Ross Horne

Senior lecturer in cyber security:

I am a senior lecturer in the department of Computer & Information Sciences at University of Strathclyde, Glasgow, United Kingdom. I am a member of the Strathclyde Cyber Security Group (StrathCyber) and I am also affiliated with the Mathematically Structured Programming (MSP) group.

Open Call for Journal Papers. I am editor of the newly created corner Logic for Security and Privacy within the Journal of Logic and Computation, Oxford University Press. The corner welcomes submisions presenting diverse logical approaches to security and privacy problems. For other research that is formally stated and proven, I can handle papers submited to the diamond open access journal Scientific Annals of Computer Science.

Office telephone: +44 141 548 3397

Address: Livingstone Tower, floor 14, office 1402a. 26 Richmond St, Glasgow G1 1XH


I summarise key results and research directions.

Equivalence checking and privacy. My colleagues and I have solved several problems in protocol verification which use logic to give us a better understanding of congruences for process calculi and better awareness of concurrency [CONCUR'17, LICS'18, LMCS'21, ICTAC'21, TCS'23, CONCUR'22, EXPRESS/SOS'22]. These breakthroughs enable us to refine methoods for verifying privacy properties using cryptographic calculi. The methodology was used to discover a privacy vulnerability for ePassports [ESORICS'19, LMCS'21]. We have also used equivalence checking to develop threat models for contactless payment cards (the cards in your wallet), and have devised new protocols that better protect our privacy [CSF'22, CCS'23], as addressed in the PhD thesis of Semen Yurkov.

Linked Data. My PhD thesis at University of Southampton was on high-level languages for consuming data published on the Web. Such language abstractions [Sci.Comp.Prog.'14, JLAMP'15, JLAMP'16] allow programs to engage in sessions, where information discovered in queries can be used to form new queries, thereby navigating an interlinked Web of Data. Providing high-level language abstractions makes such programming tasks easier. This led me to the notion of a descriptive type system, which assists the data consumer during such interactions by generating suggestions for how inconsistencies in data may be resolved.

On session types and proof theory. I have proposed a proof theoretic approach to multi-party session types [PSI'15, SACS'15, CONCUR'20, TCS'20]. Advantage over related proof-theoretic approaches to session types stem from the fact that multiplicatives are interpreted in a more direct manner. Specifically, a non-commutative multiplicative operator is used to model sequentiality, while commutative operators are used to model commutative concepts (parallel composition), and hence logical equivalence preserves behavioural properties. I explain this work in a video presented at CONCUR'20.

Attack trees. Attack trees, employed for security assessment, are also amenable to proof theoretic techniques [Fund.Inf.'16, GramSec'18, GramSec'20]. This is natural, since there are explanations of the logical systems in terms of game semantics and argumentation, which account for tensions between an attacker and defender competing on an attack surface.

Logic on Graphs. This is just too cool! We prove you can generalise the foundations of logic, so that the arguments we reason about in logic are graphs rather than formulae [LICS'20, LMCS'22, FSCD'22].

News on Selected Publications

ePassport Vulnerabilities

September 2019: Our papers presented at ESORICS 2019 and communicated in LMCS report on a privacy vulnerability in the ICAO 9303 standard used by ePassports. The vulnerability allows an individual who has recently passed through a passport control point to be reidentified, even without opening their passport.

Here are the slides presented at ESORICS 2019. Also we have a repository providing practical evidence for the vulnerability and the following video (featuring Ihor Filimonov, Zach Smith, Sevdenur Baloglu, and Husam Al-Jawaheri) suggesting how the vulnerability may be exploited.

Note, for this proof of concept, this demonstration uses phones but an attacker may use more discrete and powerful devices.

Responsible disclosure: The vulnerability has been reported to ICAO, along with our recommendation for how ePassport readers may mitigate the vulnerability. ICAO issued a public response both confirming the vulnerability and reassuring the public that the scope of the vulnerability is limited. Their response was reported in Delano magazine and Paperjam.

The press release on this privacy vulnerability was also reported in news outlets including the Luxembourg Times , the Luxemburger Wort , and the magazine of FNR: The resulting public interest caused a motion to be submitted to the Luxembourg parliament, leading to a joint response from the prime minister Xavier Bettel and foreign affairs minister Jean Asselborn. The vulnerability was also reported on the 100komma7 radio station and RTL TV stations. The video from RTL (in Luxembourgish) is reproduced below.

Open Bisimilarity is Intuitionistic

September 2017: A paper on modal logics for processes was awarded best paper at CONCUR 2017. The paper concerns a process equivalence called open bisimilarity which is easily automated and has desirable algebraic properties. Open bisimilarity treats input values in a call-by-need fashion. For example, if you receive a notification that an e-mail has arrived, there is no need to immediately check the email; you can continue working and later read the email when you need a detail contained within. The surprising insight of our paper is that there is a fundamentally intuitionistic logical characterisation of open bisimilarity (due to the call-by-need treatment of inputs inducing ``intuitionistic hereditary'').

March 2018: Follow up papers, presented at LICS 2018, explains why the else branch in a statement such as "if M = N then P else Q" should be treated intuitionistically when reasoning about processes compositionally. In particular, we introduce the coarsest bisimilarity congruence for processes with if-then-else branching. The logical characterisation of this congruence is intuitionistic, but private information is treated classically. We highlight that this congruence and logic have impact in the area of verifying privacy protocols, where "else" branches avoid inadvertent leaks by providing dummy data.

May 2023: A paper published in Theoretical Computer Science journal explains how the technique (quasi-open bisimilarity) lifts to the full applied π-calculus. Lifting to the applied π-calculus, makes it possible to apply our methodology in order to verify privacy properties of real-world cryptographic protocols. A preliminary version appeared in ICTAC 2021.

A video of the presentation at ICTAC'21 by Semen Yurkov is available here:

Session Types

June 2021: There are many fairness assumptions to chose from when verifying liveness properties. In this paper, communicated at LICS'21, we systematically investigate how fairness assumptions impact a liveness property targeted by session type systems, called lock-freedom. We identify one particular notion of fairness, called justness, that gives rise to "just lock-freedom" which is the tightest match for session types.

The slides are available here.

I have a series of papers on multiparty session types employing analytic proof calculi developed using methods from structural proof theory:

These papers present a purely logical approach to a rich multiparty subtype system that also captures multiparty compatibility. The videos lectures presented at CONCUR 2020 explain the connections with proof theory and provide a compelling real-world example.

There are also older slides from 2015: Designing, Verifying and Monitoring Protocols inspired by Scribble.

Analytic Proof Calculi on Graphs

July 2020. In logic we are accustomed to reasoning about formulae. Even graphical syntaxes (e.g., co-graphs, knowledge graphs and argumentation frames), are typically graphical representations of formulas. In this work we prove that it is possible to design a logical systems where we reason about more general graphs with an expressive power beyond that which can be expressed using formulas. This initial study focussing on a minimal setting in which we generalise conjunction and disjunction. This method will enable us to build additional expressive power into various logics, while retaining computational properties of proofs (analyticity).

Here are two videos presented at LICS 2020.

Video above: an informal chat on logic beyond formulas.

Video above: a long (uncool) presentation, explaining details to experts.

Causal Attack Trees and Attack-Defence Frameworks

November 2020 We have a position paper on argumentation-based semantics for attack-defence trees. Argumentation, arrising from the systematisation of conflict in legal arguments, and attack-defence tree, inspired by fault trees, are both based on around 50 years of research. They have obvious parallels, since both deal symoblically with conflict, cooperation and competition, that we draw attention to here. The semantics we propose combines several models of argumentation in a new way, permitting more flexible generalisations of attack-defence trees. An argumentation-based semantics can be used to turn attack trees into decision making mecahnisms, which means that it plays quite a different role from the semantics of attack trees that preserve attribute domains.

March 2017: A paper on causal attack trees has been published in Fundamenta Informaticae. Causal attack trees profile the sub-goals of the proponent of an attack, by refining goals disjunctively, conjunctively and sequentially. We provide the machinery for determining whether one attack specialises another attack. Specialisation preserves correlations between answers to quantitative questions concerning attacks such as the "minimum attack time".

Slides: Specialisation of Attack Trees with Sequential Refinement

A supporting technical report includes proofs omitted from the journal version.

The game semantics behind such attack trees is explored in a paper presented at GraMSec'18. We emphasise the difference between when an attacker making a choice and when the environment or defender makes a choice in an attack scenario.

Space Law and AI

CubeSat Lab experimental setup

July 2023: I was involved in setting up an Interdisciplinary Master Program in Space Resources. By taking an interdisciplinary perspective to space, I ended up interacting with various interesting people including space lawyers, leading to the following paper.

The above paper led to an ongoing project with ESA on onboard AI for improving the reliability of satellites. The results are published in the Journal of Aerospace Information Systems.

We also have the following papers on removing clouds from satellite images. This was the leading case study in a master course introducing space professionals to computer science and data science. This is published in the International Journal of Remote Sensing.

Processes as Formulae

September 2019: A series of papers on logical systems for process calculi has been published in the proceedings of CONCUR 2016, FSCD 2019 and in the journals TOCL and MSCS. These papers introduce new logical systems, directly embedding various process calculi, not limited to Robin Milner's famous π-calculus. To model private names in the π-calculus, the trick is to decompose established self-dual nominal quantifiers into a De Morgan dual pair of nominal quantifiers. We use Cyrillic vowels И and Э, pronounced `new' and `wen' respectively, for our pair of nominal quantifiers.

Slides CONCUR'16: Private Names in Non-Commutative Logic

Slides FSCD'19: The Sub-Additives: A Proof Theory for Probabilistic Choice extending Linear Logic.

The paper published in Mathematical Structures in Computer Science develops proof normalisation techniques allowing us to extract executions of processes from proofs. We prove that linear implication is strictly finer than established weak simulation preorders (and hence probabilistic may testing). The technique lifts to a range of process calculi, not only the π-calculus.

The paper published in FSCD'19 shows that the techniques extend to probabilistic choice and probabilistic simulation. To achieve this we introduce the (probabilistic) sub-additives --- logical operators which lie between conjunction and disjunction that forbid weakening.

Web of Linked Data

June 2023: I hosted a COST workshop discussing privacy issues in distributed social knowledge graphs. This is part of an EU COST Action on Distributed Knowledge Graphs, for which I represent Luxembourg. This led to a paper where we evaluate the Solid protocol with respect security and privacy properties. The Solid protocol aims to decouple apps from storage, called Solid pods, allowing data subjects to provide their own storage for apps and thereby take sovereignty of their own data. Since personal data is involved the legal context is important, and hence we found our privacy analysis in the relevant legal obligations.

February 2016: The second of two journal papers on RDF Schema from the perspective of type systems is published in Journal of Logical and Algebraic Methods in Programming. These two papers represent a mature line of work that is ready to be implemented by a graduate student interested in making data on the Web easier to consume.

The first of the two papers above provides a gentle introduction to consuming data on the Web called Linked Data and introduces a simple scripting language, with a conventional "prescriptive" type system, that makes the consumer's life easier.

The second of the two papers addresses more challenging aspects of RDF Schema types. The paper introduces a novel "descriptive" type system that evolves to describe data discovered at run-time by the Linked Data consumer. The descriptive type system can adapt to several modes of inference ranging from W3C standard compliant RDF Schema inference to something more accommodating. When the descriptive type system is unsure about the appropriate mode of inference, a warning with a menu of options is generated for the consumer reflecting the subjective nature of knowledge published on the Web.

First part on prescriptive types.

Second part on descriptive types.

The slides are available.

Developing Research in Computer Science

From 2015 to 2023, I was a member of the "Security and Trust of Software Systems" group at University of Luxembourg and a senior research fellow in the Cyber Security Lab at Nanyang Technological University Singapore.

From 2012 to 2016, I was associate professor at Kazakh-British Technical University and a research associate at Romanian Academy.

I defended my PhD in computer science, with a thesis titled Programming Languages and Principles for Read-Write Linked Data, in 2011 under the supervision of Prof Vladimiro Sassone at University of Southampton, UK. My BA in Mathematics and Computer Science, with first class honours and a thesis titled Computable Cyclic Functions, was awarded by Oxford University, UK, in 2005.

I have had the honour and pleasure to collaborate with Matteo Acclavio, Ki Yung Ahn, Bogdan Aman, Hamed Arshad, Clément Aubert, Bart Buelens, Ilaria Castellani, Gabriel Ciobanu, Marco Crepaldi, Mariangiola Dezani-Ciancaglini, Christian Esposito, Ihor Filimonov, Dov M. Gabbay, Elfi Goesaert, Paola Giannini, Nicholas Gibbins, Reynaldo Gil-Pons, Rob van Glabbeek, Olaf Hartig, Cengis Hasan, Peter Höfner, Christian Johansen, Shang-wei Lin, Sjouke Mauw, Andrzej Mizera, Livio Robaldo, Vladimiro Sassone, Zach Smith, Lutz Straßburger, Chang Sun, Alwen Tiu, Jan Thoemel, Leon van der Torre, Rolando Trujillo, Timur Umarov, Olaf Uwe, Cristian Văideanu, Tim Willemse, and Semen Yurkov. I look forward to future collaborations.

Selected Publications