The overall objective is to build a mobile system security and mobile cloud security technology pipeline for smart nation applications.
Specifically, the programme would like to direct its core research and competitive grant calls to address mobile and cloud security issues in the context of real-time monitoring/decision systems in the smart nation.
The research scope of the programme is summarised in the diagram below.
- Mobile platform security. Today's mobile platforms are some of the most complex and capable computing devices ever created. They share many of the same security threats as traditional desktop computers and are exposed to more threats brought about by their mobility complexity, and additional sensors. Attacks directed at mobile platforms are much more damaging than attacks at the application level and hence, it is paramount to secure mobile platforms so that they can be effective in protecting both user privacy and ensuring execution of critical functions.
- Automatic and continuous user authentication. Real time monitoring/decision systems such as the elderly monitoring system present many demanding problems for users in authenticating themselves to various devices and systems. Traditional authentication methods like passwords are not suitable for elderly and may disrupt workflow and interfere with the primary mission of elderly care. New authentication techniques must blend into the real time monitoring space seamlessly.
- Mobile app security. Mobile apps allow users to access various sensors built into their mobile devices, access files stored locally, and communicate with other users, systems and cloud services. As a result, vulnerable or maliciously infected mobile apps can be very costly to both individuals and organizations.
- Mobile cloud security. Data records in real time monitoring system may contain sensitive information, hence measures must be in place to protect data security and privacy when they are outsourced to the cloud. In particular, access control and privacy-preserving computation over the outsourced records are essential to prohibit leakage of private information to unauthorized parties, including the cloud operators. Data provide a basis for decision making. Access to and computation on such data should be accountable, which means measures must be in place to monitor buggy of inappropriate behaviour of the virtual machines or applications in the cloud.