Lead Research Organisation: Imperial College London
Department Name: Dept of Computing


Organisations, small and large, increasingly rely upon cloud environments to supply their ICT needs because clouds provide a better incremental cost structure, resource elasticity and simpler management. This trend is set to continue as increasingly information collected from mobile devices and smart environments including homes, infrastructures and smart-cities is uploaded and processed in cloud environments. Services delivered to users are also deployed in the cloud as this provides better scaleability and in some cases permits migration closer to the point of access for reduced latency.

Clouds are therefore an attractive target for organised and skilled cyber-attacks. They are also more vulnerable as they host environments from multiple tenant organisations with different interests and different risk aversion profiles. Yet clouds also offer opportunities for better protection both pro-actively and reactively in response to a persistent attack.

This project aims to develop novel techniques for intelligent cloud protection by advancing the state of the art in system modelling at run time, attack scenarios based analysis, novel techniques for selecting countermeasures and remedial actions and novel techniques for re-perimeterisation of the cloud environment. The methodology adopted combines fundamental research on knowledge representation, probabilistic analysis and machine learning with empirical and experimental studies in an industrial test-bed environment.

Additionally, the project also aims to achieve a better understanding of the business models and incentives involved in the relationships between cloud tenants and hosting organisations in the provision of security services based on measures of cost, risk and value and to propose new models that facilitate sharing of risk and exchange of security relevant information, which would in turn allow to simplify security management and provide better protection.

Planned Impact

The project will deliver tangible outputs that are directly applicable to the security of cloud environments in terms of their resilience to compromise, efficient management at run-time, protection of assets and the relation of cloud protection environments to the business models.

These outputs impact directly a broad range of companies including: cloud service providers, providers of security services and software for cloud infrastructures and cloud users. Amongst cloud users, it will impact in particular SMEs who rely on public clouds, their incremental cost structure and elasticity in order to host part of their computing infrastructure and delivery, and cannot afford significant investments in security management. Improving the resiliency of the cloud infrastructure will enable not only to reduce risks increased through co-tenancy but also to share the risk between tenants as well as between tenants and provider and to manage them better.

The results from the project will also benefit directly organisations focussing on promoting standards and best practice in cloud environments such as the Cloud Security Alliance and ENISA amongst others.

The project will also benefit the increasingly large open source community (Open Stack, Open Nebula) working towards the development of cloud environments as the results of this project will lead to tools and techniques that are more broadly applicable than the target environment in which they are tested, and we aim to release as many of the components of the framework as open source software. The BT environment has itself a large degree of compatibility with open environments (see BT Letter of Support).

Finally we expect the results of the project to contribute to open standards and in particular to a closer alignment between network and systems management standards, grid standards and security standards including amongst others DMTF, TM Forum, Open Grid Forum, OASIS and NIST.
Description Attack graphs describe the attack paths that an attacker can follow to compromise networks by exploiting network vulnerabilities and topology. Bayesian attack graph representations are a powerful tool for security risk assessment. Whilst static analysis considers the risk posture at rest, dynamic analysis allows to calculate the risk to different system components when evidence of compromise is found in a part of the system. However Bayesian inference techniques for risk assessment over attack graphs do not scale well and this has significantly hampered the use of tools for risk assessment. In this project we have: a) demonstrated how probabilistic graphical algorithms can be applied for scaleable inference over attack graphs for both exact and approximate inference - approximate inference techniques scale linearly in the number of nodes for both static and dynamic analysis, b) designed new tools for attack graph generation and analysis and introduce the notion of core graphs representing the unavoidable steps that an attacker needs to go through to achieve a specific objective, c) shown how this can be used to deploy countermeasures to an attack and applied this in cloud environments and d) evaluated the factors driving adoption of cloud services and security in cloud services.
Exploitation Route Our findings show that methodologies based on attack graph representations can scale to larger systems and thus be applied in practice for risk assessment. Scalability is the main factor that has limited the adoption of such tools for cloud and enterprise security. Our findings have also demonstrated the multiple uses of attack graph analysis in the protection of a system including: risk assessment, counter measure deployment, forensic investigation, network hardening and attribution.
Sectors Digital/Communication/Information Technologies (including Software),Security and Diplomacy

Description The findings of the project have influenced R&D at collaborating organisations and more broadly studies of resilience and policy in the security area. Amongst others, we were invited to present our findings at a NATO workshop on Cyber Resilience and approached by many organisations for further collaborations in this area. Beyond the original remit of the project, which focussed on cloud and enterprise environments, our findings have applicability for the protection of industrial control and IoT systems which we are pursuing e.g., in the PETRAS IoT Hub. Insights from this project have also influenced some of the policy recommendations put forward through PETRAS reports.
First Year Of Impact 2018
Sector Digital/Communication/Information Technologies (including Software)
Impact Types Policy & public services

Description EU Marie-Curie Programme
Amount € 183,454 (EUR)
Funding ID 746667 - AF-Cyber 
Organisation European Union 
Sector Public
Country European Union (EU)
Description PETRAS 1st Strategic Research Fund Call for Proposals
Amount £160,747 (GBP)
Funding ID SECRIS 
Organisation PETRAS 
Sector Public
Country United Kingdom
Start 02/2018 
End 02/2019
Description A*STAR 
Organisation Agency for Science, Technology and Research (A*STAR)
Department Institute of Infocomm (I2R)
Country Singapore 
Sector Academic/University 
PI Contribution Imperial has contributed with expertise on attack graph reasoning and IoT Security. Dr. Lupu is formally involved as a collaborator in one of A*STAR's projects funded by NRF.
Collaborator Contribution A*STAR has contributed with expertise in mobile security and network security
Impact Formal collaboration on funded projects.
Start Year 2016
Description BT 
Organisation Btexact Technologies Limited
Country United Kingdom 
Sector Private 
PI Contribution Imperial brought to this collaboration expertise on security in Cloud environments, attack graph generation and risk analysis using attack graphs as well as expertise on adoption of cloud services. We have analysed BT's cloud environment, ran experiments on their cloud environment, discussed with their technical experts and interviewed their commercial staff and collaborators.
Collaborator Contribution BT provided access to their technical staff, acess to their testbed and access to their commercial staff.
Impact Most of the outputs of the project including several papers submitted are attributable to this collaboration.
Start Year 2014
Description Pisa 
Organisation University of Pisa
Department Department of Computer Science
Country Italy 
Sector Academic/University 
PI Contribution This collaboration has led us to exchange expertise on attack graph analysis and models for total network defense. As a result of this collaboration Dr. Lupu has been involved in the PhD committee of Federico Tonelli at the University of Pisa.
Collaborator Contribution We have received useful comments and contributions from our collaborators on our work as well as insights into the benefits and limitations of related approaches to ours.
Impact Dr. Lupu has been involved in the PhD committee of Federico Tonelli at the University of Pisa.
Start Year 2015
Description Univ. of Cyprus 
Organisation University of Cyprus
Department Department of Computer Science
Country Cyprus 
Sector Academic/University 
PI Contribution The collaboration concerned the use of argumentation reasoning for cybersecurity. A number of applications were investigated including the application to data protection in cloud environment, distributed firewall configuration and attribution. Prof. Kakas contributed with expertise on argumentation reasoning as well as their GORGIAS tool for logic programming with priorities.
Collaborator Contribution Imperial Contributed with expertise on security and attack graph reasoning.
Impact One paper (see paper section) was published and others are in the process of being written up. A EU Marie-Curie Fellowship hosted at Imperial College was awarded to Dr. Karafili for use of argumentation towards automating attribution reasoning.
Start Year 2014
Description University of Crete 
Organisation Technical University of Crete
Country Greece 
Sector Academic/University 
PI Contribution Imperial brought to this collaboration expertise on cybersecurity and attack graph reasoning.
Collaborator Contribution The collaboration concerned the use of argumentation reasoning for data security and distributed firewalls configuration. Dr. Spanoudakis brought expertise on the use of argumentation and the use of the GORGIAS software.
Impact One paper has been published and others are in preparation. An EU Marie-Curie Fellowship was awarded to Dr Karafili as a direct result of this collaboration.
Start Year 2015
Description NAGGEN is a software tool for the generation and visualisation of Attack Graphs. 
Type Of Technology Software 
Year Produced 2016 
Impact The software allows the generation and visualisation of attack graphs. It was used within simulated test environments, real academic network environments and commercial testbed facilities. 
Description Business Reporter IT Security Hub Breakfast Briefing Future Trends in Cyber Security 
Form Of Engagement Activity A formal working group, expert panel or dialogue
Part Of Official Scheme? No
Geographic Reach National
Primary Audience Professional Practitioners
Results and Impact Invited participation to A Business Reporter/IT Security Hub Breakfast briefing on future trends in cyber security. The event was attended by practitioners from organisations covering a broad spectrum of industries.
Year(s) Of Engagement Activity 2016
Description Invited Presentation at COMIT Conference 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Industry/Business
Results and Impact Invited presentation to a broad audience covering cybersecurity risks to the built environment, research results and techniques which may be applicable.
Year(s) Of Engagement Activity 2016
Description Invited Talk CODEX "Top 50 Innovators from the Industries of the future" 
Form Of Engagement Activity A talk or presentation
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact This was an invited talk on the trustworthiness of cyber physical systems in a panel session on cyber security which also featured as speakers, Mikko Hypponen, Chief Research Officer, F-Secure, Andrew Rubin, CEO and Founder, Illumio, and Dave Palmer, Director of Technology, Darktrace. The talk and panel were recorded and CODEX plan to make them available on line. The event was intended to reach a broad audience of thought leaders including practitioners, academics, scientists and the general public.
Year(s) Of Engagement Activity 2017
Description Presentation and Participation at NATO IST-153 Workshop 
Form Of Engagement Activity Participation in an activity, workshop or similar
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Other audiences
Results and Impact Participation and presentation at NATO IST 153 Workshop on cyber-resilience. The event was attended by representatives from Universities, Companies and Defence research establishments across both US and Europe.
Year(s) Of Engagement Activity 2017