Academic Centre of Excellence in Cyber Security Research - University of Southampton

Lead Research Organisation: University of Southampton
Department Name: Electronics and Computer Science

Abstract

CyberSecurity Southampton focusses on the security of the cyber space from all digital threats, whether malicious or not. Our multidisciplinary expertise contributes knowledge, understanding and innovation to the protection of critical infrastructures, users, their data and interests, and connects activities across electronic and software systems, advanced networking and protocols, risk behaviour, social and legal acceptability, and physical and cyber identity management.

CyberSecurity Southampton represents the combined contribution of top researchers across 12 distinct research groups within the disciplines of Electronics and Computer Science, Law, Management, Mathematics, Optoelectronics and Psychology. Together they delivers a wide spectrum of interwoven research ranging from electronic (nano) devices to (physical and cyber) biometrics, passing through world-leading research on cyber-enabling infrastructures - viz., fibre-optics, internet and the web - using behavioural and cognitive psychology, and deploying both formal and experimental methods. Over the past five years, the centre has developed enormously through collaboration across groupings, institutional and external investments, contracts and research. A representative sample of achievements includes: secure sanitisation, automotive electronics, side channels analysis, access control, software engineering tools, provenance, dynamic trust, privacy, knowledge and belief.

CyberSecurity Southampton is unique in having a decennial experience in joint hardware/software operations and world-class expertise on critical infrastructures (communications and the web), a state-of-the-art, in-house nano-fabrication facility and a well integrated research portfolio linking together in a full circle (opto)electronics, computer science and engineering, social and human aspects. Our vision is informed by such strengths, and by the understanding that outsourcing the manufacturing of even the most elementary component unwisely may lead to unacceptable security risk. In particular, our vision is:

- to supply secure (embedded) systems and their design methodologies via an integrated hardware-software ap- proach, and focus on the creation and use of security-enhancing computer-aided design and verification tools;

- to secure the cyber space by design, analysis, simulation and proof, in order to protect infrastructures and data, users and their interests;

- to adopt a holistic and multidisciplinary approach, which takes into full account human aspects and behaviour, as well as social and legal acceptability issues;

- to foster excellence in research, depth in impact, and to educate top-class cyber security experts.

CyberSecurity Southampton is fully equipped by its component groups and can count on two Doctoral Training Centres to provide a conducive environment for PhDs in cyber security: the Complex Systems Simulations and the Web Science DTCs. Some of our researchers have recently secured two programme grants that supports cyber security research, as well as Government Advisory Roles on National Security and on Open Data of considerable policy and strategic oversight, able to provide a conduit between Government, the Agencies and the academic teams of CyberSecurity Southampton. Together, this marks CyberSecurity Southampton as a significant, established, and coordinated Academic Centre of Excellence in Cyber Security.

The present proposal aims at securing a support grant for the centre. Specifically, we seek funds to: free time for the Director to dedicate to the organisation and daily running of the centre; start and run a Distinguished Lectures in Cyber Security series; foster multidisciplinary activities; participate in networking events with other ACE-CSRs and host a national ACE-CSR workshop; run annual outreach, public engagement and industrial liaison events; develop a suitable web portal; print and distribute brochures and publicity material.

Planned Impact

We propose activity to support the development of CyberSecurity Southampton as an Academic Centre of Excellence in Cyber Security Research, as well as a member of a national network of excellence in cyber security. This will (1) help us realise the vision for our centre, (2) foster the ACE-CSR network of excellence and, as a consequence of these facts, (3) provide a contribution to implementing the UK Cyber Security Strategy. In this sense, the range of beneficiaries is very wide, ranging from researchers at CyberSecurity Southampton to Society at large, from industry to UK Government and National Security Agencies.

The development of a website and publicity material will help CyberSecurity Southampton establish a high-reputation profile and visibility with industry and other potential partners. This, together with an annual outreach, public engagement and industrial liaison event, will facilitate contacts and create the synergies for collaboration between our centre and new potential partners for research and economic/industrial exploitation. Through these events, as well as through the existing channels at Southampton, we shall establish a dialogue with the Press. This will help us disseminate our research to the general public and raise awareness of threats and dangers relating to cyber security and arising from cybercrime.

The creation a series of Distinguished Lectures in Cyber Security, will facilitate exchange of ideas and help create a thriving research environment. It will also contribute to raise the profile of CyberSecurity Southampton, both internally and externally. Around the Lectures, we shall build a regular system of institutional events to provide the centre with a portfolio of activities which will establish it at the top of Southampton's research structure, as part of the multidisciplinary University Strategic Research Groups (USRGs). This will help us us contribute to the formulation of the University's strategic research plans and, therefore, put cyber security at the top of the agenda.

Publications

10 25 50

publication icon
Ciobanu G (2016) A descriptive type foundation for RDF Schema in Journal of Logical and Algebraic Methods in Programming

publication icon
Ciobanu G (2015) Minimal type inference for Linked Data consumers in Journal of Logical and Algebraic Methods in Programming

publication icon
Ciobanu G (2013) Local Type Checking for Linked Data Consumers in Electronic Proceedings in Theoretical Computer Science

publication icon
Dezani-Ciancaglini M (2012) Tracing where and who provenance in Linked Data: A calculus in Theoretical Computer Science

publication icon
HAMADOU S (2014) An analysis of trust in anonymity networks in the presence of adaptive attackers in Mathematical Structures in Computer Science

 
Description The difficulty and comprehensiveness of the challenges arising from cyber security. There several things that we understand pretty well, but we are yet to bridge the gaps between theoretical understanding, practical realisation and real-world deployment. There are also are so many things that we don't yet understand even theoretically. In the final two years of the grants we applied a step change to our approach, funded the Southampton Cyber Security Academy, and grew our research group and our portfolio of grants and research achievements. I am satisfied with the work, and believe that the objects have all been met.
Exploitation Route Our main finding at this moment is the applicability of distributed ledger technologies to problems in the public administration sphere. The next phase of our research will be to expand those findings to other application domains, including the IoT. We are now exploring the application of AI and machine learning to cyber security, and the initial response is very promising. Look forward to future work with excitement.
Sectors Communities and Social Services/Policy,Digital/Communication/Information Technologies (including Software),Energy,Financial Services, and Management Consultancy,Government, Democracy and Justice

 
Description We are using our findings is several realistic scenarios, in partnership with real-world actors from industry, government, law enforcement and the real world. It is still early to draw any conclusions and report, since we're not even yet half way through the grant. In the final part of the grant we develop significant collaboration with government departments and public services across Europe, most notably the UK, Malta and Italy. Our engagement with the public sector is ongoing, and is currently focusing on the development and applications of distributed ledger technologies. On the basis of the research and activities from this project, we have expanded and currently continue to expand our network of industry partners, our programme of training for professionals as well as our engagement with the cyber community at large. Thanks to the outcomes of this project, Southampton has developed a model of work with government, industry and academic which is coming to be recognised as our approach to cyber security
First Year Of Impact 2017
Sector Communities and Social Services/Policy,Digital/Communication/Information Technologies (including Software),Education,Electronics,Financial Services, and Management Consultancy,Government, Democracy and Justice,Security and Diplomacy
Impact Types Cultural,Societal,Economic,Policy & public services

 
Description influence of cybercrime policing
Geographic Reach National 
Policy Influence Type Influenced training of practitioners or researchers
 
Description Government research contract
Amount £250,000 (GBP)
Organisation Government of the UK 
Sector Public
Country United Kingdom
Start 01/2016 
End 12/2017
 
Description Government research contract
Amount £60,000 (GBP)
Organisation Government of the UK 
Sector Public
Country United Kingdom
Start 11/2014 
End 03/2016
 
Description Government research contract
Amount £20,000 (GBP)
Organisation Government of the UK 
Sector Public
Country United Kingdom
Start 11/2015 
End 03/2016
 
Description Government research contract
Amount £50,000 (GBP)
Organisation Government of the UK 
Sector Public
Country United Kingdom
Start 11/2014 
End 03/2015
 
Description Horizon 2020
Amount € 4,511,270 (EUR)
Organisation European Commission 
Sector Public
Country European Union (EU)
Start 01/2015 
End 12/2018
 
Description Cyber Security Academy 
Organisation Defence Science & Technology Laboratory (DSTL)
Country United Kingdom 
Sector Public 
PI Contribution identity research and training needs in cyber security
Collaborator Contribution contribution to our research, education, outreach in cyber security
Impact research, education outreach in cyber security
Start Year 2013
 
Description Cyber Security Academy 
Organisation Defence Science & Technology Laboratory (DSTL)
Country United Kingdom 
Sector Public 
PI Contribution identification of research needs in cyber security
Collaborator Contribution Contribution to our research, education, outreach in cyber security
Impact contribution to research education outreach in cyber security
Start Year 2015
 
Description Cyber Security Academy 
Organisation Northrop Grumman
Country United States 
Sector Private 
PI Contribution identification of research needs in cyber security
Collaborator Contribution Contribution to our research, education, outreach in cyber security
Impact contribution to research education outreach in cyber security
Start Year 2015
 
Description Cyber Security Academy 
Organisation Roke Manor Research Ltd.
Country United Kingdom 
Sector Private 
PI Contribution identification of research needs in cyber security
Collaborator Contribution Contribution to our research, education, outreach in cyber security
Impact contribution to research education outreach in cyber security
Start Year 2015
 
Description Cyber Security Academy 
Organisation Roke Manor Research Ltd.
Country United Kingdom 
Sector Private 
PI Contribution Partnership for research, education, outreach in cyber security
Collaborator Contribution contributed to our research, education and outreach in cyber security
Impact formation of cyber security academy and its activities
Start Year 2013
 
Description 3rd cybercrime symposium 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Professional Practitioners
Results and Impact run 2nd and 3rd cybercrime symposium in collaboration with NCA, GCHQ and Hampshire police.
Year(s) Of Engagement Activity 2015,2016
 
Description BIS Selection of a Government Preferred Industrial Standard for Cyber Security 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Public/other audiences
Results and Impact I was part of a formal panel organised by BIS to assess some current and some proposed Cyber Security Industrial Standard for the nation.

The outcome and decision from the panel have influence the standards adopted in businesses all over the country. The so-called "Cyber Essentials".
Year(s) Of Engagement Activity 2013
URL https://www.gov.uk/government/consultations/cyber-security-organisational-standards-call-for-evidenc...
 
Description BIS consultation on Cyber Security exports 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact Consulted with BIS about issues and opportunities for cyber exports from the UK to a selected number of countries, in view of the government's plan to export £2bn in cyber.

I am not yet aware of any impact, this activity is quite recent.
Year(s) Of Engagement Activity 2014
 
Description Cabinet Office's Cyber Security Foresight 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact I presented a talk about future challenges for cyber security in decentralised computing systems

My talk was well received, I have had several invitations to speak after it.
Year(s) Of Engagement Activity 2013
 
Description Consultation for Cabinet Office Identity Assurance Scheme 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact We contributed to a consultation by the Cabinet Office on their proposed Identity Assurance Scheme.

Our contribution was acknowledged
Year(s) Of Engagement Activity 2013,2014
URL https://www.gov.uk/government/collections/identity-assurance-enabling-trusted-transactions
 
Description Consultation with FCA about impact of Bitcoin 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact consultation and organisation of training for FCA officials
Year(s) Of Engagement Activity 2015,2016
 
Description Consultation with NCA about impact of Bitcoin on Cyber Crime 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact The meeting was in preparation of a briefing document to be put together for the Prime Minister.

We have no direct perception of the impacts yet, as it is classified work.
Year(s) Of Engagement Activity 2014
 
Description Consultation with the Bank of England on their report on crypto-currencies 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact We discussed with the Bank of England before the produced their report, in order to improve their understanding of the technologies underpinning crypto currencies. We revised and commented upon two draft versions of the reports.

The reports were substantially improved after our input.
Year(s) Of Engagement Activity 2014
URL http://www.bankofengland.co.uk/publications/Pages/quarterlybulletin/2014/qb14q3prereleasedigitalcurr...
 
Description Contribution to ICO Anonymisation Code of Practice 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? Yes
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact The Annex was extremely well received and generated good feedback

The code of practices was distributed to thousands and thousands of businesses.
Year(s) Of Engagement Activity 2012
URL http://ico.org.uk/for_organisations/data_protection/topic_guides/anonymisation
 
Description Contribution to the Royal Society Cybersecurity Research consultation 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact We produce a comprehensive document in response to a Royal Society consultation on a UK vision for research in cyber security

I was called for further viva interviews, following my initial written contribution.
Year(s) Of Engagement Activity 2013,2014
URL https://royalsociety.org/policy/projects/cybersecurity-research/
 
Description Data anonymisation test for the Department of Energy and Climate Change 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact We were asked to test the anonymity of data to be released publicly by DECC about home electricity consumption for the entire country.

After extensive test and analysis, we concluded that no personal identifiable data was present in the database, which was then released by DECC.
Year(s) Of Engagement Activity 2014
 
Description Data anonymisation test for the Ministry of Justice 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact We were asked to test the anonymisation of data to be release publicly by the Ministry of Justice on crime reoffending rates in various regions.

We were able to deanonymise two individuals in a short period of time. We want a prize for our work, and potentially avoided a great source of embarrassment for the government.
Year(s) Of Engagement Activity 2012
 
Description FCO/UK Embassy in Tokyo: Cyber Security Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other academic audiences (collaborators, peers etc.)
Results and Impact The purpose of the activity was to foster cooperation between UK and Japan on Cyber security research

The event was successful, I have received several invitation to participate in further activities in Japan.
Year(s) Of Engagement Activity 2014
 
Description National Audit Office: Review of Cyber Security Spend 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? Yes
Geographic Reach National
Primary Audience Public/other audiences
Results and Impact I have been part of a panel in a multi-year activity for the annual review of the Government's spend on cyber security in terms of both efficiency and effectiveness.

Hugely impactful documents have been produced after each panels, documents which have the potential to change Government's policies.
Year(s) Of Engagement Activity 2012,2013,2014
URL http://www.nao.org.uk/wp-content/uploads/2015/09/Update-on-the-National-Cyber-Security-Programme-sum...
 
Description National Cipher Challenge 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? Yes
Geographic Reach National
Primary Audience Schools
Results and Impact A code-cracking school competition.

very considerable impact on GCSE and A level pupils.
Year(s) Of Engagement Activity 2008,2009,2010,2011,2012,2013,2014
URL http://www.cipher.maths.soton.ac.uk
 
Description Participation in the Academic Liaison Panel of the Information Assurance Advisory Council 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact The main focus of the panel is to determine professional profiles for cyber security and the corresponding study and career pathways.

Clearly, the impact of this is going to be huge. It's just too early to describe it.
Year(s) Of Engagement Activity 2012,2013,2014
 
Description South East Cyber Crime Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact We organised a workshop with the NCA, the Academy of Policing and the South East Regional Organised Crime Unit on the challenge from cyber crime and the organisation of the Regional Cyber Crime Units

Extremely positive outcome, many contacts and further work, including funding for a H2020 project jointly with the South East Regional Cyber Crime Unit.
Year(s) Of Engagement Activity 2014
 
Description The UK National Archives workshop on cyber security 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Talk to UK National Archives personnel about the challenges of cyber security and privacy that they face essentially every day.

Talk very well received, interesting debate and questions.
Year(s) Of Engagement Activity 2014
 
Description Training for Cyber Crime Police 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact We are planning with the Academy of Policing, the NCA and the Metropolitan Police, training for cyber crime officials.

this is generating a lot of interest, but at the moment the activity has not run yet, so it's difficult to talk about impact yet.
Year(s) Of Engagement Activity 2014
 
Description UK-China Cyber Security Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact We organised and run together with the FCO a one-week workshop on cyber security for Chinese mid-ranking officials.

The feedback was extremely positive from the participants, and from the FCO.
Year(s) Of Engagement Activity 2013
 
Description US/UK Cyber Security Business Forum 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Policymakers/politicians
Results and Impact This panel was organised by the US embassy in London to discuss and inform policies related to cyber business cooperation across the atlantic and in the world.

Activities stopped after a while, not sure why.
Year(s) Of Engagement Activity 2012,2013
URL https://www.flickr.com/photos/usembassylondon/sets/72157630056810119/
 
Description several media and radio interviews 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact radio and media interviews on cyber security matters.
Year(s) Of Engagement Activity 2014,2015,2016
 
Description visit of Metropolitan Police Research Procurement Officers 
Form Of Engagement Activity Participation in an open day or visit at my research institution
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Professional Practitioners
Results and Impact We have discussed with the Metropolitan Police about our research and its potential applications at their problems.

Further contacts from the MPS after the meeting, saying that they are intending to commission research from us.
Year(s) Of Engagement Activity 2014