |
| Year(s) Of Engagement Activity | 2022 |
| Description | Presentation of Fellowship plans at the Society of RSE's SeptembRSE conference |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Industry/Business |
| Results and Impact | I presented a brief overview of my Fellowship plans at the Society of RSE's SeptembRSE conference as part of the 'Meet the Fellows' session. This prompted contact from Oracle who were interested in supporting my research and in partnering with the deliverables, which was passed to our business development team. |
| Year(s) Of Engagement Activity | 2021 |
| URL | https://society-rse.org/getting-to-know-your-2021-rse-fellows-domhnall-carlin/ |
| Description | Presentation on IoT security research to the Engineering and Physical Sciences PostDoctoral Society |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Postgraduate students |
| Results and Impact | I presented an overview of IoT security issues to the Engineering Physical Sciences PostDoc Society, again outlining the urgent need for IoT security research and how my research was tackling this issue. |
| Year(s) Of Engagement Activity | 2021 |
| Description | RSE Lightning Talk |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Lightning talk on software in academic repositories at the 2022 RSECon |
| Year(s) Of Engagement Activity | 2022 |
| Description | RSE Poster presentation |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | Poster presentation at the 2022 Research Software Engineering Conference (RSECon) on Academic Software Publication Policies. |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://virtual.oxfordabstracts.com/#/event/3101/poster-gallery/grid?sort=titles¤t=92 |
| Description | The search for academic software publication policies |
| Form Of Engagement Activity | Engagement focused website, blog or social media channel |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Professional Practitioners |
| Results and Impact | A blog post for the Software Sustainability Institute (SSI) describing early thoughts on a new research direction, assessing the quantity of software stored in academic institute repositories. |
| Year(s) Of Engagement Activity | 2022 |
| URL | https://www.software.ac.uk/blog/2022-09-07-search-academic-software-publication-policies |
| Description | Workshop with B-Secur (local scale up) to scope consultancy project with CSIT |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Industry/Business |
| Results and Impact | I engaged with local SME B-Secure, who are expanding the delivery of their technology from embedded to application layer and cloud (SaaS). B-Secur sought consultation from CSIT on security aspects to consider with a view to helping to implement the necessary updates and providing guidance on security implications for the redeployment of their biometric AI IP in a cloud setting. This has led to a short scoping exercise with the ECIT Engineering team, to which I will provide guidance and consultancy. |
| Year(s) Of Engagement Activity | 2021 |