Centre for Doctoral Training in Cyber Security at Royal Holloway
Lead Research Organisation:
Royal Holloway University of London
Department Name: Information Security
Abstract
Cryptographic algorithms are used to ensure the confidentiality and integrity of information transmitted over an insecure channel, whether that be data encapsulated in an IP datagram and sent over the Internet or a hand-written message conveyed by a soldier across enemy territory. In a world in which businesses and government provide access to their products and services via public networks the importance of cryptography cannot be overstated.
In fact, "cryptography" means a number of things: from the design of provably-secure ciphersystems and protocols, to the implementation of those systems and protocols in technology, to the deployment of that technology. Domain A covers all of these aspects of cryptography, most obviously in the "headline" theme, but also in Systems Engineering and Security Analysis and Building Trusted and Trustworthy Systems.
However, cryptography does not and cannot solve all technological problems, much less cyber security problems. Stored data, even if we restrict our attention to cryptographic keys, requires additional and complementary technical approaches. Given that the vast majority of data is now stored on computers and the protection mechanisms used to protect that data are implemented by computer software, the development of trusted and trustworthy platforms are of paramount importance. High assurance software, firewalls, intrusion detection and protection systems, and authentication and access control mechanisms can all be undermined by vulnerabilities in the hardware and the operating system.
The development of secure systems, whether "system" means the software stack running on a single machine or the network protocols and machines that communicate using those protocols, depend crucially on secure foundations. Those foundations typically rely on some "root of trust" whether that is based in hardware, software or socio-technical systems such as large public key infrastructures (PKIs). Establishing whether those trust foundations are robust is of critical importance and embraces many different disciplines, including formal methods (hardware), technological processes (software development and testing), and organizational processes (user enrolment in a PKI). It is essential, therefore, that researchers and practitioners think about cyber security from multiple perspectives. The Centres for Doctoral Training in Cyber Security provide a vital opportunity to provide the brightest minds in the UK with all those perspectives.
Royal Holloway, University of London (RHUL) is uniquely equipped to deal with the challenges faced by any institution wishing to become a CDT. The Information Security Group (ISG) has well over 20 years' experience of supervising postgraduate research students (PGRs) in topics related to information and cyber security, with around 120 people having PhDs supervised by the ISG. The volume and scope of the ISG's research is unrivalled in the UK. With 17 full-time researchers, 8 post-doctoral researchers and around 40 PhD students, the ISG has expertise in all areas of Domain A, with world leading researchers in a number of the sub-themes, and many of the themes in Domain B.
If successful in its application to become a CDT, the ISG would make use of its masters programme to provide part of the taught element for the student cohort. The MSc in Information Security at RHUL has been running for 20 years and has over 2000 alumni. The programme is recognized by industry, nationally and internationally, as the best of its type in the UK. The extensive programme of sixteen courses offers a very broad understanding of technical and managerial aspects of information security and represents a substantial foundation for the CDT cohort. In addition, we will run two new courses, supervised by ISG academics, in which the emphasis will be on acquiring research skills and an appreciation of the most important research literature, past and current.
In fact, "cryptography" means a number of things: from the design of provably-secure ciphersystems and protocols, to the implementation of those systems and protocols in technology, to the deployment of that technology. Domain A covers all of these aspects of cryptography, most obviously in the "headline" theme, but also in Systems Engineering and Security Analysis and Building Trusted and Trustworthy Systems.
However, cryptography does not and cannot solve all technological problems, much less cyber security problems. Stored data, even if we restrict our attention to cryptographic keys, requires additional and complementary technical approaches. Given that the vast majority of data is now stored on computers and the protection mechanisms used to protect that data are implemented by computer software, the development of trusted and trustworthy platforms are of paramount importance. High assurance software, firewalls, intrusion detection and protection systems, and authentication and access control mechanisms can all be undermined by vulnerabilities in the hardware and the operating system.
The development of secure systems, whether "system" means the software stack running on a single machine or the network protocols and machines that communicate using those protocols, depend crucially on secure foundations. Those foundations typically rely on some "root of trust" whether that is based in hardware, software or socio-technical systems such as large public key infrastructures (PKIs). Establishing whether those trust foundations are robust is of critical importance and embraces many different disciplines, including formal methods (hardware), technological processes (software development and testing), and organizational processes (user enrolment in a PKI). It is essential, therefore, that researchers and practitioners think about cyber security from multiple perspectives. The Centres for Doctoral Training in Cyber Security provide a vital opportunity to provide the brightest minds in the UK with all those perspectives.
Royal Holloway, University of London (RHUL) is uniquely equipped to deal with the challenges faced by any institution wishing to become a CDT. The Information Security Group (ISG) has well over 20 years' experience of supervising postgraduate research students (PGRs) in topics related to information and cyber security, with around 120 people having PhDs supervised by the ISG. The volume and scope of the ISG's research is unrivalled in the UK. With 17 full-time researchers, 8 post-doctoral researchers and around 40 PhD students, the ISG has expertise in all areas of Domain A, with world leading researchers in a number of the sub-themes, and many of the themes in Domain B.
If successful in its application to become a CDT, the ISG would make use of its masters programme to provide part of the taught element for the student cohort. The MSc in Information Security at RHUL has been running for 20 years and has over 2000 alumni. The programme is recognized by industry, nationally and internationally, as the best of its type in the UK. The extensive programme of sixteen courses offers a very broad understanding of technical and managerial aspects of information security and represents a substantial foundation for the CDT cohort. In addition, we will run two new courses, supervised by ISG academics, in which the emphasis will be on acquiring research skills and an appreciation of the most important research literature, past and current.
Planned Impact
The research undertaken at the proposed Centre for Doctoral Training will, to some extent, be driven by the problems faced by our industrial partners arising from cyber security threats and vulnerabilities. We intend to offer every member of the student cohort the opportunity to undertake a three-month placement with one of our partners. This enables each student to experience, at first hand, real cyber security problems. This strategy is designed to have an impact on both industrial and academic research.
First, the creativity of young researchers may well lead to innovative solutions for some of the problems faced by industry. Hence, we hope some of these industrial placements will have significant short-term impact and lead to the improvement of security-related technologies, to the benefit of large sections of UK society.
Second, an awareness of real-world cyber security engineering problems will enable students to develop better theoretical models for those problems, which, in turn, will facilitate reasoning and solving them. In other words, our programme will equip students will skills that will enable them to understand, represent and solve complex engineering questions, skills that will have an impact in UK industry and academic long beyond the lifetime of the CDT.
It scarcely needs to be said that closer collaboration between the student cohort and industry will necessarily have an impact on the knowledge and research of the Information Security Group. It particular it will enhance our understanding, already substantial, of the needs of industry and government, thereby the scope and quality of the industrial research and consultancy we undertake.
We will seek to promote the activities and research of the CDT in a variety of ways, including the standard medium of publication of academic papers in conference proceedings and scholarly journals. In particular, we will expand the ISG's engagement with organizations beyond the academic community, including, but not limited to, the organization of fora at which academic and industry leaders can discuss and explore cyber security problems; providing input to industry standards, notably for network protocols and cryptographic primitives; and arranging open days at which the research and wider activities of the CDT will be promoted, through talks, posters and tool demonstrations.
First, the creativity of young researchers may well lead to innovative solutions for some of the problems faced by industry. Hence, we hope some of these industrial placements will have significant short-term impact and lead to the improvement of security-related technologies, to the benefit of large sections of UK society.
Second, an awareness of real-world cyber security engineering problems will enable students to develop better theoretical models for those problems, which, in turn, will facilitate reasoning and solving them. In other words, our programme will equip students will skills that will enable them to understand, represent and solve complex engineering questions, skills that will have an impact in UK industry and academic long beyond the lifetime of the CDT.
It scarcely needs to be said that closer collaboration between the student cohort and industry will necessarily have an impact on the knowledge and research of the Information Security Group. It particular it will enhance our understanding, already substantial, of the needs of industry and government, thereby the scope and quality of the industrial research and consultancy we undertake.
We will seek to promote the activities and research of the CDT in a variety of ways, including the standard medium of publication of academic papers in conference proceedings and scholarly journals. In particular, we will expand the ISG's engagement with organizations beyond the academic community, including, but not limited to, the organization of fora at which academic and industry leaders can discuss and explore cyber security problems; providing input to industry standards, notably for network protocols and cryptographic primitives; and arranging open days at which the research and wider activities of the CDT will be promoted, through talks, posters and tool demonstrations.
