NII

Do you use mobile or web apps or have Internet of Things devices on your person, in your home or workplace? Have you thought about who developed the software that drives these apps and devices, what was their understanding of cyber security, how did they make design decisions that impact the cyber security of the resulting software, and what factors influenced their behaviour and design choices? Or perhaps you are one of the masses exploiting app development platforms and easy-to-program hardware devices such as Arduino and Raspberry Pi to develop applications and deploy them for personal use or distribute them to millions of people around the world? How do you make cyber security decisions when you write software? Do you consciously think about the security implications of your design choices, or are there other factors that are more critical? What will help you achieve your goals from the software that you are developing while ensuring that it is not vulnerable to attacks by malicious actors? This project aims to develop a deep foundational understanding of these issues. We recognise that developing software is no longer the preserve for the select few with deep technical skills, training, and knowledge. A wide range of people from diverse backgrounds are increasingly developing software for mobile and web apps and for programmable consumer devices. This diversity of developers is at the heart of many innovations in the digital economy. The software they produce can be, and is, deployed across systems embedded in many aspects of human activity, and is used by a global user base. However, little is currently understood about the security behaviours and decision-making processes of 'the masses' engaged in software development. We refer to these masses by the pseudonym 'Johnny' - based on a seminal work by Whitten and Tygar where they highlighted the challenges faced by Johnny, the prototypical user of encryption. In this project we aim to tackle the challenges faced by Johnny in a contemporary setting beyond encryption. We focus on the Johnnys with diverse backgrounds, know-how and cyber security expertise who can, and are, developing software used, potentially, by millions worldwide. Drawing on a research team of experts in cyber security, software engineering, and psychology, our aim in this project is to conduct empirically-grounded research to better understand the security implications of Johnny's behaviours and practices and develop effective support for secure software development by Johnny. We propose to achieve this by uncovering and characterising the security vulnerabilities that Johnny tends to introduce, by analysing how and why these vulnerabilities are introduced, and by identifying and evaluating a range of interventions to improve Johnny's security behaviours during software development. We will do this in collaboration with eminent international research partners, drawn from leading research and practitioner organisations around the world. This project will be the first to study the inter-relationship between the cognitive and social processes that shape Johnny's cyber security decisions, their impact on the security of the resultant software and the novel interventions that may steer Johnny towards more effective cyber security decisions during software development.

Do you use mobile or web apps or have Internet of Things devices on your person, in your home or workplace? Have you thought about who developed the software that drives these apps and devices, what was their understanding of cyber security, how did they make design decisions that impact the cyber security of the resulting software, and what factors influenced their behaviour and design choices? Or perhaps you are one of the masses exploiting app development platforms and easy-to-program hardware devices such as Arduino and Raspberry Pi to develop applications and deploy them for personal use or distribute them to millions of people around the world? How do you make cyber security decisions when you write software? Do you consciously think about the security implications of your design choices, or are there other factors that are more critical? What will help you achieve your goals from the software that you are developing while ensuring that it is not vulnerable to attacks by malicious actors? This project aims to develop a deep foundational understanding of these issues. We recognise that developing software is no longer the preserve for the select few with deep technical skills, training, and knowledge. A wide range of people from diverse backgrounds are increasingly developing software for mobile and web apps and for programmable consumer devices. This diversity of developers is at the heart of many innovations in the digital economy. The software they produce can be, and is, deployed across systems embedded in many aspects of human activity, and is used by a global user base. However, little is currently understood about the security behaviours and decision-making processes of 'the masses' engaged in software development. We refer to these masses by the pseudonym 'Johnny' - based on a seminal work by Whitten and Tygar where they highlighted the challenges faced by Johnny, the prototypical user of encryption. In this project we aim to tackle the challenges faced by Johnny in a contemporary setting beyond encryption. We focus on the Johnnys with diverse backgrounds, know-how and cyber security expertise who can, and are, developing software used, potentially, by millions worldwide. Drawing on a research team of experts in cyber security, software engineering, and psychology, our aim in this project is to conduct empirically-grounded research to better understand the security implications of Johnny's behaviours and practices and develop effective support for secure software development by Johnny. We propose to achieve this by uncovering and characterising the security vulnerabilities that Johnny tends to introduce, by analysing how and why these vulnerabilities are introduced, and by identifying and evaluating a range of interventions to improve Johnny's security behaviours during software development. We will do this in collaboration with eminent international research partners, drawn from leading research and practitioner organisations around the world. This project will be the first to study the inter-relationship between the cognitive and social processes that shape Johnny's cyber security decisions, their impact on the security of the resultant software and the novel interventions that may steer Johnny towards more effective cyber security decisions during software development.

Rapid decline in Arctic sea ice has been observed, and climate models predict even more dramatic changes in the near future. One of the key components that cause such rapid sea ice reduction is sea-ice floe (pieces) breakup in the margin of the ice area during spring and summer. At the edge of sea-ice area, sea-ice floes are exposed to waves and winds and break into smaller pieces. As they become smaller, they become easier to melt from the side and exposing more open water areas. More exposed open water areas then leads to warmer ocean as more sunlight absorb into the ocean, which in turn make sea ice more fragile and breakable. This process can accelerate sea ice retreat in summer and thus impact the minimum ice extent. To understand the effects of such process on summer sea ice retreat, reliable information on sea-ice floe size distribution (FSD) is necessary. Such observations can be made from satellite Synthetic Aperture Radar (SAR) that can observe sea ice through cloud and darkness. There is an increasing number of satellite SAR images being acquired in the Arctic, and often at spatial resolutions in the images as good as 1-20 m. More importantly satellite SAR images are being acquired over autonomous buoy systems and in conjunction with field campaigns. This provides the ideal framework to measure the full range of ocean, sea-ice and atmosphere parameters to investigate complex floe breakup process. However the challenge we have is a lack of proven-quality algorithms that can derive FSD from satellite SAR images fast and accurately. Thresholding algorithms previously applied to the problem are not adequate for quantitative analysis and the performance has not been precisely assessed. Recently NERC TPoC funded us to conduct research to develop cutting-edge algorithm for the retrieval of sea-ice FSD from SAR images. In this IOP proposal we expand our current project internationally in order to add values to the current NERC TPoC project as well as have impacts on wide research communities and commercial companies.

Recently, an influential American business magazine, Forbes, chose Quantum Engineering as one of its top 10 majors (degree programmes) for 2022. According to Forbes magazine (September 2012): "a need is going to arise for specialists capable of taking advantage of quantum mechanical effects in electronics and other products." We propose to renew the CDT in Controlled Quantum Dynamics (CQD) to continue its success in training students to develop quantum technologies in a collaborative manner between experiment and theory and across disciplines. With the ever growing demand for compactness, controllability and accuracy, the size of opto-electronic devices in particular, and electronic devices in general, is approaching the realm where only fully quantum mechanical theory can explain the fluctuations in (and limitations of) these devices. Pushing the frontiers of the 'very small' and 'very fast' looks set to bring about a revolution in our understanding of many fundamental processes in e.g. physics, chemistry and even biology with widespread applications. Although the fundamental basis of quantum theory remains intact, more recent theoretical and experimental developments have led researchers to use the laws of quantum mechanics in new and exciting ways - allowing the manipulation of matter on the atomic scale for hitherto undreamt of applications. This field not only holds the promise of addressing the issue of quantum fluctuations but of turning the quantum behaviour of nano- structures to our advantage. Indeed, the continued development of high-technology is crucial and we are convinced that our proposed CDT can play an important role. When a new field emerges a key challenge in meeting the current and future demands of industry is appropriate training, which is what we propose to achieve in this CDT. The UK plays a leading role in the theory and experimental development of CQD and Imperial College is a centre of excellence within this context. The team involved in the proposed CDT covers a wide range of key activities from theory to experiment. Collectively we have an outstanding track record in research, training of postgraduate students and teaching. The aim of the proposed CDT is to provide a coherent training environment bringing together PhD students from a wide variety of backgrounds and giving them an appreciation of experiment and theory of related fields under the umbrella of CQD. Students graduating from our programme will subsequently find themselves in high-demand both by industry and academia. The proposed CDT addresses the EPSRC strategic area 'Quantum Information Processing and Quantum Optics" and one of the priority areas of the CDT call, "Towards Quantum Technologies". The excellence of our doctoral training has been recognised by the award of a highly competitive EU Innovative Doctoral Programme (IDP) in Frontiers of Quantum Technology, which will start in October 2013 running for four years with the budget around 3.8 million euros. The new CDT will closely work with the IDP to maximise synergy. It is clear that other high-profile activities within the general area of CQD are being undertaken in a range of other UK universities and within Imperial College. A key aim of our DTC is inclusivity. We operate a model whereby academics from outside of Imperial College can act as co-supervisors for PhD students on collaborative projects whereby the student spends part of the PhD at the partner institution whilst remaining closely tied to Imperial College and the student cohort. Many of the CDT activities including lectures and summer schools will be open to other PhD students within the UK. Outreach and transferable skills courses will be emphasised to provide a set of outreach classes and to organise various outreach activities including the CDT in CQD Quantum Show to the general public and CDT Festivals and to participate in Imperial's Science Festivals.

In the last decade, the role of software engineering has changed rapidly and radically. Globalisation and mobility of people and services, pervasive computing, and ubiquitous connectivity through the Internet have disrupted traditional software engineering boundaries and practices. People and services are no longer bound by physical locations. Computational devices are no longer bound to the devices that host them. Communication, in its broadest sense, is no longer bounded in time or place. The Software Engineering & Design (SEAD) group at the Open University (OU) is leading software engineering research in this new reality that requires a paradigm shift in the way software is developed and used. This platform grant will grow and sustain strategic, multi-disciplinary, crosscutting research activities that underpin the advances in software engineering required to build the pervasive and ubiquitous computing systems that will be tightly woven into the fabric of a complex and changing socio-technical world. In addition to sustaining and growing the SEAD group at the OU and supporting its continued collaboration with the Social Psychology research group at the University of Exeter, the SAUSE platform will also enable the group to have lasting impact across several application domains such as healthcare, aviation, policing, and sustainability. The grant will allow the team to enhance the existing partner networks in these areas and to develop impact pathways for their research, going beyond the scope and lifetime of individual research projects.