A member lab of REQS LabsVisit REQS Labs

Research programme

Work begins with questions that can survive contact with evidence.

Trust Lab studies the security and resilience of autonomous agents, multi-agent systems, programmable blockchains, and cyber-physical infrastructure.

Theme 01

Agent assurance and multi-agent security

Research on how autonomous agents can be audited, constrained, and kept resilient when they interact with other agents and external systems.

Questions under study

  1. How should security requirements be stated for agents that plan and act?
  2. Which forms of verification remain useful when agent behaviour changes over time?
  3. How do cooperation and adversarial behaviour coexist in multi-agent systems?
  4. What evidence should an audit preserve after an agent causes harm?

Theme 02

Decentralized systems and digital economies

Work on privacy, censorship resistance, maximal extractable value, protocol trust, and secure infrastructure for decentralized systems.

Questions under study

  1. How do transaction-ordering incentives alter protocol security?
  2. Which privacy mechanisms remain usable on programmable blockchains?
  3. How should censorship and exclusion be measured in decentralized markets?
  4. Can agent infrastructure remain accountable without relying on one operator?

Theme 03

Cyber-physical resilience

Security for power systems, microgrids, connected devices, and other settings where software decisions affect physical infrastructure.

Questions under study

  1. How can protection systems distinguish faults from manipulated measurements?
  2. Which signals remain dependable during an attack?
  3. How should AI-based defenses fail when evidence is incomplete?
  4. What can be tested in real time without weakening system protection?

Theme 04

Requirements and systems engineering

Methods for specifying trust, recovering architecture, modelling threats, and examining failure in complex autonomous and digital systems.

Questions under study

  1. Which requirements can be checked after deployment?
  2. How should an evolving autonomous system preserve its assurance case?
  3. Where does architecture create hidden security dependence?
  4. How can failure reports change the next system specification?