Academic Centre of Excellence in Cyber Security Research - University of Birmingham
Lead Research Organisation:
University of Birmingham
Department Name: School of Computer Science
Abstract
The computer security group at Birmingham has strengths in analysis and verification of systems, privacy and security, malware, intrusion detection, web security, botnets, and secure software engineering. Our ethos is to focus on problems that are important to society (this can include government and industry in particular). The proposal is for funding to allow us to complement our existing research base by hosting workshops and distinguished lectures in areas that will expand our competence.
Planned Impact
Impact for our existing research will be achieved by creating new routes for dissemination. The new routes are workshops and visits occasioned by the distinguished lectures. The quality of our research will be enhanced by these routes.
People |
ORCID iD |
Mark Ryan (Principal Investigator) |
Publications
Denzel M
(2016)
Smart-Guard: Defending User Input from Malware
Drager K
(2015)
Permissive Controller Synthesis for Probabilistic Systems
in Logical Methods in Computer Science
Dräger K
(2014)
Local abstraction refinement for probabilistic timed programs
in Theoretical Computer Science
Dürmuth M
(2016)
Side-Channel Attacks on Fingerprint Matching Algorithms
Eeles P
(2014)
Relating System Quality and Software Architecture
Elhabbash A
(2016)
Interaction-Awareness for Self-Adaptive Volunteer Computing
Elhabbash A
(2014)
A Utility Model for Volunteered Service Composition
Title | Cyber security awareness month campaign |
Description | Video produced for a social media campaign for cyber security awareness month. |
Type Of Art | Film/Video/Animation |
Year Produced | 2019 |
Impact | Increased engagement and awareness. |
URL | https://www.youtube.com/watch?v=lWRT_TnEQdM |
Title | Video Animation |
Description | A video animation showcasing the findings of our research and its impact on industry. |
Type Of Art | Film/Video/Animation |
Year Produced | 2019 |
Impact | Was used in business engagement events and social media to attract industry collaboration. |
URL | https://www.youtube.com/watch?v=N2gHjZcj2wc |
Description | This project did not (and was not intended to) fund any research directly. It was intended to fund the growth and development of our research group, and it achieved this in several ways. It allowed us to employ a manager for the group for a limited period. It funded our seminars, in which we invite visitors to come and present their work, and our visits to other UK universities. It allowed industry-focussed dissemination of our work. |
Exploitation Route | This project did not (and was not intended to) fund any research directly. |
Sectors | Digital/Communication/Information Technologies (including Software) Electronics |
Description | The project doesn't support research directly, but supports the development of our ACE-CSR. The funding has facilitated, among other activities, an ongoing Security Seminar Series with invited speakers. This includes academics from other ACE-CSRs, academics from other institutions both in the UK and internationally, as well as researchers from industry. The series included a Distinguished Seminar by Adrien Perrig (ETH Zurich). Further expansion of the group has led to influence on policy (including submissions to UK and Welsh Parliament), education (in practice as a research topic) and industry (through further projects, collaborations and impact). The ACE-CSR recognition has recently been renewed following submission of further evidence and internally the University has supported the establishing of a Centre for Cyber Security and Privacy to promote interdisciplinarity and enhance opportunities for engagement and impact. |
Description | Automated Protocol Learning and Vulnerability Detection for TLS, WPA and IoT Protocols |
Amount | £117,514 (GBP) |
Organisation | Government Communications Headquarters (GCHQ) |
Sector | Public |
Country | United Kingdom |
Start | 09/2016 |
End | 03/2020 |
Description | DIF |
Amount | £1,950,000 (GBP) |
Organisation | University of Birmingham |
Sector | Academic/University |
Country | United Kingdom |
Start | 08/2015 |
End | 08/2023 |
Description | GCHQ Small Grant |
Amount | £25,392 (GBP) |
Organisation | Government Communications Headquarters (GCHQ) |
Sector | Public |
Country | United Kingdom |
Start | 07/2016 |
End | 04/2017 |
Description | GCHQ Small Grants (2015-2016) |
Amount | £48,927 (GBP) |
Organisation | Government Communications Headquarters (GCHQ) |
Sector | Public |
Country | United Kingdom |
Start | 02/2016 |
End | 04/2016 |
Description | GCHQ equipment funding |
Amount | £150,000 (GBP) |
Organisation | Government Communications Headquarters (GCHQ) |
Sector | Public |
Country | United Kingdom |
Start | 03/2014 |
End | 03/2014 |
Description | IOTEE: Securing and analysing trusted execution beyond the CPU |
Amount | £448,286 (GBP) |
Funding ID | EP/X03738X/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 08/2023 |
End | 08/2026 |
Description | OpenHaven |
Amount | £116,000 (GBP) |
Organisation | Government Communications Headquarters (GCHQ) |
Sector | Public |
Country | United Kingdom |
Start | 09/2015 |
End | 09/2018 |
Title | StatVerif |
Description | A software tool to verify the security properties of protocols. |
Type Of Material | Improvements to research infrastructure |
Year Produced | 2014 |
Provided To Others? | Yes |
Impact | Take up by other researchers |
URL | https://sec.cs.bham.ac.uk/research/StatVerif/ |
Description | |
Organisation | |
Country | United States |
Sector | Private |
PI Contribution | Collaboration of certificate management |
Collaborator Contribution | Collaboration of certificate management |
Impact | Discussion and meetings |
Start Year | 2010 |
Description | Google Asylo |
Organisation | |
Department | Research at Google |
Country | United States |
Sector | Private |
PI Contribution | Disclosed vulnerabilities. Found instances of the problematic [user_check] attribute that lacked proper pointer validation, leaving critical vulnerabilities in the compiled enclave |
Collaborator Contribution | - |
Impact | Improved security of products. |
Start Year | 2019 |
Description | INTEL-SA-00289 |
Organisation | Intel Corporation |
Department | Intel Corporation (UK) Ltd |
Country | United Kingdom |
Sector | Private |
PI Contribution | Vulnerabilities disclosed. CVE-2019-11157 |
Collaborator Contribution | They fixed the flaw in all Intel processors via a microcode update. |
Impact | Improved security of products. |
Start Year | 2019 |
Description | Intel SGX-SDK |
Organisation | Intel Corporation |
Department | Intel Corporation (UK) Ltd |
Country | United Kingdom |
Sector | Private |
PI Contribution | Disclosed vulnerabilities, CVE-2018-3626 and CVE-2019-14565. |
Collaborator Contribution | - |
Impact | Improved security of product. |
Start Year | 2019 |
Description | L-3 TRL |
Organisation | L3 TRL Technology |
Country | United Kingdom |
Sector | Private |
PI Contribution | Collaboration on Secure Cloud-based Collaboration Platform |
Collaborator Contribution | Collaboration on Secure Cloud-based Collaboration Platform |
Impact | Discussion and meetings Ongoing research partnership Solutions for key management and data processing in the cloud |
Start Year | 2014 |
Description | Microsoft Open Enclave |
Organisation | Microsoft Research |
Department | Microsoft Research Cambridge |
Country | United Kingdom |
Sector | Private |
PI Contribution | Disclosed Vulnerabilities. CVE-2019-0876, CVE-2019-1369,and CVE-2019-1370. |
Collaborator Contribution | - |
Impact | Improved security of products. |
Start Year | 2019 |
Description | ACE-CSR #3 |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Awarded Academic Centre of Excellence in Cyber Security Research (ACE-CSR) status. |
Year(s) Of Engagement Activity | 2024 |
Description | Article published in The Register |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published in The Register titled: Intel's SGX cloud-server security defeated by $30 chip, electrical shenanigans |
Year(s) Of Engagement Activity | 2020 |
URL | https://www.theregister.com/2020/11/14/intel_sgx_physical_security/ |
Description | Cutting Through the Complexity of Reverse Engineering Embedded Devices |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Presentation of our paper "Cutting Through the Complexity of Reverse Engineering Embedded Devices" and the flagship annual Conference on Cryptographic Hardware and Embedded Systems (CHES). |
Year(s) Of Engagement Activity | 2021 |
URL | https://ches.iacr.org/2021/program.php |
Description | Delivered a Talk at HP Labs |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Co-I Ryan delivered a tutorial talk at HP Labs 22 October 2020, "Intro to Keystone (an enclave system for RISC-V)" |
Year(s) Of Engagement Activity | 2020 |
Description | Delivered a Talk at Huawei Security Advisory Board |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Co-I Ryan delivered a Talk at Huawei Security Advisory Board 27 November 2020, "An overview of hardware security anchors for IoT and embedded applications" |
Year(s) Of Engagement Activity | 2020 |
Description | Help Net Security Article |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published on Help Net Security titled: 'Researchers break Intel SGX by creating $30 device to control CPU voltage' |
Year(s) Of Engagement Activity | 2020 |
URL | https://www.helpnetsecurity.com/2020/11/16/break-intel-sgx/ |
Description | Phoronix Article |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published online in Phoronix titled ' VoltPillager: Researchers Compromise Intel SGX With Hardware-Based Undervolting Attack' |
Year(s) Of Engagement Activity | 2021 |
URL | https://www.phoronix.com/scan.php?page=news_item&px=VoltPillager-HW-Undervolt |
Description | Pint of Science Festival |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | Regional |
Primary Audience | Public/other audiences |
Results and Impact | Mark Ryan, along with colleagues Tom Chothia and Flavio Garcia, gave talks as part of the Pint of Science Festival. This international series of events offers the general public to engage with experts in scientific fields by attending talks, asking questions and entering discussion, within the informal setting of a bar or pub. The academics presented the findings of research with real-world impact to individual privacy that increased awareness and interest in the subject area. |
Year(s) Of Engagement Activity | 2015 |
URL | http://www.birmingham.ac.uk/university/colleges/eps/news/college/2015/04/Pint-of-Science-Festival-20... |
Description | Royal Society meeting |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | It was a high-profile meeting at the Royal Society entitled Security and Privacy in Society. The event hosts a unique combination of people from both the surveillance community and the privacy community. I am very pleased to have a stellar list of invitees, including Sir David Omand and Sir Francis Richards, both former directors of GCHQ, Rt. Hon. James Arbuthnot MP (Chairman of the Defence Select Committee), Julian Huppert MP, and Helen Goodman MP, and the privacy proponents Caspar Bowden, Charles Raab, and Bart Preneel. Yet others include Jean Jaques Quisquater, the journalists Ewen MacAskill (Guardian) and Gordon Corera (BBC). There will also be some senior current people from GCHQ. Support for further funding applications. |
Year(s) Of Engagement Activity | 2014 |
URL | http://www.cs.bham.ac.uk/research/groupings/security_and_privacy/royalsoc2014/ |