University Homepage School Homepage School Contacts School Search

Young Software Engineer of the Year award won by Informatics graduate

The Young Software Engineer of the Year Award 2006 has been won by Nicholas O'Shea, a Computer Science graduate from the School of Informatics. This marks the fourth time in the last eight years that the award has been won by a University of Edinburgh student.

The Young Software Engineer of the Year award is given to the best undergraduate software project by a student studying computer science or software engineering in Scotland. The criteria for the award include the degree of innovation shown by the work; the standard of knowledge of research; quality of the engineering and presentation; and commercial or social relevance. The award consists of a cheque for £1,250, which this year was sponsored by Sopra Newell & Budge, together with the Rob Milne Memorial trophy provided by ScotlandIS. Nicholas O'Shea won the award for his project Elyjah: A security analyser for Java implementations of communications protocols supervised by Dr Stephen Gilmoree of the Laboratory for Foundations of Computer Science.

Secure implementations of communications protocols are needed to protect computer-based transactions against attack. Security analysers are applied to protocols to protect the privacy of users and to safeguard against computer-based crimes such as identity theft and credit card fraud. The need for such analysis arises because secure computer communications protocols are complex and subtle. They have proven difficult both to design and to implement with exploitable errors in protocols going undetected for years before being used to malicious ends in computer crime. The Elyjah security analyser allows developers to check their implementation work quickly and efficiently by using static analysis to consider all possible paths through a program. In this way, Elyjah safeguards against security flaws in protocols which the implementors have not themselves considered, as well as checking the ones which they have tried to address.

Static analysis combines the best features of other formal approaches to the problem. First, the method applies to all possible attacks which a standard network attacker can apply and so it is as general as theorem proving. Second, the method generates informative counter-examples showing where the problems occur and so it is as useful as model checking. Additionally, static analysis is computationally inexpensive so inexpensive hardware can be used to prove security properties of complex real-world communication protocols, and to discover previously-unknown flaws in them.

The safety and reliability of networked software applications becomes a highly significant matter as such systems play an ever-increasing role in society and public life. The security analysis needed to provide strong guarantees of resistence against attack is both too detailed and too arduous to be undertaken by hand and so tools such as the Elyjah security analyser play a crucial role in designing and evaluating the networked computing applications of today and tomorrow.