People of ACM - Chris Hankin

October 17, 2017

How did your early research in the mathematical foundations of programming languages lead to your current work in cybersecurity?

I have worked in semantics-based program analysis since about 1983. The idea is to use mathematical models of programs to infer properties of their runtime behavior. Originally this work was motivated by the need to perform semantically correct code optimization, but in the late 1990s we realized that the same techniques could be used to study information flow properties, one of the key approaches in language-based security. That work led on to broader interests in cybersecurity.

One of your current interests is using visual analytics as a tool to prevent cyberattacks. Why are visual analytics valuable assets for those seeking to keep systems secure?

My team has mainly focused on the data analytics that underpin advanced visualizations, although I have led some large projects with collaborators who specialize in the visual aspects. The main problems in cybersecurity, as in many other areas, are the speed at which incidents happen and the vast volumes of data entailed. Visual analytics—“the science of analytical reasoning facilitated by interactive visual interfaces”—supports cyber-situational awareness, so that the system defenders can take appropriate actions to defend their systems.

The recent breach at the US credit reporting agency Equifax compromised the personal information of 143 million Americans. Among the many lessons that can be learned from this kind of attack, is there one lesson that comes to mind first?

The breach occurred because Equifax had systems that were exposed to exploitation of a vulnerability that had been identified in March 2017; the Equifax systems were unpatched, leaving them open to attackers. The main lesson is the importance of acting promptly on notification of software updates; we can be sure that, as soon as a vulnerability is announced, there will be attackers out there trying to exploit unpatched systems, a phenomenon that we see repeatedly.

As the newly elected Chair of the ACM Europe Council, how would you like to see ACM increase its relevance and visibility for European computing professionals in the coming years?

The ACM Europe Council have agreed on a number priorities for the coming period. These include increasing the attractiveness of ACM membership to younger members, ensuring that we are better connected to the practitioner members, and continuing the excellent work that our policy arm, EUACM, has been doing.

Christopher “Chris” Hankin is Professor of Computer Science and Co-Director of the Institute for Security Science and Technology at Imperial College London. His research interests include cybersecurity, data analytics and semantics-based program analysis. Hankin leads multidisciplinary projects focused on developing advanced visual analytics and providing better decision support to defend against cyberattacks. He is also Director of the UK’s Research Institute in Trustworthy Industrial Control Systems.

Hankin was Editor-in-Chief of ACM Computing Surveys from 2007 to 2013, and currently serves on the ACM Publications Board. He was recently elected Chair of the ACM Europe Council for a two-year term through June 30, 2019. Hankin moderated a panel discussion on the key challenges in cybersecurity at the ACM Europe Conference held September 7 to 8 in Barcelona.