I am a Research Associate in the Department of Computing at Imperial College London, working with Sergio Maffeis. My research interests are generally computer security-related, and include quantitative information flow control, web security, and programming language security. I also teach.

Background

I obtained my PhD from the School of Computer Science at the University of Birmingham in 2014, under the supervision of Tom Chothia. I also obtained a BSc in Computer Science and an MSc in Advanced Computer Science from the same department, in 2009 and 2010 respectively.

During my time as a PhD student, I was also a Senior Teaching Associate. My PhD was funded for four years, rather than three: 25% of my time was spent teaching.

Research

My research focuses on computer security, although I'm also interested in distributed systems and security-centric aspects of usability.

I'm a member of the Research Institute in Automated Program Analysis and Verification, currently as part of the Certified Verification of Client-Side Web Programs project. I was previously a member of the Security and Privacy Group in the School of Computer Science at the University of Birmingham, and was also a member of the CryptoForma network and its successor, CryptoForma 2.

Web security & privacy

My recent research has investigated the web's security and privacy models, particularly with regard to the implementation of standardised security policies in major web browsers. With Charlie Hothersall-Thomas and Sergio Maffeis, I've developed BrowserAudit, a web application allowing casual users, web developers and browser developers alike to assess how well their browsers implement today's main browser security policies, such as the the same-origin policy, the Content Security Policy, and Cross-Origin Resource Sharing.

• Charlie Hothersall-Thomas, Sergio Maffeis and Chris Novakovic. "BrowserAudit: Automated Testing of Browser Security Features". In Proceedings of the 2015 International Symposium on Software Testing and Analysis (ISSTA 2015), Baltimore, Maryland, USA, July 2015.
• How secure is your web browser? Find out with BrowserAudit!
• BrowserAudit on GitHub (includes source code and suite of over 400 tests)
• ISSTA 2015 Evaluated Artifact
• Invited talk in formal demo session at ISSTA 2015

Information flow control

My earlier research focused on quantifying information leakage in complex, real-world software and systems, using both formal approaches to precisely compute information leakage and empirical approaches to accurately estimate information leakage. Along with Tom Chothia, Yusuke Kawamoto, David Parker and Rajiv Ranjan Singh, I've developed a number of automated information leakage analysis tools and their underlying theory.

• Tom Chothia, Chris Novakovic and Rajiv Ranjan Singh. "Calculating Quantitative Integrity and Secrecy for Imperative Programs". International Journal of Secure Software Engineering (IJSSE) 6(2), April–June 2015.
• Chris Novakovic. "Computing and Estimating Information Leakage with a Quantitative Point-to-Point Information Flow Model". PhD thesis, School of Computer Science, College of Engineering and Physical Sciences, University of Birmingham, October 2014.
• Tom Chothia, Chris Novakovic and Rajiv Ranjan Singh. "Automatically Calculating Quantitative Integrity Measures for Imperative Programs". In Proceedings of the 3rd International Workshop on Quantitative Aspects in Security Assurance (QASA 2014), Wrocław, Poland, September 2014.
• CH-IMP-IQ tool (including source code and example CH-IMP-IQ programs)
• Tom Chothia, Yusuke Kawamoto and Chris Novakovic. "LeakWatch: Estimating Information Leakage from Java Programs". In Proceedings of the 19th European Symposium on Research in Computer Security (ESORICS 2014), Wrocław, Poland, September 2014.
• LeakWatch tool (including source code and example Java programs)
• Tom Chothia, Yusuke Kawamoto and Chris Novakovic. "A Tool for Estimating Information Leakage". In Proceedings of the 25th International Conference on Computer Aided Verification (CAV 2013), St Petersburg, Russia, July 2013.
• leakiEst tool and Java library (including source code and example datasets)
• Tom Chothia, Yusuke Kawamoto, Chris Novakovic and David Parker. "Probabilistic Point-to-Point Information Leakage". In Proceedings of the IEEE 26th Computer Security Foundations Symposium (CSF 2013), New Orleans, Louisiana, USA, June 2013.
• CH-IMP tool (including source code and example CH-IMP programs)

Monitoring of peer-to-peer file-sharing networks

I've also conducted research into the monitoring of peer-to-peer networks — specifically, BitTorrent — by third parties. From 2009 to 2011, Tom Chothia, Marco Cova, Camilo González Toro and I studied the behaviour of BitTorrent peers in swarms for torrents indexed by The Pirate Bay, a famous (and copyright-infringing) file-sharing web site. We found that file-sharers are being monitored on an enormous scale by a range of organisations, including copyright enforcement agencies and market research companies. This work received a large amount of coverage in both the technical and general press.

• Tom Chothia, Marco Cova, Chris Novakovic and Camilo González Toro. "The Unbearable Lightness of Monitoring: Direct Monitoring in BitTorrent". In Proceedings of the 8th International Conference on Security and Privacy in Communication Networks (SecureComm 2012), Padua, Italy, September 2012.
• Chris Novakovic. "The Use of Monitoring in Distributed Peer-to-Peer Networks". Master's thesis, School of Computer Science, University of Birmingham, September 2010.

Academic service

I was previously a member of the Programme Committee for SEC@SAC16 and SEC@SAC17, and have been invited to review submissions to TCS-QAPL 2014, HotSpot 2015, POST 2015, PPREW-4, SSPREW-6, and S&P 2017.

Teaching

Teaching responsibilities in previous academic sessions:

• 2016/17: CO331 (Network and Web Security), Course Support Leader
• 2015/16: CO331 (Network and Web Security), Course Support Leader
• 2014/15: CO331 (Network and Web Security), Course Support Leader

Details of my former life as a Senior Teaching Associate in the School of Computer Science at the University of Birmingham can be found on my "Teaching" web page there.

Other activities

Together with Tom Chothia and Marco Cova, I founded the University of Birmingham Hacking Club in 2009. We regularly compete in ethical computer hacking competitions under the team name A Finite Number of Monkeys — I participate under the pseudonym csn.

From its inception, I was involved in the running of the Computer Science Society, the official student society of the School of Computer Science at the University of Birmingham, for several years: I was elected Third-Year Representative from 2008–09, and General Secretary from 2009–11.

Contact

Email is by far the quickest way of contacting me — my address is c.novakovic@imperial.ac.uk. If your email is confidential, you might want to encrypt it before sending it to me: my PGP public key is available on all popular key servers. If you'd like to encrypt your email using PGP but aren't sure how, the Enigmail extension for Mozilla Thunderbird offers a quick-start guide.

My office is room 558C in the Huxley Building. I'm afraid I don't have personal office hours — if you'd like to talk, please email me and we can arrange a meeting. I may also be available by telephone or Skype.

Postal address (please let me know if you post something to me, or I might be slow to respond):

Dr. Chris Novakovic
Department of Computing
Huxley Building, 180 Queen's Gate
South Kensington Campus
Imperial College London
London SW7 2AZ, United Kingdom