Oxford University Centre for Doctoral Training in Cyber Security
Lead Research Organisation:
University of Oxford
Department Name: Computer Science
Abstract
The great majority of the CDT's research will fit into the four themes listed below, whether focussed upon application domains or on underpinning research challenges. These represent both notable application areas and emerging cyber security goals, and taken together cover some of the most pressing cyber security challenges our society faces today.
1. Security of 'Big Data' covers the acquisition, management, and exploitation of data in a wide variety of contexts. Security and privacy concerns often arise here - and may conflict with each other - together with issues for public policy and economic concerns. Not only must emerging security challenges be ad-dressed, new potential attack vectors arising from the volume and form of the data, such as enhanced risks of de-anonymisation, must be anticipated - having regard to major technical and design challenges. A major application area for this research is in medical re-search, as the formerly expected boundaries between public data, research, and clinical contexts crumble: in the handling of genomic data, autonomous data collection, and the co-management of personal health data.
2. Cyber-Physical Security considers the integration and interaction of digital and physical environments, and their emergent security properties; particularly relating to sensors, mobile devices, the internet of things, and smart power grids. In this way, we augment conventional security with physical information such as location and time, enabling novel security models. Applications arise in critical infrastructure monitoring, transportation, and assisted living.
3. Effective Systems Verification and Assurance. At its heart, this theme draws on Oxford's longstanding strength in formal methods for modelling and abstraction applied to hardware and software verification, proof of security, and protocol verification. It must al-so address issues in procurement and supply chain management, as well as criminology and malware analysis, high-assurance systems, and systems architectures.
4. Real-Time Security arises in both user-facing and network-facing tools. Continuous authentication, based on user behaviour, can be less intrusive and more effective than commonplace one-time authentication methods. Evolving access control allows decisions to be made based on past behaviour instead of a static policy. Effective use of visual analytics and machine learning can enhance these approaches, and apply to network security management, anomaly detection, and dynamic reconfiguration. These pieces con-tribute in various ways to an integrated goal of situational awareness.
These themes link to many existing research strengths of the University, and extend their horizon into areas where technology is rapidly emerging and raising pressing cyber security concerns. The proposal has strong support from a broad sweep of relevant industry sectors, evidenced by letters of support attached from HP Labs, Sophos, Nokia, Barclays, Citrix, Intel, IBM, Microsoft UK, Lockheed Martin, Thales, and the Malvern Cyber Security Cluster of SMEs.
1. Security of 'Big Data' covers the acquisition, management, and exploitation of data in a wide variety of contexts. Security and privacy concerns often arise here - and may conflict with each other - together with issues for public policy and economic concerns. Not only must emerging security challenges be ad-dressed, new potential attack vectors arising from the volume and form of the data, such as enhanced risks of de-anonymisation, must be anticipated - having regard to major technical and design challenges. A major application area for this research is in medical re-search, as the formerly expected boundaries between public data, research, and clinical contexts crumble: in the handling of genomic data, autonomous data collection, and the co-management of personal health data.
2. Cyber-Physical Security considers the integration and interaction of digital and physical environments, and their emergent security properties; particularly relating to sensors, mobile devices, the internet of things, and smart power grids. In this way, we augment conventional security with physical information such as location and time, enabling novel security models. Applications arise in critical infrastructure monitoring, transportation, and assisted living.
3. Effective Systems Verification and Assurance. At its heart, this theme draws on Oxford's longstanding strength in formal methods for modelling and abstraction applied to hardware and software verification, proof of security, and protocol verification. It must al-so address issues in procurement and supply chain management, as well as criminology and malware analysis, high-assurance systems, and systems architectures.
4. Real-Time Security arises in both user-facing and network-facing tools. Continuous authentication, based on user behaviour, can be less intrusive and more effective than commonplace one-time authentication methods. Evolving access control allows decisions to be made based on past behaviour instead of a static policy. Effective use of visual analytics and machine learning can enhance these approaches, and apply to network security management, anomaly detection, and dynamic reconfiguration. These pieces con-tribute in various ways to an integrated goal of situational awareness.
These themes link to many existing research strengths of the University, and extend their horizon into areas where technology is rapidly emerging and raising pressing cyber security concerns. The proposal has strong support from a broad sweep of relevant industry sectors, evidenced by letters of support attached from HP Labs, Sophos, Nokia, Barclays, Citrix, Intel, IBM, Microsoft UK, Lockheed Martin, Thales, and the Malvern Cyber Security Cluster of SMEs.
Planned Impact
It is part of the nature of Cyber Security - and a key reason for the urgency in developing new research approaches - that it now is a concern of every section of society, and so the successful CDT will have a very broad impact indeed. We will ensure impact for:
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
* The IT industry; vendors of hardware and software, and within this the IT Security industry;
* High value/high assurance sectors such as banking, bio-medical domains, and critical infrastructure, and more generally the CISO community across many industries;
* The mobile systems community, mobile service providers, handset and platform manufacturers, those developing the technologies of the internet of things, and smart cities;
* Defence sector, MoD/DSTL in particular, defence contractors, and the intelligence community;
* The public sector more generally, in its own activities and in increasingly important electronic engagement with the citizen;
* The not-for-profit sector, education, charities, and NGOs - many of whom work in highly contended contexts, but do not always have access to high-grade cyber defensive skills.
Impact in each of these will be achieved in fresh elaborations of threat and risk models; by developing new fundamental design approaches; through new methods of evaluation, incorporating usability criteria, privacy, and other societal concerns; and by developing prototype and proof-of-concept solutions exhibiting these characteristics. These impacts will retain focus through the way that the educational and research programme is structured - so that the academic and theoretical components are directed towards practical and anticipated problems motivated by the sectors listed here.
Organisations
- University of Oxford (Lead Research Organisation)
- Nokia (Finland) (Project Partner)
- Lockheed Martin (United Kingdom) (Project Partner)
- Hewlett-Packard (United Kingdom) (Project Partner)
- Sophos Group (United Kingdom) (Project Partner)
- Barclays (United Kingdom) (Project Partner)
- Citrix (United Kingdom) (Project Partner)
- Microsoft (United Kingdom) (Project Partner)
- IBM (United Kingdom) (Project Partner)
- Thales (United Kingdom) (Project Partner)
- Malvern Cyber Security Cluster (Project Partner)
- Intel (United States) (Project Partner)
