LinkedInChristopher Laing

Christopher Laing

Teaching Fellow: Research Informed Learning at Northumbria University

Location
Newcastle upon Tyne, United Kingdom
Industry
Computer & Network Security
Current
  1. Northumbria University,
  2. International Information Systems Security Certification Consortium (ISC)²,
  3. Information Assurance Advisory Council (IAAC)
Previous
  1. Communications-Electronics Security Group [CESG],
  2. Northumbria University,
  3. European Network and Information Security Agency (ENISA)
Education
  1. University of Bristol
Recommendations13 people have recommended Christopher
340connections

Join LinkedIn & access Christopher's full profile

Join LinkedIn & access Christopher's full profile. It's free!

As a LinkedIn member, you'll join 300 million other professionals who are sharing connections, ideas, and opportunities.

  • See who you know in common
  • Get introduced
  • Contact Christopher directly
340connections
Northumbria University

Northumbria University

Teaching Fellow: Research Informed Learning

– Present

View full profile

Background

Summary

Christopher is a Teaching Fellow and Digital Security Researcher at Northumbria University. He also acts as an Information Security Risk Management Consultant for the European Network & Information Security Agency, and was one of the founders of GCHQ/EPSRC CyberSecurity Research Institute. He holds a PhD in Secure Decision Making from the University of Bristol and is a Fellow of the IET, and a Senior Fellow of the Higher Education Academy. His research focuses on emergent complex behaviour in information infrastructures, with a particular interest in the security threats to, and vulnerabilities that exist within Industrial Control Systems.

Specialties: Information security risk management, securing business architectures, networks and applications, compliance and incident response.

Experience

Teaching Fellow: Research Informed Learning

Northumbria University
– Present (4 years 7 months)Newcastle upon Tyne, United Kingdom

As a Teaching Fellow I am expected to provide leadership and contribution in Learning, Teaching and Assessment across the Faculty. In particular:

[1]. Lead and contribute to learning and teaching developments within my faculty;
[2]. Participate fully in quality enhancement schemes, initiatives and interventions;
[3]. Join a community of leaders in learning and teaching across the institution;
[4]. Contribute to Working Groups and other initiatives arising from Academic Development activities;
[5]. Disseminate good and interesting practice in learning and teaching;
[6]. Mentor and encourage other staff in learning and teaching innovation;
[7]. Contribute to evaluation and research relating to innovation in learning and teaching;
[8]. Assist academic staff in securing membership of The Higher Education Academy;
[9]. Take a role in the promotion and encouragement of strong links between disciplinary research and learning and teaching practices within disciplines.

Co-Investor: GCHQ/EPSRC [RISCS]: Developing a Choice Architecture for Information Security (ChAISe)

Northumbria University
– Present (2 years 3 months)Newcastle upon Tyne, United Kingdom

Data-loss in contemporary organizations presents a major security problem. It is exacerbated by the practice of consumerization, i.e., the use of personal hardware and software within the workplace. This project will develop and evaluate an advanced set of tools and techniques, informed by an understanding of human behaviour and rigorous quantitative assessment. The tools are designed to improve organizational and individual decision-making around data loss protection via a process of ‘nudging’ behaviour towards maximal decisions. It targets all three parties that make decisions: business leaders (CISOs), IT administrators and employees (i.e., end users). The project takes the following approach: (1) define the problem area and scenarios that capture consumerization; (2) identify those psychological factors that affect people’s security behaviours and decisions; (3) with this knowledge, develop and implement the choice architecture and a set of tools for influencing or ‘nudging’ behaviour based on the architecture and (4) evaluate those tools, i.e., develop or appropriate a measure of organizational security and use it to assess the effectiveness of the intervention.

Advisor: Europe Middle East and Africa Advisory Board (EAB)

International Information Systems Security Certification Consortium (ISC)²
– Present (11 months)

(ISC)²’s global advisory boards represent a group of 10-20 senior-level information security professionals in their respective region who advise (ISC)² on industry initiatives, policies, views, standards and concerns. The goals of the advisory boards are to offer deeper insights into the needs of the information security community in each respective region; discuss matters of policy or initiatives that drive professional development; provide feedback on (ISC)² programs, activities and opportunities; and make introductions to influential organizations, bodies, institutions within government and industry with which (ISC)² should engage.

Advisor: Academic Liaison Panel

Information Assurance Advisory Council (IAAC)
– Present (5 months)

As a member of IAAC’s Academic Liaison Panel [ALP] I am engaged in the development of policy recommendations to government and corporate leaders at the highest levels. ALP’s recommendations are influential because IAAC consist of leading commercial end-users, government policy makers and distinguished academics.

Editorial Board Member

Journal of Further and Higher Education
– Present (2 years 8 months)

Journal of Further and Higher Education is an international, peer-reviewed journal which publishes articles and book reviews representing the whole field of post-16 education and training. Topic areas include management and administration, teacher education and training, curriculum, staff and institutional development, and teaching and learning strategies and processes. The journal encourages debate on contemporary pedagogic issues and professional concerns within the UK and abroad. The journal is committed to promoting excellence in these fields by providing a forum for the debate and evaluation of a wide range of pedagogic issues and professional concerns.

Reviewer: GCHQ Master Degree Certifications

Communications-Electronics Security Group [CESG]
(2 months)Newcastle upon Tyne, United Kingdom

To comment on the draft calling notice's and in particular the technical content and marking criteria.

Project Director: nu Warning, Advice & Reporting Point

Northumbria University
(4 years 6 months)Newcastle upon Tyne, United Kingdom

The nu Warning, Advice & Reporting Point (www.nuwarp.org.uk) is part of the UK government’s Centre for the Protection of National Infrastructure (www.cpni.gov.uk), initiative on securing the data and network infrastructures of Small to Medium Enterprises (SMEs). The nuWARP supports SMEs, providing guidance and solutions when system attacks results in a data compromise. The nuWARP offers advice on system vulnerabilities and compromise avoidance, and hosts workshops on the nature of on-line fraud, information system hacking, and cyber crime related issues and activities. The nuWARP is also certified by the Payment Card Industry (www.pcisecuritystandards.org) as an independent organization, validating adherence to the Payment Card Industry Data Security Standard, and acting as an Approved Scanning Vendor able to undertake vulnerability scans of cardholder data environments.

Consultant: Network and Information Security Driving Licence

European Network and Information Security Agency (ENISA)
(8 months)Newcastle upon Tyne, United Kingdom

Together with relevant stakeholder community, ENISA is hoping to develop a roadmap for the implementation of a "Network and Information Security driving licence". This roadmap will cover the needs of different levels of education, e.g. primary, secondary and tertiary education.

Commissioner: UK/EU Cyber Security Co-operation

Industry and Parliament Trust
(6 months)

To explore UK and EU cyber-security co-operation and assesses how recent EU legislation around cyber-security has affected businesses and policy-making.

Editor: Securing Critical Infrastructures

IGI Global Publishing
(1 year 11 months)

Editor ‘Securing Critical Infrastructures and Industrial Control Systems: Approaches for Threat Protection’, published by IGI Global. The book provides a full and detailed understand of the security threats to, and vulnerabilities that exist within Industrial Control Systems, and uses case-studies to provide a technical, procedural and managerial response to securing Industrial Control Systems.

Consultant: Identification of Emerging & Future Risks with ICT

European Network and Information Security Agency (ENISA)
(1 year 3 months)

Consultant for the European Network & Information Security Agency (www.enisa.europa.eu), in the identification of emerging and future risks posed by new ICTs, with a focus on issues related cyber-bullying and online grooming. Co-authored the report ‘Cyber-bullying and Online Grooming: Helping to Protect Against the Risks’, published by ENISA, October 2011.

Academic Registry; Learning & Teaching Advisor: Technology Enhanced Learning & Teaching.

Northumbria University
(3 years 6 months)Newcastle upon Tyne, United Kingdom

Within Academic Registry I worked with the Pro-Vice Chancellor (Learning and Teaching), the Learning and Teaching Support Section and the University's Schools in the implementation of the key objectives of university’s Learning & Teaching eLearning Strategy – providing advice and guidance on the future development of eLearning initiatives and emerging eLearning technologies that may be used to support this strategy. An example of my duties would include the development of educational podcasting. This work has been published as a University Red Guide, (Educational Podcasting: A Basic Guide), and has being published in He@lth Information on the Internet, and ALT-C 2007. While in Academic Registry I made a significant contribution to the diversity agenda and the impact on widening participation policies, with my work on the retention of non- traditional students and the use of targeted web-based intervention, acknowledged as being novel and innovative “this paper is of great importance”; Active Learning in Higher Education, 2005. It was cited in a Government report (NAO – Staying the Course: The Retention of Students in Higher Education, 2008), and the THES, Sept, 2008. I am no longer a part of Academic Registry, but I was asked to contribute to the development and management of the Northumbria University's Postgraduate Certificate in Higher Educational Practice (PG HEP) programme for new staff. As a PG HEP Coordinator at the institutional level I provide specific leadership and pedagogical guidance on enhancements linked to the integration of technology into learning (a key strategic objective at Northumbria University). As part of that guidance I have organized various one-day HEA workshops: ' Assessment for Learning - How Does That Work?' and 'Transforming Students Through Peer Assessment and Authenticate Practice'. My involvement was noted as a leading contribution to the successful implementation of the University’s current PG HEP.

Senior Lecturer

Northumbria University
(3 years 5 months)Newcastle upon Tyne, United Kingdom

Senior Lecturer; responsible for the development of digital forensics and digital security programmes that link undergraduate students to current digital security research – keeping the curriculum up-to-date, ensuring that programmes are effectively supported by appropriate research resources, providing opportunities for undergraduate students to experience current research, enabling staff to engage with current digital security developments, linking current research developments to teaching practice. I was also responsible for developing a regional centre of excellence in digital forensics and digital security – providing opportunities for the hosting of short courses in computer forensics and security, developing and strengthening links with regional partners and businesses, creating a critical mass of expertise and experience, capable of undertaking fundamental network forensics and network security research.

Volunteer Experience & Causes

STEM Ambassador

STEMNET – Science, Technology, Engineering and Mathematics Network
Education

STEMNET (the Science, Technology, Engineering and Mathematics Network) creates opportunities to inspire young people in STEM.

We do this by working with thousands of schools, colleges and STEM employers, to enable young people of all backgrounds and abilities to meet inspiring role models, understand real world applications of STEM subjects and experience hands-on STEM activities that motivate, inspire and bring learning and career opportunities to life.

http://www.stemnet.org.uk/ambassadors/

Opportunities Christopher is looking for:

  • Joining a nonprofit board
  • Skills-based volunteering (pro bono consulting)

Causes Christopher cares about:

  • Education
  • Science and Technology

Organizations Christopher supports:

Organizations

Information Assurance Advisory Council (IAAC)

Academic Liaison Panel
– Present

IAAC is engaged in the development of policy recommendations to government and corporate leaders at the highest levels. Our recommendations are influential because IAAC's Sponsors and Members comprise leading commercial end-users, government policy makers and distinguished academics.

(ISC)2

Europe Middle East and Africa Advisory Board (EAB)
– Present

(ISC)²’s global advisory boards represent a group of 10-20 senior-level information security professionals in their respective region who advise (ISC)² on industry initiatives, policies, views, standards and concerns. The goals of the advisory boards are to offer deeper insights into the needs of the information security community in each respective region; discuss matters of policy or initiatives that drive professional development; provide feedback on (ISC)² programs, activities and opportunities; and make introductions to influential organizations, bodies, institutions within government and industry with which (ISC)² should engage.

Higher Education Academy

Senior Fellow
– Present

The Higher Education Academy (HEA) is the national body for enhancing learning and teaching in higher education (HE). We are committed to excellent learning and teaching, supporting UK HE organisations with an emphasis on improving the student experience. We bring together universities, colleges, governments and sector agencies to improve teaching and the student experience. On behalf of the sector, we manage the UK Professional Standards Framework UKPSF and a unique professional recognition programme to support the professionalisation of teaching and individuals achieve their career goals.

(ISC)2 North East England Chapter

President
– Present

IET

Fellow
– Present

For over 140 years the IET has been inspiring, informing and influencing the global engineering community, supporting technology innovation to meet the needs of society. With the complexity and diversity of the engineering world the role of the IET is more relevant now than it ever has been.

Journal of Further & Higher Education

Member of the Editorial Board
– Present

The journal of further and higher education publishes articles and book reviews representing the whole filed of post-16 education and training. Topic areas include management and administration, teacher education and training, curriculum, staff and institutional development, and teaching and learning strategies and processes. The journal encourages debate on contemporary pedagogic issues and professional concerns within the UK and abroad.

GCHQ/EPSRC: The Research Institute in Science of Cyber Security [RISCS]

Co-Founder
– Present

The Research Institute in Science of Cyber Security is the UK’s first academic Research Institute to focus on understanding the overall security of organisations, including their constituent technology, people and processes.

ISACA

Academic Advocate
– Present

As an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves.

Projects

(ISC)2: Developing Cyber Security Talent for the UK(Link)

– Present

There is a perceived gap in the security knowledge of IT professionals. This is highlighted by the OWASP Top 10 vulnerabilities list which remains more or less the same every year. Clearly, every IT professional cannot be an IT Security architect however, more than basic level security skills are required if we are to address the prevalence of vulnerabilities in our IT systems. Addressing this issue will require collaboration between academia, professional bodies and industry participants to ensure IT professionals are supporting in attaining and maintaining an appropriate level of IT security knowledge throughout their career.

Team members:

GCHQ/EPSRC: Developing a Choice Architecture for Information Security (ChAISe)(Link)

– Present

Data-loss in contemporary organisations presents a major security problem. It is exacerbated by the practice of consumerization, i.e., the use of personal hardware and software within the workplace. This project will develop and evaluate an advanced set of tools and techniques, informed by an understanding of human behaviour and rigorous quantitative assessment. The tools are designed to improve organisational and individual decision-making around data loss protection via a process of ‘nudging’ behaviour towards maximal decisions. It targets all three parties that make decisions: business leaders (CISOs), IT administrators and employees (i.e., end users). The project takes the following approach: (1) define the problem area and scenarios that capture consumerization; (2) identify those psychological factors that affect people’s security behaviours and decisions; (3) with this knowledge, develop and implement the choice architecture and a set of tools for influencing or ‘nudging’ behaviour based on the architecture and (4) evaluate those tools, i.e., develop or appropriate a measure of organisational security and use it to assess the effectiveness of the intervention.

Team members:

ENISA: Network and Information Security Driving Licence(Link)

The EU Cyber Security Strategy “An Open, Safe and Secure Cyberspace1” suggests the development of a roadmap for a "Network and Information Security driving licence" as a voluntary certification programme to promote enhanced skills and competence of IT professionals.
ENISA has started the consultation process in order to involve the relevant stakeholders and guide the process for quality results to be released in 2014.

Team members:
  • Christopher Laing,
  • Daria Catalui,
  • Bettina Berendt,
  • Stefano De Paoli,
  • Simone Fischer-Hubner,
  • Demosthenes Ikonomou,
  • Rodica Tirtea

Industry and Parliament Trust: Cyber Security 2.0 Project(Link)

The aims of the project were achieved by creating a group of ‘Commissioners’ consisting of parliamentarians, academics and industry representatives who, over two days in Brussels, discussed issues around cyber-security regulation with officials from the Joint Research Centre (JRC), the European Network, Information and Security Agency (ENISA), the UK Representation to the European Parliament (UKREP) and various MEPs.

The subsequent report, based on the commissioners’ findings, focuses on four focal points: UK/EU Cyber Security Co-Operation, EU Cyber Security Regulation, Protecting Critical National Infrastructure and Cyber Activism, or‘Hactivism’

James Arbuthnot MP, former Chair of the Defence Select Committee stated:

“A successful cyber-attack on the UK could have truly apocalyptic consequences and…a threat to our EU partners also represents a threat to the UK. I commend this volume of fascinating essays as a contribution to debate across Europe on how best to address this threat”.

Team members:

Patents

A Method and System for Sonifying Critical Measurements in an Environment

United Kingdom 1205564.6
Filed March 29, 2012

The present invention relates to a system and method for sonifying critical measurements in an environment, such as sonifying alerts relating to critical traffic levels in a network, for example.

Inventors:

Skills

  • Vulnerability Management
  • Information Security
  • Threat & Vulnerability...
  • Penetration Testing
  • Information Security...
  • Computer Security
  • Vulnerability Scanning
  • Network Security
  • Application Security
  • Incident Investigation
  • Vulnerability Assessment
  • Web Application Security
  • Information Security...
  • Security Incident...
  • CISSP
  • Incident Response
  • Security
  • Metasploit
  • Computer Forensics
  • Cybercrime
  • Risk Assessment
  • PCI DSS
  • ISO 27001
  • See 8+  See less

Certifications

CISSP(Link)

(ISC)2, License 302456

Publications

Roadmap for Network & Information Security Education Programmes in Europe Education(Link)

DOI: 10.2824/32639 European Union Agency for Network and Information Security
October 2014

ENISA is one of the key stakeholders in Europe in the area of Network and Information Security (NIS). Given its positioning, ENISA is active in the area of education and awareness, using its knowledge to promote NIS skills and supporting the Commission in enhancing the skills and competence of professionals in this area. This document continues work from previous activities by suggesting training materials, scenarios and a way forward for implementing the EC roadmap for NIS education in Europe. In doing so, the Agency has recognised the heterogeneous landscape of Europe in this area.

Authors:
  • Christopher Laing,
  • Bettina Berendt,
  • Stefano De Paoli,
  • Simone Fischer-Hübner,
  • Daria Catalui,
  • Rodica Tirtea

Some Potential Issues with the Security of HTML5 IndexedDB(Link)

System Safety and Cyber Security 2014 (IET Conference), 14-16th October 2014, The Midland Hotel, Manchester, UK
October 2014

The new HTML5 standard provides much more access to client resources, such as user location and local data storage. Unfortunately, this greater access may create new security risks that potentially can yield new threats to user privacy and web attacks. One of these security risks lies with the
HTML5 client-side database. It appears that data stored on the client file system is unencrypted. Therefore, any stored data might be at risk of exposure. This paper explains and performs a security investigation into how the data is stored on client local file systems. The investigation was undertaken
using Firefox and Chrome web browsers, and Encase (a computer forensic tool), was used to examine the stored data. This paper describes how the data can be retrieved after an application deletes the client side database. Finally, based on our findings, we propose a solution to correct any potential
issues and security risks, and recommend ways to store data securely on local file systems.

Authors:

Consumerisation of IT: Mitigating risky user actions and improving productivity with nudging(Link)

DOI: 10.13140/2.1.4017.2805 Conference: CENTERIS 2014 - Conference on ENTERprise Information Systems, At Troia, Lisbon, Portugal
September 2014

In this work we address the main issues of IT consumerisation that are related to security risks, and propose a 'soft' mitigation strategy for user actions based on nudging, widely applied to health and social behaviour influence. In particular, we propose a complementary, less strict, more flexible Information Security policies, based on risk assessment of device vulnerabilities and threats to corporate data and devices, combined with a strategy of influencing security behaviour by nudging. We argue that nudging, by taking into account the context of the decision-making environment, and the fact that the employee may be in better position to make a more appropriate decision, may be more suitable than strict policies in situations of uncertainty of security-related decisions.

Authors:
  • Iryna Yevseyeva,
  • Charles Morisset,
  • James Turland,
  • Lynne Coventry,
  • Thomas Groß,
  • Christopher Laing,
  • Aad Van Moorsel

Sonification Aesthetics and Listening for Network Situational Awareness(Link)

DOI: 10.13140/2.1.4225.6648. Workshop paper presented at SoniHED --- Conference on Sonification of Health and Environmental Data, York, UK.
September 2014

This paper looks at the problem of using sonification to enable network administrators to maintaining situational awareness about their network environment. Network environments generate a lot of data and the need for continuous monitoring means that sonification systems must be designed in such a way as to maximise acceptance while minimising annoyance and listener fatigue. It will be argued that solutions based on the concept of the soundscape offer an ecological advantage over other sonification designs.

Authors:

A Year is a Short Time in Cyber-Space, in Cyber Security 2.0: Reflections on UK/EU Cyber-Security Co-Operation(Link)

Industry & Parliament Trust
June 2014

On Tuesday 25th June 2014 the Industry and Parliament Trust (IPT) published its first Cyber Security Commission report entitled ‘Cyber Security 2.0: Reflections on UK/EU Cyber-Security Co-Operation’. The subsequent report, based on the commissioners’ findings, focuses on four focal points: UK/EU Cyber Security Co-Operation, EU Cyber Security Regulation, Protecting Critical National Infrastructure and Cyber Activism, or‘Hactivism’

James Arbuthnot MP, former Chair of the Defence Select Committee stated:

“A successful cyber-attack on the UK could have truly apocalyptic consequences and…a threat to our EU partners also represents a threat to the UK. I commend this volume of fascinating essays as a contribution to debate across Europe on how best to address this threat”.

Network Situational Awareness: Sonification & Visualization in the Cyber Battlespace(Link)

Handbook of Research on Digital Crime, Cyberspace Security & Information Assurance; IGI Global, Jul. 2014, p. in press., [DOI: 10.4018/978-1-4666-6324-4, ISBN13: 9781466663244, ISBN10: 1466663243, EISBN13: 9781466663251]
June 2014

This chapter treats computer networks as a cyber warfighting domain in which the maintenance of situational awareness is impaired by increasing traffic volumes and the lack of immediate sensory perception. Sonification (the use of non-speech audio for communicating information) is proposed as a viable means of monitoring a network in real time and a research agenda employing the sonification of a network’s self organized criticality within a context-aware affective computing scenario is given. The chapter views a computer network as a cyber battlespace with a particular operations spectrum and dynamics. Increasing network traffic volumes are interfering with the ability to present real-time intelligence about a network and so suggestions are made for how the context of a network might be used to help construct intelligent information infrastructures. Such a system would use affective computing principles to sonify emergent properties (such as self-organized criticality) of network traffic and behaviour to provide effective real-time situational awareness.

Authors:

A Case-Based Reasoning Method for Locating Evidence During Digital Forensic Device Triage(Link)

Decision Support Systems, Elsevier, ISSN: 0167-9236; DOI: 10.1016/j.dss.2014.01.007
February 2014

The role of triage in digital forensics is disputed, with some practitioners questioning its reliability for identifying evidential data. Although successfully implemented in the field of medicine, triage has not established itself to the same degree in digital forensics. This article presents a novel approach to triage for digital forensics. Case-Based Reasoning Forensic Triager (CBR-FT) is a method for collecting and reusing past digital forensic investigation information in order to highlight likely evidential areas on a suspect operating system, thereby helping an investigator to decide where to search for evidence. The CBR-FT framework is discussed and the results of twenty test triage examinations are presented. CBR-FT has been shown to be a more effective method of triage when compared to a practitioner using a leading commercial application.

Authors:

Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection(Link)

IGI Global (DOI: 10.4018/978-1-4666-2659-1, ISBN13: 9781466626591, ISBN10: 1466626593, EISBN13: 9781466626904)
December 2012

Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection provides a full and detailed understanding of the vulnerabilities and security threats that exist within an industrial control system. This collection of research defines and analyzes the technical, procedural, and managerial responses to securing these systems.

Authors:

User-Contributory Case-Based Reasoning for Digital Forensic Investigations(Link)

Third International Conference on Emerging Security Technologies, 5-7 September 2012, Lisbon, Portugal.
September 2012

A novel concept for approaching digital investigations is presented. User-contributory case-based reasoning (UCCBR) is a method by which previous results from digital forensic (DF) examinations are stored and reused in future investigations. The advantages of a UCCBR system are discussed which include implementing UCCBR as an auditing tool, a method for optimizing evidence retrieval and anomalous file detection.

Authors:

File Forensics for RAW Camera Image Formats(Link)

6th International Conference on Software Knowledge Information Management and Applications (SKIMA 2012, Chengdu University, China, 9-11 September, 2012).
September 2012

Recent research in multimedia forensics has developed a variety of methods to detect image
tampering and to identify the origin of image files. Many of these techniques are based on characteristics in the JPEG format, as it is the most used file format for digital images. In recent years RAW image formats have gained popularity among amateur and professional photographers. This increase in their use and possible misuse makes these file formats an important subject to file forensic examinations. The aim of this paper is to explore to which extend methods previously developed for images in JPEG format can be applied to RAW image formats.

Authors:

An Investigation into Possible Attacks on HTML5 IndexedDB and their Prevention(Link)

6th Conference on Software, Knowledge, Information Management and Applications (SKIMA 2012), 9-11 September 2012, Chengdu University
September 2012

Over the past 20 years web browsers have changed considerably from being a simple text display to now supporting complex multimedia applications [1]. The client can now enjoy chatting, playing games and Internet banking. All these applications have something in common, they can be run on multiple platforms and in some cases they will run offline. With the introduction of HTML5 this evolution will increase, with browsers offering greater levels of functionality. However, with the introduction of HTML5, new persistent database security vulnerabilities could impact on this functionality. IndexedDB functionality involves storing application data on the client PC. As client data including sensitive information is now stored locally, consequently vulnerabilities within HTML5’s IndexedDB scheme could have devastating consequences. This paper will investigate potential vulnerabilities, and propose security framework for HTML5’s IndexedDB files that could be included as part of an inherited web browser security.

Authors:

An investigation into possible attacks on HTML5 indexedDB and their prevention(Link)

The 13th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting (PGNet 2012), 25-26 June 2012, Liverpool, UK.
June 2012

Over the past 20 years web browsers have changed considerably from being a simple text display to now supporting complex multimedia applications [1]. The client can now enjoy chatting, playing games and Internet banking. All these applications have something in common, they can be run on multiple platforms and in some cases they will run offline. With the introduction of HTML5 this evolution will increase, with browsers offering greater levels of functionality. However, with the introduction of HTML5, new persistent database security vulnerabilities could impact on this functionality. IndexedDB functionality involves storing application data on the client PC. As client data including sensitive information is now stored locally, consequently vulnerabilities within HTML5’s IndexedDB scheme could have devastating consequences. This paper will investigate potential vulnerabilities, and propose security framework for HTML5’s IndexedDB files that could be included as part of an inherited web browser security.

Authors:

A Case Based Reasoning Framework for Improving the Trustworthiness of Digital Forensic Investigations(Link)

2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
June 2012

A novel concept for improving the trustworthiness of results obtained from digital investigations is presented. Case Based Reasoning Forensic Auditor (CBR-FA) is a method by which results from previous digital forensic examinations are stored and reused to audit current digital forensic investigations. CBR-FA provides a method for evaluating digital forensic investigations in order to provide a practitioner with a level of reassurance that evidence that is relevant to their case has not been missed. The structure of CBR-FA is discussed as are the methodologies it incorporates as part of its auditing functionality.

Authors:

Cyber-Bullying And Online Grooming: Helping To Protect Against The Risks(Link)

ENISA Emerging and Future Risks
October 2011

Children are the most valuable part of every society, regardless of culture, religion and national origin. Given the rapidly increasing digitalisation of their lives, it seemed important to assess risks related to internet usage and, in particular, the risk of become a victim of online grooming and cyber bullying activities. Today’s kids are living in an environment that is radically different from that of their parents; virtual environments are increasingly prevalent in private and education environments. This development is detrimental to their physical activities, social skills and the behavioural model that prevailed in previous generations. ENISA has formed a Working Group consisting of international experts in various disciplines related to the area of children’s online protection. Interdisciplinary knowledge and relevant experience in the area were the criteria of their engagement. During the selection phase of the scenario to be assessed, the expert group has identified cyber bullying and online grooming as an area that requires further elaboration. With this assessment we aim to demonstrate how attacks based on misuse of data (i.e. data mining and profiling) can affect minors. Although the issue of children’s exposure to internet risks has been addressed in great depth by many organisations (also during the generation of this report), we have performed this risk assessment in order to point out emerging risks and issue non-technical recommendations for their mitigation. Thus, we believe that the findings of this assessment will help in triggering further activities at various levels of society, while contributing to the necessary awareness of the online protection of minors.

Authors:

Education

University of Bristol

Doctor of Philosophy (Ph.D.), Secure Decision Making

The psychological aspects of human decision making

Heriot-Watt University

Master of Science (M.Sc.), Subsea Engineering

The design, construction & installation of sub-sea infrastructures

University of Strathclyde

Bachelor of Science (B.Sc.), Offshore Engineering

Naval Architecture: Offshore Engineering

View Christopher's full profile to...

  • See who you know in common
  • Get introduced
  • Contact Christopher directly

Not the Christopher Laing you're looking for? View more

Insights


People Also Viewed

LinkedIn members in United Kingdom:

  1. a
  2. b
  3. c
  4. d
  5. e
  6. f
  7. g
  8. h
  9. i
  10. j
  11. k
  12. l
  13. m
  14. n
  15. o
  16. p
  17. q
  18. r
  19. s
  20. t
  21. u
  22. v
  23. w
  24. x
  25. y
  26. z
  27. more