HISC 2025's Future Zone featured innovative research about CHERI, post-quantum cryptography, automated fuzz testing and more.

Learn more about this year's winning poster from Serdar Akar, Bournemouth University: Towards Productive Cyber Resilience and Safety Analysis in Model-Based Systems Engineering (MBSE)

----

All our Future Zone posters submitted for public sharing are available below

Automating fuzz-testing for C projects: Daniel Wait, AdaCore, Imperial College London

In this project we automated fuzz-testing for C projects to make the technique more accessible to developers and lower the barrier to use. Fuzz-testing is an automated software testing technique that aims to expose unexpected or unwanted behaviour in a target system. Whilst effective, the method traditionally requires significant time and expertise to set up: precisely the barriers our project aimed to remove.

HD-Sec: Holistic Design of Secure Systems on Capability Hardware: Asieh Salehi Fathabadi, University of Southampton

In this poster, we present our latest work from the HD-Sec project on designing safe, application-specific exception-recovery mechanisms for software running on CHERI capability hardware, including both the Morello prototype and the emerging Sonata CHERIoT-based platform.

CHERI hardware can detect unsafe or suspicious memory behaviours at runtime, but applications still need carefully designed recovery strategies to ensure the system remains safe, available, and secure. Our poster summarizes the approach described in our paper, Developing Safe Exception Recovery Mechanisms for CHERI Capability Hardware Using UML-B, and demonstrates how:

• UML-B state machines help model normal behaviours, transactions, and exceptions
• Event-B formal verification ensures that recovery paths always restore a safe, consistent state
• Rollback-based transactional modelling supports principled error handling
• These designs map cleanly to CHERI exception signals such as SIGPROT and SIGALRM

The poster also highlights our latest implementation results, including a running demonstrator on the Sonata board, where CHERI compartments, library isolation, and hardware exception handling are integrated into a formally modelled Smart Ballot Box system.

Read the full paper

Learn more about the HD-Sec project

Hybrid AI for Building Explainable, Robust and Transparent Systems: Nico Potyka, University of Cardiff

The poster presents some of our recent research on advancing explainability and reliability in machine learning and generative AI. As high-integrity software increasingly incorporates complex black-box models like decision tree ensembles and neural networks, ensuring transparency and robustness becomes critical, especially in safety-sensitive domains such as healthcare, finance, and aviation.

The poster shows some adversarial attacks on neural networks that are enabled by the fact that the models did not learn meaningful concepts (first row). This is a common problem of black-box models and can be mitigated by combining them with background knowledge expressed by symbolic and formal methods. The poster shows some of our recent research on making the learnt features of image models more transparent (second row), improving the reliability and robustness of large language models (third row) and explaining decisions of black-box classifiers for tabular data such as decision tree ensembles (fourth row).

Towards a Holistic Framework for Threat Modelling in Defence: Steve Johnson, University of Southampton

This research proposes a new multi-dimensional approach to cybersecurity threat modelling that goes beyond traditional, single-focus methods. By integrating cyber, physical, and human factors and applying systems thinking to complex environments like Defence, it aims to better understand how interconnected threats propagate across systems (comprised of software, processes, people, hardware).

Post Quantum Cryptography: Securing Tomorrow's Infrastructure Against Quantum Threats: Saeed Othman, SYSTRA

Quantum compuing promises immense computational power, but it also poses a serious threat to today's digital security. Algorithms such as RSA and ECC, which protect online communication, banking, and infrastructure, rely on problems that are difficult for classical computers but easily solvable by quantum ones.

The emergence of large-scale quantum computers would render much of our current encryption obsolete, exposing sensitive information and critical systems to potential compromise. For industries and infrastructure with long life cycles, preparing for this shift now is essential to maintaining trust, safety, and operational resilience.

Read the poster to learn more about what can be done today.

Testing Hard Real-Time Systems: An Innovative Microcontroller-Based Solution: Zachary Danzig, Loughborough University

The ATE is a microcontroller-based platform for hard real-time testing, designed to inject and capture messages with microsecond-level precision, avoiding the timing issues you get from traditional PC-based test environments. It's designed to be modular, scalable, and reusable.

By using bare-metal Raspberry Pi RP2040 controllers paired with Click boards for many different interfaces, the kit delivers deterministic behaviour that safety-critical systems demand while keeping costs remarkably low.

Code-centered kernel compartmentalization in CheriBSD: Konrad Witaszczyk, University of Cambridge

The CHERI-extended CheriBSD kernel based on the FreeBSD kernel, as other monolithic kernels, consists of millions of trusted lines of code that are compiled into the kernel binary or separate kernel modules. The kernel binary itself includes code from over 1,700 ELF object files linked together. In this research, I explore compartmentalization of the CheriBSD kernel that focuses on its code and aims to split the kernel code into compartments that can call functions of other compartments only if a system-defined policy allows such a call.