University of Glamorgan

Information Security Research Group

The aim of the research group is to undertake research primarily in the following areas:

• Network Security, Intrusion Detection and Wireless Security.

• Penetration Testing and Vulnerability Assessment

• Computer Forensics and Digital Evidence Visualisation

• Threat Assessment and Risk Management

The objectives of the group are:

• To investigate the nature of threats posed to information systems by various agents, and to understand the potential impact of a successful attack;

• To create cyber-based early warning systems capable of detecting and responding to network-based attacks targeted at an organization’s information infrastructure;

• To investigate issues relating to open source forensic analysis tools and techniques, and to analyse the concepts relating to data sharing and evidence visualization.

• To develop tools and techniques that will allow us to assess, mitigate and manage vulnerabilities in an open heterogeneous distributed networked environment.

• To examine the issues surrounding the development and deployment of secure wireless mobile networks computing devices.

Research Infrastructure

The Information Security Research Group has a strong and well-established theme in the areas of network security, computer forensics and threat analysis. The group focuses on the issues associated with the design and development of early warning systems that are capable of detecting and responding to a variety of cyber based attacks, and on the issues associated with the field of computer forensics. In particular we are developing technologies such as secure XML, threat assessment methods, vulnerability management, IDS data integration, data mining and data fusion, secure wireless mobile computing applications etc.

The group maintains three specialised research labs, the Network Security Research Lab (NSRL), the Computer Forensics Research Lab (CFRL) and the Computer Visualisation Research Lab.

The NSRL contains among other infrastructure an isolated network that simulates the Internet and various wireless network environments, where experiments concerning new threats are being conducted in a regular basis. Furthermore, a state of the art intrusion detection system (IDS) is used for monitoring the infrastructure of the university, gathering threat data that are being used in the various research projects of the group. A Beowulf cluster of computers is being used in order to perform password and encrypted files analysis (e.g. implementing "brute force" attacks against password files of all kinds of operating systems). The Beowulf cluster is also being used for the development of a new generation of intrusion detection system.

The CFRL is a restricted access lab used for analysing computer files in a manner that makes the information gained presentable as evidence in a court. Methods and tools are developed that, in an evidentially sound manner, extract information from the information system to address problems that are currently being encountered in the forensic process. The group offers commercial services to organisations such as the Police and other public and private bodies. A number of forensic servers are used, running various computer forensic tools for retrieving and analysing files and systems.

The group is also involved in building a third laboratory with specialised infrsatructure for visualising large volumes of data. The facilities of this lab are used to visualise network events captured by the group’s Intrusion Detection System and also organise the presentation of digital evidence .

Research-led Teaching

The information security research group has also been responsible for the inception, validation and running of the following M.Sc. programmes

1. M.Sc. Computer Systems Security
2. M.Sc. Computer Forensics
3. M.Sc. Wireless Security
4. Post Graduate Certificate (PgC) Penetration Testing and Information Security