Academic Centre of Excellence in cyber Security Research

Cyber security is ultimately about devices and people, which together give rise to a 'cyberspace' of networks and systems. Vulnerabilities arise from hardware, software and human factors, but typically from any combination of them. Our interdisciplinary approach affords us expertise over a significant number of such combinations. We deliver a wide spectrum of interwoven research ranging from electronic (nano) devices to (physical and cyber) biometrics, passing through world-leading research on cyber-enabling infrastructures using behavioural and cognitive psychology, and deploying both formal and experimental methods. We work on secure hardware devices such as data-secure sanitisable memories, embedded security and trusted hardware, their secure formal design and verification, and fabrication in our state-of-the-art cleanrooms. This links to (mission-critical, multi-clearance) software systems, whose design and validation builds on our expertise in language-based security. Mathematical models and static analysis techniques are also used for privacy systems, whose ultimate goal is to drive the design of data-confinement and privacy-enhancing web applications, online protocols and analysis tools. Of a similar goal-driven nature is our research on trust-and-reputation models, aimed at exploiting mutual trust mechanisms in agent communities to meet collaborative goals in the absence of reliable information. Agents systems link to secure services and information risk management over advanced networks and provide the basis for cutting-edge research on situational awareness. The latter extends to ad-hoc networks of practical operational relevance, such as the integration of human-agent teams. This establishes a synergy with our behavioural and cognitive scientists, who focus on the analysis of patterns of cyber-behaviour and group decision-making and risk behaviour. Our work on the security of critical infrastructures concerns cyber-physical and industrial control systems, financial trading, and the web. It includes IoT, the power grid, building automation, clouds, distributed ledgers, the analysis of cyber controls and of human factors affecting response time to cyber-attacks in financial trading markets. We also focus on access control, attack visualisation, linked-data (de-)anonymisation and provenance. A theme of growing importance concerns users' (web) identities. This builds on foundational work on cryptoprotocols, and provides a strong connection between our computer and social sciences researchers, in particular through the issues of (un-linkable) identities, super-identities, and the work on privacy and cyber-crime legislation. Finally, we mention our seminal work on biometrics for access control based on physical and cyber individual characteristics. The present proposal aims at securing a support grant for the centre. Specifically, we seek funds to: support the Director in the organisation and daily running of the centre; run a series of seminars in Cyber Security; foster multidisciplinary activities; participate in networking events with other ACE-CSRs and host a national ACE-CSR workshop; run outreach, public engagement and industrial liaison events; revamp our web portal; print and distribute brochures and publicity material.