Professor Helge Janicke

Job: Professor in Computer Science, Head of School of Computer Science and Informatics, Head of the Cyber Technology Institute (CTI)

Faculty: Technology

School/department: School of Computer Science and Informatics

Research group(s): Cyber Technology Institute (CTI)

Address: De Montfort University, The Gateway, Leicester, LE1 9BH, United Kingdom

T: +44 (0)116 257 7617

E: heljanic@dmu.ac.uk

W: www.tech.dmu.ac.uk/STRL/

 

Personal profile

Dr. Janicke obtained his first degree in “practical informatics” from the University of Applied Sciences, Emden (Germany). During his doctoral studies he was funded by the Data and Information Fusion Defence Technology Centre (DIF-DTC), a research consortium of high-tech companies and universities which formed a key plank of the UK Government's future vision for defence technology development. He was awarded his PhD in 2007 from De Montfort University (DMU) and subsequently worked for the DIF-DTC consortium as a Research Fellow, funded jointly by QinetiQ and the Ministry of Defence. In 2008, Janicke worked for the University of Leicester as a Teaching Fellow leading several modules on software engineering, quality assurance and measurement theory. He provided consultancy services to SGS/Ofgem on quality assurance and testing in software used in the UK's gas supply network. Janicke worked on the NATO funded project “Trust Management in Networks of Networks” in collaboration with the University of Maryland (US) and the University of Skopje (Macedonia). In January 2009, Janicke returned to DMU to lead the Computer Security and Trust research theme in the Software Technology Research Laboratory (STRL)

Janicke is mainly involved in research supervision and post-graduate teaching in Computer Security and Computer Forensic related subject areas. He is deputy course-leader on the MSc Professional Practice in Digital Forensics and Security and responsible for informing the wider MSc curriculum with ongoing research in the area of cyber security and forensic. Janicke is a member of the Curriculum Management Group and the Research Management Group that are essential to the development of the department's strategy. He is leading modules on Research Methods, Host-based Security, Digital Evidence, and Advanced Topics in Security, Forensics and Software Engineering as well as providing training courses on the University-wide research training programme. Janicke is principal investigator on a number of funding bids and is coordinating the CSC's collaboration with E-Centre, an EU funded training network for forensic investigators. Janicke is also working as a Training Instructor for Learning Tree International.

Research group affiliations

The Software Technology Research Laboratory (STRL)

The Cyber Security Centre (CSC)

Publications and outputs 

  • Dying of a Hundred Good Symptoms: Why Good Security Can Still Fail - A Literature Review and Analysis
    Dying of a Hundred Good Symptoms: Why Good Security Can Still Fail - A Literature Review and Analysis Loft, Paul; He, Ying; Janicke, Helge; Wagner, Isabel Many organizations suffer serious information security incidents, despite having taken positive steps towards achieving good security standards. Security certifications and high levels of maturity may have been obtained, but fundamental security problems remain. The authors hypothesize that these issues are often as a result of security arrangements not being sufficiently integrated with how the whole organization actually goes about its business. Whether embarking on a new Enterprise Information System (EIS) or refreshing a security strategy, we believe that adopting an enterprise architecture (EA) approach to implementing information security – commonly referred to as an ‘Enterprise Information Security Architecture’ (EISA) - will deliver substantial benefits. However, EAs typically require specialist resources to develop and maintain them, and this takes time; which makes it difficult for architectures to keep pace with business change. These barriers must be overcome if the EISA is to be effective. Our paper has reviewed and analyzed literature concerning the root causes of information security incidents and describes a novel approach for ensuring that the most critical factors are considered when building an EISA framework. We propose 8 domains that must be managed together to ensure that an EISA is successful.
  • Security Defense Strategy for Intelligent Medical Diagnosis Systems (IMDS)
    Security Defense Strategy for Intelligent Medical Diagnosis Systems (IMDS) Luo, Cunjin; Soygazi, Hasan; Janicke, Helge; He, Ying Abstract—Aims: The Intelligence Medical Diagnosis System (IMDS) has been targeted by the cyber terrorists, who aim to destroy the Critical National Infrastructure (CNI). This paper is motivated by the most recent incidents happened worldwide and have resulted in the compromise of diagnosis results. This study was undertaken to show how the IMDS could be attacked and diagnosis results compromised and present a set of cyber defense strategies to prevent against such attacks. Methods and Results: This study used the ECGs data from the PhysioNet/Computing in Cardiology (CinC) Challenge 2017. We fed the data into our IMDS and launched a series of ethical hacking, which is specifically tailored to target IMDS. We proposed a set of cyber security strategies to prevent such compromise. We tested the effectiveness of our cyber defense strategies using an experiment. The results showed that the strategies were effective in protecting the IMDS diagnosis results from being compromised. Conclusions: This study provides novel insights into the protection of IMDS and concludes that our cyber defense strategies can protect IMDS from being compromised by Brute Force and SQL Injection attacks.
  • AIDIS: Detecting and Classifying Anomalous Behavior in UbiquitousKernel Processes
    AIDIS: Detecting and Classifying Anomalous Behavior in UbiquitousKernel Processes Luh, Robert; Janicke, Helge; Schrittweiser, Sebastian Targeted attacks on IT systems are a rising threat against the confidentiality, integrity, and availability of critical information and infrastructures. With the rising prominence of advanced persistent threats (APTs), identifying and under-standing such attacks has become increasingly important. Current signature-based systems are heavily reliant on fixed patterns that struggle with unknown or evasive applications, while behavior-based solutions usually leave most of the interpretative work to a human analyst.In this article we propose AIDIS, an Advanced Intrusion Detection and Interpretation System capable to explain anomalous behavior within a network-enabled user session by considering kernel event anomalies identified through their deviation from a set of baseline process graphs. For this purpose we adapt star-structures, a bipartite representation used to approximate the edit distance be-tween two graphs. Baseline templates are generated automatically and adapt to the nature of the respective operating system process.We prototypically implemented smart anomaly classification through a set of competency questions applied to graph template deviations and evaluated the approach using both Random Forest and linear kernel support vector machines.The determined attack classes are ultimately mapped to a dedicated APT at-tacker/defender meta model that considers actions, actors, as well as assets and mitigating controls, thereby enabling decision support and contextual interpretation of ongoing attacks The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.
  • Published incidents and their proportions of human error
    Published incidents and their proportions of human error He, Ying; Janick, Helge; Evans, M.; Yevseyeva, Iryna Purpose - The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error. Methodology - This paper analyses recent published incidents and breaches to establish the proportions of human error, and where possible subsequently utilises the HEART human reliability analysis technique, which is established within the safety field. Findings - This analysis provides an understanding of the proportions of incidents and breaches that relate to human error as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field. Originality - This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches in order to understand the proportions that relate to human error The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.
  • Smart Cities and Cyber Security: Are We There Yet? A Comparative Study on the Role of Standards, Third Party Risk Management and Security Ownership
    Smart Cities and Cyber Security: Are We There Yet? A Comparative Study on the Role of Standards, Third Party Risk Management and Security Ownership Vitunskaite, M.; He, Ying; Brandstetter, T.; Janicke, Helge Smart cities have brought a variety of benefits aiming to revolutionise people’s lives. Those include but are not limited to, increasing economic e ciency, reducing cost and decreasing environmental output. However, the smart city itself is still in its infancy. As it heavily relies on technologies, it opens up doors to cyber attackers and criminals, which can lead to significant losses. An outstanding problem concerns the social and organisational aspects of smart cities security resulting from competing interests of di event parties, high levels of interdependence, and social and political complexity. Our review shows that current standards and guidelines have not clearly defined roles and responsibilities of di erent parties. A common understanding of key security requirements is not shared between di erent parties. This research assessed the smart cities and their cyber security measures, with a particular focus on technical standards and the regulatory framework. It comprehensively reviewed 93 security standards and guidance. It then performed a comparative case study of Barcelona, Singapore and London smart cities on their governance models, security measures, technical standards and third party management. Based on the review and the case study, this research concluded on a recommended framework encompassing technical standards, governance input, regulatory framework and compliance assurance to ensure that security is observed at all layers of the smart cities. The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.
  • Developing Cyber Peacekeeping: Observation, Monitoring and Reporting
    Developing Cyber Peacekeeping: Observation, Monitoring and Reporting Robinson, Michael; Jones, Kevin; Janicke, Helge; Maglaras, Leandros Cyberphysical societies are becoming reliant upon the cyber domain for everyday life. With cyber warfare increasingly becoming part of future conflicts, new and novel solutions are needed to assist governments in securing their national infrastructure. Cyber peacekeeping is one such solution: an emerging and multi-disciplinary field of research, touching upon technical, political, governmental and societal domains of thought. In this article we build upon previous works by developing the cyber peacekeeping activity of observation, monitoring and reporting. We take a practical approach: describing a scenario in which two cyberphysical societies experience the negative effects of cyber warfare and require cyber expertise to restore services their citizens depend upon. We explore how a cyber peacekeeping operation could start up and discuss the challenges it will face. The article makes a number of proposals, including the use of a virtual collaborative environment to bring multiple benefits. We conclude by summarising our findings, and describing where further work lies. The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.
  • Blockchain Technologies for the Internet of Things: Research Issues and Challenges
    Blockchain Technologies for the Internet of Things: Research Issues and Challenges Ferrag, Mohamed Amine; Derdour, Makhlouf; Mukherjee, Mithun; Derhab, Abdelouahid; Maglaras, Leandros; Janicke, Helge This paper presents a comprehensive survey of the existing blockchain protocols for the Internet of Things (IoT) networks. We start by describing the blockchains and summarizing the existing surveys that deal with blockchain technologies. Then, we provide an overview of the application domains of blockchain technologies in IoT, e.g, Internet of Vehicles, Internet of Energy, Internet of Cloud, Edge computing, etc. Moreover, we provide a classification of threat models, which are considered by blockchain protocols in IoT networks, into five main categories, namely, identity-based attacks, manipulation-based attacks, cryptanalytic attacks, reputation-based attacks, and service-based attacks. In addition, we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods towards secure and privacy-preserving blockchain technologies with respect to the blockchain model, specific security goals, performance, limitations, computation complexity, and communication overhead. Based on the current survey, we highlight open research challenges and discuss possible future research directions in the blockchain technologies for IoT.
  • Exploring the role of work identity and work locus of control in information security awareness
    Exploring the role of work identity and work locus of control in information security awareness Janicke, Helge; Hadlington, L. J.; Yevseyeva, Iryna; Jones, Kevin; Popovac, Masa A growing body of research evidence has been focused on exploring aspects of individual differences in the context of human factors and adherence to organisational information security. The present study aimed to extend this research by exploring three individual variables related directly to the individual’s perceived control within the workplace, their commitment to current work identity, and the extent to which they are reconsidering commitment to work. A total 1003 participants aged between 18-65 (Mean = 40.29; SD = 12.28), who were in full or part-time employment took part in the study. The results demonstrated that work locus of control acted as a significant predictor for total scores on a measure of information security awareness. Those individuals who demonstrated more externality had weaker engagement in accepted information security within the workplace. The findings from the current study are discussed in the context of potential links to counterproductive work behaviours, as well as presenting possible practical routes for intervention strategies to help mitigate poor engagement in information security awareness. The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.
  • HEART-IS: A Novel Technique for Evaluating Human Error-Related Information Security Incidents
    HEART-IS: A Novel Technique for Evaluating Human Error-Related Information Security Incidents Evans, M.; He, Ying; Maglaras, Leandros; Janicke, Helge Organisations continue to suffer information security incidents and breaches as a result of human error even though humans are recognised as the weakest link with regard to information security. Despite this level of understanding organisations continue to focus their attention on technical security controls rather than the human factor and have not incorporated methods such as Human Reliability Analysis (HRA) which are used within high reliability sectors such as rail, aviation and energy. The objectives of our research are to define a human error related information security incident and create the novel HEART of Information Security (HEART-IS) technique which is an adaptation of the Human Error Assessment and Reduction Technique (HEART). We conducted a case study within a private sector organisation using HEART-IS to establish if HRA is applicable to information security. The novel HEART-IS technique comprises of a mapping component and an analysis component. In the case study, we applied HEART-IS to map HEART Error Producing Conditions (EPC) to twelve months of reported information security incidents and analysed the volumes of human error and underlying causes. We found that HEART-IS is applicable to the information security field with some minor amendments to the terminology. The mapping of information security incident causes to the HEART Error Producing Conditions (EPC) was successful but the in-built HEART human error probability calculations did not match the actual volumes of reported human error related incidents. The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.
  • Analysis of published public sector information security incidents and breaches to establish the proportions of human error
    Analysis of published public sector information security incidents and breaches to establish the proportions of human error Janicke, Helge; Yevseyeva, Iryna; He, Y.; Evans, M. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error. This paper analyses recent published incidents and breaches to establish the proportions of human error, and where possible subsequently utilises the HEART human reliability analysis technique, which is established within the safety field. This analysis provides an understanding of the proportions of incidents and breaches that relate to human error as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field.

Click here to view a full listing of Helge Janicke's publications and outputs

Research interests/expertise

Janicke's research interests are in the area of computer security, in particular access control and policy-based system management, viz. software systems where security requirements are managed using loosely coupled components that enforce high-level security requirements supporting rapid change and requirement evolution. He is interested in the formal specification and verification of software, particularly security critical components. He is also leading several research activities in the area of Digital Forensics.

All research interests are as follows:

Computer Security

Digital Forensics

Formal Methods

Policy-Based Management

Agile Software Engineering

Quality Assurance

Areas of teaching

Deputy Course-leader for the MSc Professional Practice in Digital Forensics and Security.

Forensics: Digital Evidence Handling and Analysis, Being an Expert Witness, Attack Attribution and Incidence Response, Professional Training.

Security: Host-Based Security, Access Control, Usage Control, Intro to Cryptography, Policy-Based Management, Information Flow Control. 

Software Engineering: Agile Software Development, Scrum, UML, Quality Assurance, Requirements Analysis, Configuration Management, Object-Orientated Design (Patterns), Java Programming.

Research: Research Methods, Writing Skills for Research Students.

Qualifications

Dipl Inf (FH) University of Applied Sciences

PhD in Computer Security at De Montfort University

Courses taught

Digital Evidence

Host-Based Security

Research Methods, Computer Ethics and Law

Advanced Topics in Forensics and Security

Advanced Topics in Software Engineering

Writing Skills

Membership of external committees

Organising committee for the IEEE Symposium on Policies for Distributed Systems and Networks (2008)

Chaired the Track on Computer Security at the ACM Symposium on Applied Computing (2011-2012)

Chair of the Track on Attribution, Attrition and Anti-forensics at the 11th European Conference on Information Warfare

Program Committees of POLICY (2007-2011)

INFORMATICS (2007-2012)

European Conference on Information Warfare (ECIW 2007-2012)

The International Workshop on Trust Management in Peer to Peer Systems (IWTMP2PS 2010-2011)

The 1st IEEE International Workshop on Security and Forensics in Communication Systems (2012)

The IEEE Conference on Applied Electrical Engineering and Computing Technologies (2011)

The 3rd Young Researcher Workshop on Service-Oriented Computing

Membership of professional associations and societies

ACM

IEEE

Forthcoming events

AAA conferences can be tracked at ECIW2012

SEC events can be tracked at ACM Symposium Applied Computing: http://www.dmi.unict.it/~giamp/sac/cfp2012.php 

1st International Symposium for ICS & SCADA Cyber Security 2013:
http://www.ics-csr.com/

Consultancy work

SGS/Ofgem: Advising on Quality Assurance in Software Development.

Learning Tree Instructor

Externally funded research grants information

Project Title: DIF-DTC
Funded By: QinetiQ and MoD
Role: Named researcher

Professional esteem indicators

Chair of the 12th Computer Security Track at the ACM Symposium for Applied Computing

Co-chair of SEC@SAC (201-2011)

Member of the Organizing Committee for the 10th IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY’09)

Chair of the Track on Attribution, Attrition and Anti-Forensics at ECIW (2012)

Long standing member of the Program Committees of POLICY (since 2007), INFORMATICS (since 2007), European Conference on Information Warfare (ECIW 2007-2012), International Workshop on Trust Management in Peer to Peer Systems (IWTMP2PS 2010- 2011), IEEE Workshop on Security and Forensics in Communication Systems (2012) and CyberTrust(2012)

Reviewing for EPSRC and high impact journals such as IEEE Transactions on Dependable and Secure Computing (IEEE), Journal of Network and System Management (Springer), Transactions on Network and Service Management (IEEE), Future Generation Computer Systems (Elsevier) and International Journal of Electrical Power & Energy Systems (Elsevier)

Search Who's Who

 

 
News target area image
News

DMU is a dynamic university, read about what we have been up to in our latest news section.

Events target area image
Events

At DMU there is always something to do or see, check out our events for yourself.

Mission and vision target area image
Mission and vision

Read about our mission and vision and how these create a supportive and exciting learning environment.