Academic Centre of Excellence in Cyber Security Research - University of Birmingham

Lead Research Organisation: University of Birmingham
Department Name: School of Computer Science

Abstract

The computer security group at Birmingham has strengths in analysis and verification of systems, privacy and security, malware, intrusion detection, web security, botnets, and secure software engineering. Our ethos is to focus on problems that are important to society (this can include government and industry in particular). The proposal is for funding to allow us to complement our existing research base by hosting workshops and distinguished lectures in areas that will expand our competence.

Planned Impact

Impact for our existing research will be achieved by creating new routes for dissemination. The new routes are workshops and visits occasioned by the distinguished lectures. The quality of our research will be enhanced by these routes.
 
Title Cyber security awareness month campaign 
Description Video produced for a social media campaign for cyber security awareness month. 
Type Of Art Film/Video/Animation 
Year Produced 2019 
Impact Increased engagement and awareness. 
URL https://www.youtube.com/watch?v=lWRT_TnEQdM
 
Title Video Animation 
Description A video animation showcasing the findings of our research and its impact on industry. 
Type Of Art Film/Video/Animation 
Year Produced 2019 
Impact Was used in business engagement events and social media to attract industry collaboration. 
URL https://www.youtube.com/watch?v=N2gHjZcj2wc
 
Description The project doesn't support research directly, but supports the development of our ACE-CSR. The funding has facilitated, among other activities, an ongoing Security Seminar Series with invited speakers. This includes academics from other ACE-CSRs, academics from other institutions both in the UK and internationally, as well as researchers from industry. The series included a Distinguished Seminar by Adrien Perrig (ETH Zurich). Further expansion of the group has led to influence on policy (including submissions to UK and Welsh Parliament), education (in practice as a research topic) and industry (through further projects, collaborations and impact). The ACE-CSR recognition has recently been renewed following submission of further evidence and internally the University has supported the establishing of a Centre for Cyber Security and Privacy to promote interdisciplinarity and enhance opportunities for engagement and impact.
 
Description Automated Protocol Learning and Vulnerability Detection for TLS, WPA and IoT Protocols
Amount £117,514 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 10/2016 
End 03/2020
 
Description DIF
Amount £1,950,000 (GBP)
Organisation University of Birmingham 
Sector Academic/University
Country United Kingdom
Start 09/2015 
End 08/2023
 
Description GCHQ Small Grant
Amount £25,392 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 08/2016 
End 04/2017
 
Description GCHQ Small Grants (2015-2016)
Amount £48,927 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 02/2016 
End 04/2016
 
Description GCHQ equipment funding
Amount £150,000 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 03/2014 
End 03/2014
 
Description OpenHaven
Amount £116,000 (GBP)
Organisation Government Communications Headquarters (GCHQ) 
Sector Public
Country United Kingdom
Start 10/2015 
End 09/2018
 
Title StatVerif 
Description A software tool to verify the security properties of protocols. 
Type Of Material Improvements to research infrastructure 
Year Produced 2014 
Provided To Others? Yes  
Impact Take up by other researchers 
URL https://sec.cs.bham.ac.uk/research/StatVerif/
 
Description Google 
Organisation Google
Country United States 
Sector Private 
PI Contribution Collaboration of certificate management
Collaborator Contribution Collaboration of certificate management
Impact Discussion and meetings
Start Year 2010
 
Description Google Asylo 
Organisation Google
Department Research at Google
Country United States 
Sector Private 
PI Contribution Disclosed vulnerabilities. Found instances of the problematic [user_check] attribute that lacked proper pointer validation, leaving critical vulnerabilities in the compiled enclave
Collaborator Contribution -
Impact Improved security of products.
Start Year 2019
 
Description INTEL-SA-00289 
Organisation Intel Corporation
Department Intel Corporation (UK) Ltd
Country United Kingdom 
Sector Private 
PI Contribution Vulnerabilities disclosed. CVE-2019-11157
Collaborator Contribution -
Impact Improved security of products.
Start Year 2019
 
Description Intel SGX-SDK 
Organisation Intel Corporation
Department Intel Corporation (UK) Ltd
Country United Kingdom 
Sector Private 
PI Contribution Disclosed vulnerabilities, CVE-2018-3626 and CVE-2019-14565.
Collaborator Contribution -
Impact Improved security of product.
Start Year 2019
 
Description L-3 TRL 
Organisation L3 TRL Technology
Country United Kingdom 
Sector Private 
PI Contribution Collaboration on Secure Cloud-based Collaboration Platform
Collaborator Contribution Collaboration on Secure Cloud-based Collaboration Platform
Impact Discussion and meetings Ongoing research partnership Solutions for key management and data processing in the cloud
Start Year 2014
 
Description Microsoft Open Enclave 
Organisation Microsoft Research
Department Microsoft Research Cambridge
Country United Kingdom 
Sector Private 
PI Contribution Disclosed Vulnerabilities. CVE-2019-0876, CVE-2019-1369,and CVE-2019-1370.
Collaborator Contribution -
Impact Improved security of products.
Start Year 2019
 
Description Pint of Science Festival 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach Regional
Primary Audience Public/other audiences
Results and Impact Mark Ryan, along with colleagues Tom Chothia and Flavio Garcia, gave talks as part of the Pint of Science Festival. This international series of events offers the general public to engage with experts in scientific fields by attending talks, asking questions and entering discussion, within the informal setting of a bar or pub. The academics presented the findings of research with real-world impact to individual privacy that increased awareness and interest in the subject area.
Year(s) Of Engagement Activity 2015
URL http://www.birmingham.ac.uk/university/colleges/eps/news/college/2015/04/Pint-of-Science-Festival-20...
 
Description Royal Society meeting 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Policymakers/politicians
Results and Impact It was a high-profile meeting at the Royal Society entitled Security and Privacy in Society. The event hosts a unique combination of people from both the surveillance community and the privacy community. I am very pleased to have a stellar list of invitees, including Sir David Omand and Sir Francis Richards, both former directors of GCHQ, Rt. Hon. James Arbuthnot MP (Chairman of the Defence Select Committee), Julian Huppert MP, and Helen Goodman MP, and the privacy proponents Caspar Bowden, Charles Raab, and Bart Preneel. Yet others include Jean Jaques Quisquater, the journalists Ewen MacAskill (Guardian) and Gordon Corera (BBC). There will also be some senior current people from GCHQ.

Support for further funding applications.
Year(s) Of Engagement Activity 2014
URL http://www.cs.bham.ac.uk/research/groupings/security_and_privacy/royalsoc2014/