Here are some of our current research projects, groups and research networks working on topics related to security and privacy. We are also collecting PhD topic ideas.

Title Description

ABCD: A Basis for Concurrency and Distribution

An EPSRC Programme Grant studying the use of *session types* to provide language-based support for implementing communication protocols. This will help future programmers build systems which are automatically free from protocol implementation errors.


Modern computing systems act as black boxes in that they accept inputs and generate outputs but provide little to no visibility of their internal workings. The Transparent Computing (TC) program, of which ADAPT is a part, aims to make currently opaque computing systems transparent by providing high-fidelity visibility into component interactions during system operation across all layers of software abstraction, while imposing minimal performance overhead.

App Guarden: Resilient Application Stores A project studying ways to improve security for mobile applications and app stores. The project aims to combine fine-grained policies discovered through machine learning and enforced using machine-checkable digital evidence. Research is carried out using Android devices as an experimental vehicle
CyptoForma: The Next Generation of Abstractions An EPSRC Network of Excellence in computer science and mathematics to support the development of formal notations, methods and techniques for modelling and analysing modern cryptographic protocols.
ForgetIT An FP7 project studying management of digital content. While digital content is well management in memory institutions such as national libraries and archives, it is still in its infancy in most other organizations, and even more so for personal content. ForgetIT combines three new concepts to ease the adoption of preservation in the personal and organizational context.
Hub-of-all-Things An EPSRC collaborative project understanding context and lived lives; new economic and business models; the future of connected things in the home; personalised products and services; data ownership and empowerment of the individual in a fully connected digital world.
Mobility and Security Group The Mobility and Security group have had a range of projects and collaborations in the area of programming language security for systems which depend on the mobility of code, data, or both. Common themes include ensuring the secure use of resources such as time, memory space, or network access; and the verification of security with machine-checked proof.
NIMBUS: Network in Internet and Mobile Malicious Software An EPSRC Network of researchers working on both blue skies research and near term applied research into the detection, understanding and mitigation of malware.


Communicating in a network such as the Internet has the seemingly inherent characteristic that anyone observing the network will get to know the metadata for each connection which then can be exploited by malicious actors. PANORAMIX will develop a European infrastructure for secure communications based on mix-nets which are cryptographic overlays for network communication with the capability to eliminate meta-data information.

Password Security Analysis A collaboration with Glasgow Caldeonian University into the security of non-standard forms of password authentication.
Provenance in Databases, Security and Workflows This group at Edinburgh investigates pervasive support for provenance: providing metadata to describe the origin, derivation or history of data. This is a complementary notion to forensics, and has importance as a security requirement to provide integrity and auditability, as well as, when provenance is intentionally tracked, posing confidentiality or privacy concerns that we wish to understand.
QUISCO (Quantum Information Scotland) An organisation dedicated to promoting interdisciplinary research between Experimentalists, Theorists, Mathematicians, Computer Scientists, Engineers, and other related researchers in the area of Quantum Information.
REMS: Rigorous Engineering for Mainstream Systems This is an EPSRC Programme Grant combining teams from Cambridge, Edinburgh and Imperial, looking at new ways to build reliable systems. Traditional computer engineering produces a continual stream of errors and security flaws impacting industry and consumers everywhere. REMS aims at a true engineering mathematics for the construction of more robust and secure computer systems: mathematically rigorous models, verification techniques, and engineering tools applied to the construction of full-scale mainstream computer systems, including key infrastructure in widespread use today (multiprocessors, programming languages, and operating systems).
Robustness as Evolvability A project that is designing a new form of secure network infrastructure which detects targeted attacks on itself and then automatically restructures the infrastructure, using Software Defined Networking.
Smart Societies An EU project investigating the smart society as a socio-technical ecosystem in which the physical and virtual dimensions of life are more and more intertwined and where people interaction, more often than not, takes place with or is mediated by machines. This mediation raises immediate concerns for societal security, by its reliance on machines, and privacy, by the storage and transmission of personal data.
Social Informatics Cluster A forum where people from Informatics, Business Studies, Science Technology and Innovation Studies, and Medicine collaborate to further the interdisciplinary study of the social aspects of computing.

TypeScript, The Next Generation

There is increasing interest in integrating dynamically and statically typed programming languages, as witnessed in industry by the development of the languages TypeScript and Dart, and in academia by the development of the theories of gradual types, hybrid types, and the blame calculus. The purpose of our project is to bring the academic and industrial developments together, applying theory to improve practice.

UnBias: Emancipating Users Against Algorithmic Biases for a Trusted Digital Economy

Contrary to public opinion, young people care about their personal data and want a digital world more transparent, a digital world they can trust. This project aims to closely work with young people to further understand how aware ‘digital natives’ are about algorithm bias, their attitudes and main concerns and recommendations when interacting with algorithmic curated systems.

Usable and Knowledge Based Authentication Research into the usability of everyday authentication, including challenge questions, as well as passwords and biometrics such as mobile device sensors.