From October 2004 to September 2007, I was engaged on the EPSRC-funded project "Automated Analysis of Security Critical Systems". The project involved applying formal tools to the problem of analysing the APIs of hardware security modules. These devices are used, for example, in ATM (cash machine) networks and electronic payment systems. The final report and assessment by EPSRC are available.
My PhD work concerned the automated discovery of cryptographic security protocol attacks by refutation of inductive conjectures. This lead to the development of the Coral system, and the discovery of several previously unknown attacks on group protocols.