My research to date has been in the following broad areas: formal methods; safety-critical systems; e-research; security and privacy; and security economics.
A list of my publications can be found at https://scholar.google.com/citations?user=rrydyHwAAAAJ&hl=en.
Former DPhil students include:
- Douglas Creager: A graph-based approach to the automated discovery of data transformation (2007)
- Mila Katzarova: Secure delegation in a distributed healthcare context (2009)
- Sarah Induruwa-Fernando: Achieving interoperability between workflow management systems (2009)
- Nicolas Wu: Generative templates for formal metamodel design (2010)
- Mark Slaymaker: The formalisation and transformation of access control policies (2011)
- Clint Sieunarine: Evolving access control: Formal models and analysis (2012)
- Jaco Jacobs: A formal refinement framework for the Systems Modeling Language (2015)
- Chad Heitzenrater: Software security investment modelling for decision-support (2018)
- Yang Liu: Privacy-preserving targeted advertising for mobile devices (2018)
- Emma Osborn: Small-scale cyber security (2018)
- Majed Alshammari: A principled approach for engineering privacy by design (2019)
- Daniel Woods: The economics of cyber risk transfer (2019)
- Robin Ankele: Addressing syntactic privacy for privacy-preserving data analysis and data release (2020)
- Adam Zibak: A success model for cyber threat intelligence platforms (2020)
- Dennis Malliouris: Finance and cyber security: uncovering underlying and consequential costs of security breaches and investments (2021)
- Aaron Ceross: Computational approaches to data protection regulation analysis (2023)
- Mark Quinlan: Learning informally: An exploration of cyberspace and its associated security advice (2023)
- Tom Walshe: Supporting data-driven software development life-cycles with bug bounty programmes (2023)
Former research assistants include:
- Carl Christensen
- Ghita Kouadri Mostefaoui
- Xiaoqi Ma
- Lee Momtahan
- Eugenia Politou
- David Power
- Douglas Russell
- Clint Sieunarine
- Mark Slaymaker
- Graeme Wilson
I have been an Associate Professor (formerly "University Lecturer") in Software Engineering since January 2002.
Characterising 0−Day Exploit Brokers
Matthias Dellago‚ Daniel Woods and Andrew Simpson
In Proceedings of WEIS 2022. 2022.
Non−obvious Costs of Cyber Security Breaches: Changes in Systematic Risk
Dennis Malliouris and Andrew Simpson
In WEIS 2020. 2020.
An Empirical Study of Bug Bounty Programs
Thomas Walshe and Andrew Simpson
In Proceedings of the 2nd IEEE Workshop on Intelligent Bug Fixing (IBF 2020). 2020.