Analysing Security and Reliability Effects of Mutations in Communication Protocols

Applications are invited for a 3 year PhD to commence in October or February.

The PhD will be based in the Faculty of Technology, and will be supervised by Dr Benjamin Aziz and Dr David Williams.

Mutation testing and analysis is concerned with the introduction of single faults (or errors) into a system design, specification, implementation or interface and then testing or analysing the effects caused by those faults or errors on the system's properties and behaviour. Such faulty entities are called mutants. In communication protocols, mutants can be used to identify whether a protocol’s implementation may deviate from the standard defining that protocols. Despite the fact that mutation testing and analysis has a wide scope of research in areas related to systems testing and analysis, its application using formal specification and verification methods has remained somehow limited over the years.

This project will aim at defining how mutations could be used as a technique in formally understanding whether faulty implementations of protocols in critical systems can pass as correct implementations in relation to the standards defining those systems. For example, it is well-known that implementing a standard encryption function by an XOR-based function weakens the resulting implementation. Similarly, a protocol’s quality of service level sometimes may be as weak as to allow for lossy communications, however, such definition may result in implementations that deny a service altogether while still adhering to the protocol’s standard specification. The theoretical framework will consider as a use case IoT protocols, such as MQTT and CoAP, and their implementation within industrial IoT systems, such as the Hermes electronic board system.

The outcome of this 3-year project will be a model and theory that define mutations in communication (particularly IoT) protocols, and construct analysis algorithms that capture the effects of those mutations in relation to safety and security properties. The project will use the case of industrial IoT systems as a validation case, where an industrial system will be modelled and analysed as a demonstration.

Fees and funding

Visit the research subject area page for fees and funding information for this project.

Funding availability: Self-funded PhD students only. 

PhD full-time and part-time courses are eligible for the UK Government Doctoral Loan (UK and EU students only).

Bench fees

Some PhD projects may include additional fees – known as bench fees – for equipment and other consumables, and these will be added to your standard tuition fee. Speak to the supervisory team during your interview about any additional fees you may have to pay. Please note, bench fees are not eligible for discounts and are non-refundable.