Professor David J. Pym, MA (Cambridge), PhD (Edinburgh), ScD (Cambridge), FIMA, CMath, FBCS, CITP
Professor of Information, Logic, and Security at UCL
Faculty Fellow,
Alan Turing Institute
David's UCL CS Page
Department of Computer Science
University College London
Gower Street
London WC1E 6BT
Research Groups:
Contact:
Telephone: 020 7679 0327 Internal: 30327
Email: j.savage (at) ucl.ac.uk
New: PhD studentships available
Applications are invited for a PhD position at the Information Security Group of the UCL Department of Computer Science, funded by the Government Communications Headquarters (GCHQ). The successful candidate will also be a member of the Programming Principles, Logic, and Verification (PPLV) Group. The studentship is open only to UK nationals because of the funder's eligibility requirements. The successful candidate will be required to undertake an internship of approximately 2 - 4 weeks per year at GCHQ's headquarters in Cheltenham. To be considered for this studentship, candidates must therefore be prepared to undergo GCHQ's security clearance procedures.
The successful candidate will develop logical and mathematical models of access control policies in physical and information systems, including the architectural and behavioural issues that affect the extent to which an implemented system complies with policies. The aim of the project is to develop a framework for modelling access control policies and their implementation in system architectures and will provide tools for reasoning about the circumvention of policies in the presence of behaviours that are driven by competing priorities (the policy-implementation gap). Thus the project will address problems that of significant concern in business contexts using rigorous mathematical and/or computational tools. The project build on and integrate aspects three scientific literatures: within computer/information security, the study of access control models, such as Bell La Padula, Biba, and Chinese Walls; within logic/theoretical computer science, frameworks for modelling and reasoning about access control policies in system contexts; and, within usable security and security economics, the study of how individuals and organizations place different values on the benefits and costs of behaviours associated with security policies.
All research that is undertaken at UCL as part of the studentship will be unclassified and published in the open literature.
The start-date for the studentship will be no later than October 2017 (this cannot be delayed).
We expect a candidate to have at least a strong 2:1 degree in Mathematics or Computer Science, or to have successfully completed an MSc course in a related area. Prior knowledge of some of logic, semantics, information/computer security, mathematical modelling using tools such as Matlab, and empirical methods in data collection and analysis would be advantageous.
Applications should be submitted to University College London using the "Apply" buttons on this page (Apply). If you have any queries about submitting an application, please email Sarah Turnbull at s.turnbull@ucl.ac.uk.
Your application must reach the Department by 28 February, 2017.
Main supervisor: Professor Guy McCusker, University of Bath
Second supervisor: Professor David Pym, University College London
Security breaches often arise as a result of users' failure to comply with security policies or follow good security practice, even when the implications of such behaviour are known to them. Simple examples include the use of unencrypted USB sticks for the transport of sensitive information, or connecting to public WiFi networks despite the well-known dangers of so doing. There is evidence that this failure to comply with policy arises from the perception that the benefit of compliance is outweighed by the reduction in users' ability to complete their tasks when complying. In recent work we have proposed a qualitative analysis of the concept of 'compliance budget': the idea that users have a finite budget of time and energy available for such costly compliance activities, beyond which they begin to deviate from secure behaviour. Compliance Budget Logic is a multi-modal logic incorporating a notion of preference which we use to describe and explain users' security decisions.
This PhD project will develop the theory and applications of this Compliance Budget Logic. The basic theory of the logic will be developed, followed by its application to security decision-making. For example, we may study how the interaction of multiple security policies and multiple budgets (e.g., users' own time, laptop battery life, etc.) may be described and analysed via our logic. Some of this work will be carried out in collaboration with leading security researchers at University College London.
Anticipated start date: 2 October 2017.
References
Anderson, G., McCusker, G. and Pym, D., 2016. A Logic for the Compliance Budget. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M. and Casey, W., eds. Proceedings, GameSec 2016: Decision and Game Theory for Security. Springer Verlag. Lecture Notes in Computer Science 9996: 370-381.
My latest book, a research monograph entitled A Discipline of Mathematical Systems Modelling, co-authored with Matthew Collinson and Brian Monahan, is published by the not-for-profit publisher College Publications.
Preface
The mathematization of the sciences, of engineering, and of economics has been an outstandingly successful intellectual enterprise, enabling the modern world. As the operations of the world become more and more dependent on highly interconnected, massively complex, networked systems of computational devices, the need to develop a mathematical understanding of their properties and behaviours is increasingly pressing.
Our approach, described in this monograph, is to combine the compositionality of formal specification --- using techniques from algebra, computation theory, logic, and probability theory --- with the control of level of abstraction afforded by the classical mathematical modelling method.
The first chapter provides a complete high-level view of the approach to systems modelling that is developed in the monograph. It provides both conceptual and philosophical background and introductions to the technical development. The remaining chapters develop the mathematical and computational aspects of our approach. Each chapter develops a specific mathematical or computational component, clearly integrated into the overall development. Examples, including ones based on industrial and commercial applications, are provided throughout. An implementation of a simulation engine (Core Gnosis) for executing models is available for download from HP Labs. Associated with this monograph is a website (http://www.hpl.hp.com/research/systems_security/gnosis.html) from which Core Gnosis may be obtained. This is book is about the conceptual and mathematical foundations of a modelling approach, with indications of how it can, and has been, deployed in practice. We defer to another occasion an account of the pragmatics of the deployment.
Available from Waterstones, Amazon UK, Amazon US, Amazon DE, and Amazon FR.
Other Monographs
I am one of the designers of the Core Gnosis tool for systems and security modelling. The Core Gnosis system can be downloaded from HP Labs at http://www.hpl.hp.com/research/systems_security/gnosis.html, along with a paper
M. Collinson, B. Monahan, and D. Pym,
Semantics for Structured Systems Modelling and Simulation,
Proc. Simutools 2010, ACM Digital Library, ISBN: 978-963-9799-87-5
published at SIMUTools 2010.
Research Interests
I have worked in a range of areas of mathematical logic and theoretical computer science, including type theory and logical frameworks, proof theory, categorical logic, substructural logic, resource semantics, and process algebra. In theses areas, I have always been particularly interested in the interplay between syntax and semantics.
In recent years, I have become engaged with mathematical systems modelling, with a particular interest in applying --- in the style of classical mathematical modelling as practised in, for example, engineering, where the control of complexity by abstraction is critically important in delivering useful models --- the ideas of compositional semantics and logic to complex systems, particularly in the social sciences and systems engineering. Computer security, system security, and information security provide excellent challenges for this approach. All this began around 2004, with an extended stay with the security research group at HP Labs, initially funded by a Royal Society Industry Fellowship.
My interests in security are primarily concerned with questions of policy and the interaction between policy and system architecture, with a particular perspective provided by economics. I am also interest in logical approaches to access control policy in which the interplay between policy architecture and system architecture is considered explicitly.
I also have interests in the security of critical national infrastructure, particularly from the perspective of security economics.
My research interests can be usefully organized into three groups.
The following are currently key topics for my research:
Applications to information flow and trust, to systems modelling, to the semantics of computation, and to economics-based reasoning about systems and behaviour.
Here is a link to a page about a film about BI: Attack of the 50 Foot Spatial Dudes
Applications to utility computing (e.g., cloud) and security (information and physical, design, and policy).
I am currently interested in, and interested in supervising PhD students in, the following areas (in no particular order):
Current Funded Projects
Recent Funded Projects (see Recent Publications and Manuscripts for associated papers)
Here is HP Labs' flyer for the Trust Domains project.