Eerke Boiten

Eerke Boiten
De Montfort University | DMU · School of Computer Science and Informatics

PhD

About

169
Publications
16,303
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,733
Citations
Introduction
Eerke Boiten currently works at the School of Computer Science and Informatics, De Montfort University. Eerke does research in Computer Security, Privacy and Formal Methods. One of his current projects is 'EMPHASIS: EconoMical, PsycHologicAl and Societal Impact of RanSomware'.
Additional affiliations
March 1995 - present
University of Kent
Position
  • Professor (Associate)
March 1993 - March 1995
Eindhoven University of Technology
Position
  • PostDoc Position
July 2012 - present
University of Kent
Position
  • Senior Lecturer & Director of Cyber Security Centre

Publications

Publications (169)
Preprint
This paper presents a thematic analysis of an expert focus group considering smart toilets that record health data. The themes that arise indicate risks, many of which could be mitigated but currently are not, suggesting health benefits for the moment override other concerns only in specific application contexts.
Preprint
Full-text available
Based on Article 35 of the EU (European Union) General Data Protection Regulation, a Data Protection Impact Assessment (DPIA) is necessary whenever there is a possibility of a high privacy and data protection risk to individuals caused by a new project under development. A similar process to DPIA had been previously known as Privacy Impact Assessme...
Conference Paper
The simulation of a modern railway system on the cyber range will investigate the supple behavior of cyber-attacks in a modern digital railway system. The contemporary digital railway simulation architecture will focus on the railway's signaling system and the control command system, which is a classic SCADA system. With the introduction of IoT tec...
Preprint
Full-text available
Most research into anti-phishing defence assumes that the mal-actor is attempting to harvest end-users' personally identifiable information or login credentials and, hence, focuses on detecting phishing websites. The defences for this type of attack are usually activated after the end-user clicks on a link, at which point the link is checked. This...
Article
The use of unified communication; video conferencing, audio conferencing, and instant messaging has skyrocketed during the COVID-19 pandemic. However, security and privacy considerations have often been neglected. This article provides a comprehensive survey of security and privacy in Unified Communication (UC). We systematically analyze security a...
Article
Full-text available
In recent years, data-enabled technologies have intensified the rate and scale at which organisations collect and analyse data. Data mining techniques are applied to realise the full potential of large-scale data analysis. These techniques are highly efficient in sifting through big data to extract hidden knowledge and assist evidence-based decisio...
Chapter
Data mining techniques are highly efficient in sifting through big data to extract hidden knowledge and assist evidence-based decisions. However, it poses severe threats to individuals’ privacy because it can be exploited to allow inferences to be made on sensitive data. Researchers have proposed several privacy-preserving data mining techniques to...
Chapter
Full-text available
Sharing Cyber Threat Intelligence (CTI) is advocated to get better defence against new sophisticated cyber-attacks. CTI may contain critical information about the victim infrastructure, existing vulnerabilities and business processes so sharing CTI may carry a risk. However, evaluating the risk of sharing CTI datasets is challenging due to the natu...
Conference Paper
This article presents the cyber security progress in Greece since the creation of the Greek National Cyber Security Authority as a nationwide cybersecurity coordination and policy making unit. During this period, Greece issued a Ministerial Decree that established the National Cyber Security Authority, issued the National Cybersecurity strategy, tr...
Article
Full-text available
As organisations are vulnerable to cyber attacks, their protection becomes a significant issue. 1 Capability Maturity Models can enable organisations to benchmark current maturity levels against best practices. 2 Although many maturity models have been already proposed in the literature, a need for models that integrate 3 several regulations exists...
Chapter
Much of what drove us in over twenty years of research in refinement, starting with Z in particular, was the desire to understand where refinement rules came from. The relational model of refinement provided a solid starting point which allowed the derivation of Z refinement rules. Not only did this explain and verify the existing rules—more import...
Article
Full-text available
Data protection impact assessments (DPIAs) aim to identify, rank, and mitigate privacy risks. Even though DPIAs are legally mandated in some cases and privacy professionals perform DPIAs on a daily basis, facilitating the systematic measurement of privacy risks is an open problem. Research on privacy risk measurement often does not take into accoun...
Conference Paper
The deployment of Connected Autonomous Vehicles (CAVs) in Vehicular Ad Hoc Networks (VANETs) requires secure wireless communication in order to ensure reliable connectivity and safety. However, this wireless communication is vulnerable to a variety of cyber atacks such as spoofing or jamming attacks. In this paper, we describe an Intrusion Detectio...
Chapter
Sharing Cyber Threat Intelligence (CTI) is a key strategy for improving cyber defense, but there are risks of breaching regulations and laws regarding privacy. With regulations such as the General Data Protection Regulation (GDPR) that are designed to protect citizens' data privacy, the managers of CTI datasets need clear guidance on how and when i...
Chapter
Privacy risk assessments aim to analyze and quantify the privacy risks associated with new systems. As such, they are critically important in ensuring that adequate privacy protections are built in. However, current methods to quantify privacy risk rely heavily on experienced analysts picking the “correct” risk level on e.g. a five-point scale. In...
Chapter
One central distinction in formal methods is between those based on state, and those based on behaviour. In most applications it is essential or at least practical to have both. State based systems need behavioural elements in order to consider aspects of interaction with an environment, for example to record which changes of state are due to the s...
Chapter
Chapter 9 introduced the general approach to relating process refinement and relational refinement by developing a relational framework general enough that we could embed some of the concurrent refinement relations into it. Chapter 10 built on this by looking in depth at the relationship between failures-divergences refinement and data refinement....
Chapter
This chapter defines refinement in Z, and shows how it derives from the relational model in Chap. 4. It discusses the similarities and differences with refinement in B. The approach taken in a state-based specification language is very different in emphasis from that in a process algebra. Process algebras stress the interaction between independent...
Chapter
In this chapter we consider two further state-based notations, specifically Event-B and the ASM notation. Both have similarities to Z and B, and indeed as the name suggests Event-B grew out of the B notation. Both offer more flexibility in their approach to refinement than Z and B – by adopting models closer to those in Chap. 3. One aspect of this...
Chapter
In going from the relational semantics of CSMATs in Chap. 3 to the abstract data types of Chap. 4 we made a number of radical changes. We labelled individual transitions with the name of an operation, much as we had been doing in LTS and automata in Chaps. 1 and 2, and removed transitivity from the transition relation as we were now able to observe...
Chapter
This chapter looks at these issues in process algebras. As a canonical example we look at CSP, but we also discuss CCS and LOTOS. The link to the semantics is made to Chap. 1 as well as elements of Chap. 5.
Chapter
Chapter 9 discussed the general approach to relating process refinement and relational refinement by developing a relational framework general enough that we could embed some of the refinement relations we discussed in Chap. 1. This included a brief discussion of the simulation rules that arise in the context of failures refinement (see Sect. 9.3.3...
Chapter
In Chap. 1 we introduced differing notions of refinement in the LTS setting - each one based upon a different notion of observation. In Chap. 2 we focused on simulations as a means to verify trace refinements in an Automata context, and we discussed both finite trace refinement as well as trace refinement in the presence of infinite traces. In Chap...
Chapter
An alternative semantic model is that provided by automata, and here we explore how refinement is defined in that setting, introducing the idea of forward and backward simulations. This causes us to consider the role of infinite behaviour in more depth. We discuss completeness results, that is whether the use of simulations is sufficient to verify...
Chapter
In the previous parts of the book, basic refinement relations were introduced semantically and for a variety of specification languages. This chapter starts the task of relating these different refinement relations by defining corresponding processes for ADT specifications, as well as process semantics for ADT specifications, and providing theorems...
Chapter
On purpose we start with one of the simplest models of computation, that given by labeled transition systems. After introducing the reader to this simple set up we start to explore what refinement might mean, beginning with trace refinement, then adding in various notions such as refusals, so that each refinement relation we introduce is more discr...
Book
Refinement is one of the cornerstones of a formal approach to software engineering. Refinement is all about turning an abstract description (of a soft or hardware system) into something closer to implementation. It provides that essential bridge between higher level requirements and an implementation of those requirements. This book provides a com...
Conference Paper
Full-text available
Incident information sharing is being encouraged and mandated as a way of improving overall cyber intelligence and defense, but its take up is slow. Organisations may well be justified in perceiving risks in sharing and disclosing cyber incident information, but they tend to express such worries in broad and vague terms. This paper presents a speci...
Article
Full-text available
Privacy risk assessments aim to analyze and quantify the privacy risks associated with new systems. As such, they are critically important in ensuring that adequate privacy protections for individual users are built in. However, current methods to quantify privacy risk rely heavily on experienced analysts who pick the "correct" risk level on a five...
Article
Full-text available
p>In order to frame discussions on data privacy in varied contexts, this paper introduces a categorisation of personal data along two dimensions. Each of the nine resulting categories offers a significantly different flavour of issues in data privacy. Some issues can also be perceived as a tension along a boundary between different categories. The...
Preprint
"Big data" has become a major area of research and associated funding, as well as a focus of utopian thinking. In the still growing research community, one of the favourite optimistic analogies for data processing is that of the oil refinery, extracting the essence out of the raw data. Pessimists look for their imagery to the other end of the petro...
Article
Full-text available
"Big data" has become a major area of research and associated funding, as well as a focus of utopian thinking. In the still growing research community, one of the favourite optimistic analogies for data processing is that of the oil refinery, extracting the essence out of the raw data. Pessimists look for their imagery to the other end of the petro...
Article
We are proud to present the papers from the 17th Refinement Workshop, co-located with FM 2015 held in Oslo, Norway on June 22nd, 2015. Refinement is one of the cornerstones of a formal approach to software engineering: the process of developing a more detailed design or implementation from an abstract specification through a sequence of mathematica...
Preprint
We are proud to present the papers from the 17th Refinement Workshop, co-located with FM 2015 held in Oslo, Norway on June 22nd, 2015. Refinement is one of the cornerstones of a formal approach to software engineering: the process of developing a more detailed design or implementation from an abstract specification through a sequence of mathematica...
Article
Full-text available
This paper takes an axiomatic and calculational view of diversity (or "N-version programming"), where multiple implementations of the same specification are executed in parallel to increase dependability. The central notion is "adjudication": once we have multiple, potential different, outcomes, how do we come to a single result? Adjudication opera...
Conference Paper
Physical means of securing information, such as sealed envelopes and scratch cards, can be used to achieve cryptographic objectives. Reasoning about this has so far been informal. We give a model of distinguishable sealed envelopes in Z, exploring design decisions and further analysis and development of such models.
Article
Full-text available
The Internet has now become central to the way people live their lives – transforming businesses and providing new tools for everyday communication.1 It is estimated that around 80% of households in the UK had an Internet connection in 2012.2 Internet users are spending increasing amounts of time online, undertaking a greater range of online and so...
Book
Refinement is one of the cornerstones of the formal approach to software engineering, and its use in various domains has led to research on new applications and generalisation. This book brings together this important research in one volume, with the addition of examples drawn from different application areas. It covers four main themes: • Data ref...
Chapter
This chapter starts the discussion of formal notations that combine state-based modelling as in (Object-)Z, with the modelling of behaviour. Our particular choice for a behavioural notation is CSP, thus this chapter includes a short introduction to CSP first. Then we show how component specifications can be given in Object-Z, and then combined usin...
Chapter
In this chapter we discuss a technique for structuring Z specifications known as promotion. The purpose of promotion is to provide an elegant way of composing specifications in order to build multiple indexed instances of a single component. To do so the component is described as a local state together with operations acting on that state, a global...
Chapter
As formal development steps are concerned with changes of abstraction level, it is natural to also apply such changes to the inputs and outputs of a system. Indeed, many previous textbooks on Z and refinement had included subtle manipulations of inputs and outputs in refinement steps in their examples, without considering formal justifications. Thi...
Chapter
This chapter explores the relationship between testing and refinement. In particular, it looks at how tests for a refinement can be derived from tests for the abstract system. We discuss both how to derive tests from a formal specification, and also how tests can be refined for use with an implementation. We also consider how concrete tests can be...
Chapter
Chapter 4 translates the relational refinement rules for upward and downward simulation into rules for specifications consisting of Z schemas. Particular attention is given to the role of inputs and outputs in Z. In this chapter, we formulate the theory of data refinement for Z. This is done systematically: a relational interpretation will be given...
Chapter
This chapter starts the discussion of refinement in an object oriented setting. To do so it introduces the Object-Z specification language as a canonical example, focusing on the additional features in Object-Z and the differences between Z and Object-Z that impact on the theory of refinement in subsequent chapters.
Article
The 16th BCS-FACS Refinement Workshop was co-located with iFM 2013 held in Turku, Finland on June 11th, 2013. This volume contains the 6 papers selected for presentation at the workshop following a peer review process. The papers cover a wide range of topics in the theory and application of refinement. Refinement is one of the cornerstones of a for...
Preprint
The 16th BCS-FACS Refinement Workshop was co-located with iFM 2013 held in Turku, Finland on June 11th, 2013. This volume contains the 6 papers selected for presentation at the workshop following a peer review process. The papers cover a wide range of topics in the theory and application of refinement. Refinement is one of the cornerstones of a for...
Article
Questions asked by research into ODP viewpoint consistency led to fundamental questions in refinement and contributed greatly to insights and interest in Integrated Formal Methods; research in those areas is still ongoing, while the answers provided remain largely unincorporated into model driven development.In this paper we survey some of the work...
Article
Full-text available
Data refinement in a state-based language such as Z is defined using a relational model in terms of the behaviour of abstract programs. Downward and upward simulation conditions form a sound and jointly complete methodology to verify relational data refinements, which can be checked on an event-by-event basis rather than per trace. In models of con...
Article
Full-text available
This paper reconsiders refinements which introduce actions on the concrete level which were not present at the abstract level. It considers a range of different basic refinement relations, covering the standard ones for formalisms like Event-B, Z, action systems, and CSP. It also describes a number of ways in which new operations may be introduced:...
Article
Reynolds' abstraction theorem (Reynolds, J. C. (1983) Types, abstraction and parametric polymorphism, Inf. Process.83(1), 513-523) shows how a typing judgement in System F can be translated into a relational statement (in second-order predicate ...
Article
ASM refinements are verified using generalized forward simulations which allow us to refine m abstract operations to n concrete operations with arbitrary m and n. One main difference from data refinement is that ASM refinement considers infinite runs ...
Article
Full-text available
This paper reconsiders refinements which introduce actions on the concrete level which were not present at the abstract level. It draws a distinction between concrete actions which are "perspicuous" at the abstract level, and changes of granularity of actions between different levels of abstraction. The main contribution of this paper is in explori...
Preprint
Refinement is one of the cornerstones of a formal approach to software engineering: the process of developing a more detailed design or implementation from an abstract specification through a sequence of mathematically-based steps that maintain correctness with respect to the original specification. The aim of this BCS FACS Refinement Workshop, is...
Article
Refinement is one of the cornerstones of a formal approach to software engineering: the process of developing a more detailed design or implementation from an abstract specification through a sequence of mathematically-based steps that maintain correctness with respect to the original specification. The aim of this BCS FACS Refinement Workshop, is...
Conference Paper
Full-text available
Data refinement in a state-based language such as Z is defined using a relational model in terms of the behaviour of abstract programs. Downward and upward simulation conditions form a sound and jointly complete methodology to verify relational data refinements, which can be checked on an event-by-event basis rather than per trace. In models of co...
Article
Refinement is the notion of development between formal specifications For specifications given in a relational formalism downward and upward simulations are the standard method to verify that a refinement holds their usefulness based upon their soundness and joint completeness This is known to be true for total relational specifications and has bee...
Conference Paper
Full-text available
In this paper we explore the “for large enough” quantifier, also known as “all but finitely many”, which plays a central role in asymptotic reasoning, as used for example in complexity theory and cryptography. We investigate calculational properties of this quantifier, and show their application in reasoning about limits of functions.
Article
Full-text available
Data refinement in a state-based language such as Z is defined using a relational model in terms of the behaviour of abstract programs. Downward and upward simulation conditions form a sound and jointly complete methodology to verify relational data refinements. In models of concurrency, refinement takes a number of different forms depending on the...
Conference Paper
Full-text available
An integration of state-based and behavioural formalisms can be obtained by imposing a concurrency semantics on a relational formalism. The data refinement theory for relational languages then provides a method for verifying the concurrent refinement relation. In this paper we investigate how divergence can be modelled relationally, and in particul...
Article
Full-text available
Two styles of description arise naturally in formal specification: state-based and behavioural. In state-based notations, a system is characterised by a collection of variables, and their values determine which actions may occur throughout a system history. Behavioural specifications describe the chronologies of actions—interactions between a syste...
Conference Paper
Full-text available
Three Steps from the Ideal Ideally correctness is by construction; post-hoc verification is second choice; verification of proofs is the next step down. In the application area of modern cryptographic protocol verification, the latter would be viewed as serious progress. Modern Cryptographic Protocols and Security A modern cryptographic protocol ma...
Article
Full-text available
Data refinement in a state-based language such as Z is defined using a relational model in terms of the behaviour of abstract programs. Downward and upward simulation conditions form a sound and jointly complete methodology to verify relational data refinements. On the other hand, refinement in a process algebra takes a number of different forms de...
Article
Full-text available
In this paper we explore the relation between refinement and reduction, especially as it is used in the context of cryptography. We show how refinement is a special case of reduction, and more interestingly, how reduction is an instance of a novel generalisation, “refinement with context”.
Article
Full-text available
Data refinement in a state-based language such as Z is defined using a relational model in terms of the input-output behaviour of abstract programs. Downward and upward simulations form a sound and jointly complete methodology for verifying relational data refinements.Refinement in a concurrent context, for example, as found in a process semantics,...
Conference Paper
Full-text available
We describe a method for combining formal program development with a disciplined and documented way of introducing realistic compromises, for example necessitated by resource bounds. Idealistic specifications are identified with the limits of sequences of more “realistic” specifications, and such sequences can then be refined in their entirety. Com...
Conference Paper
In this work we study the unification of heterogeneous partial specifications using category theory. We propose an alternative to institution morphisms, which we call (abstract) correspondences carrying specifications. Our methodology is illustrated using a categorical specification style inspired by the state-and-operations style of Z as well as a...
Article
Refinement in a concurrent context, as typified by a process algebra, takes a number of different forms depending on what is considered observable. Observations record, for example, which events a system is prepared to accept or refuse. Concurrent refinement relations include trace refinement, failures–divergences refinement, readiness refinement a...
Conference Paper
In this paper we survey recent work on generalising refinement in a state-based setting. Such generalisations challenge a number of assumptions embedded in the standard formalisation of Refinement in a language such as Z, and lead to simulation conditions that allow one to verify a refinement in a number of different contexts.
Article
Full-text available
We describe a framework for viewpoint specification using formal specification languages. In order to establish consistency and to further develop specifications, specifications need to be integrated ("unified"). This integration is not defined in terms of their semantics, but more abstractly in terms of, so-called, development relations, which rep...
Article
Full-text available
Refinement in a concurrent context, as typified by a process algebra, takes a number of different forms depending on what is considered observable, where observations record, for example, which events a system is prepared to accept or refuse. Examples of concurrent refinement relations include trace refinement, failures-divergences refinement and b...
Article
Full-text available
This volume contains the Proceedings of the REFINE 2002 workshop. The Workshop was held in Copenhagen, Denmark on July 20 and 21, 2002, as a satellite event to FLoC'02 as an FME-affiliated workshop.Refinement is one of the cornerstones of a formal approach to software engineering. Refinement is the process of developing a more detailed design or im...

Network

Cited By