Academic Centre of Excellence in Cyber Security Research - University of Birmingham
Lead Research Organisation:
University of Birmingham
Department Name: School of Computer Science
Abstract
The University of Birmingham will continue to be acknowledged as an Academic Centre of Excellence in Cyber Security Research. This status builds upon the high quality research already taking place at the University. It will provide additional resources to support further activities for raising the profile of the research group and ensuring the effectiveness of its impact on the cyber security landscape in the UK and internationally.
Planned Impact
Impact for existing and future research will be achieved by creating new routes for dissemination. These methods for engagement include conferences, workshops, visits, and invited speakers at the seminar and distinguished lectures series. Additionally, the quality of our research will be enhanced by these routes and the facilitation of further connections in the field across academia, industry and government.
People |
ORCID iD |
Mark Ryan (Principal Investigator) |
Publications
Alder F
(2022)
Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments
in Digital Threats: Research and Practice
Alder F
(2020)
Faulty Point Unit: ABI Poisoning Attacks on Intel SGX
Alder, F.
(2020)
Faulty Point Unit: ABI Poisoning Attacks on Intel SGX
Alruhaily N
(2018)
Information Systems Security and Privacy
Balasch J
(2018)
Teaching HW/SW codesign with a Zynq ARM/FPGA SoC
Bhattacharyya R
(2023)
Subversion Resilient Hashing: Efficient Constructions and Modular Proofs for Crooked Indifferentiability
in IEEE Transactions on Information Theory
Buyya R
(2018)
A Manifesto for Future Generation Cloud Computing Research Directions for the Next Decade
in ACM Computing Surveys
Carvalho Pinto E
(2018)
Better path-finding algorithms in LPS Ramanujan graphs
in Journal of Mathematical Cryptology
Chen T
(2018)
FEMOSAA Feature-Guided and Knee-Driven Multi-Objective Optimization for Self-Adaptive Software
in ACM Transactions on Software Engineering and Methodology
Chen T
(2017)
Self-Adaptive Trade-off Decision Making for Autoscaling Cloud-Based Services
in IEEE Transactions on Services Computing
Chen T
(2017)
Self-Adaptive and Online QoS Modeling for Cloud-Based Software Services
in IEEE Transactions on Software Engineering
Chen Z
(2023)
PMFault: Faulting and Bricking Server CPUs through Management Interfaces: Or: A Modern Example of Halt and Catch Fire
in IACR Transactions on Cryptographic Hardware and Embedded Systems
Chen Z
(2023)
PMFault: Faulting and Bricking Server CPUs through Management Interfaces Or: A Modern Example of Halt and Catch Fire
in IACR Transactions on Cryptographic Hardware and Embedded Systems
Chen Z.
(2021)
VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface
in Proceedings of the 30th USENIX Security Symposium
Cheng Z
(2023)
Watching your call: Breaking VoLTE Privacy in LTE/5G Networks
in Proceedings on Privacy Enhancing Technologies
Cheval V
(2023)
Automatic verification of transparency protocols
Title | Cyber security awareness month campaign |
Description | Social Media campaign for Cyber security awareness month |
Type Of Art | Film/Video/Animation |
Year Produced | 2019 |
Impact | Increased engagement and awareness online. |
URL | https://www.youtube.com/watch?v=defYa77Dw8w |
Title | Cyber security awareness month campaign |
Description | Video produced for a social media campaign for cyber security awareness month. |
Type Of Art | Film/Video/Animation |
Year Produced | 2019 |
Impact | Increased engagement and awareness. |
URL | https://www.youtube.com/watch?v=lWRT_TnEQdM |
Title | Launch Event Video |
Description | Summary video of the launch event that captures the aim of the event and the main guests/speakers present. |
Type Of Art | Film/Video/Animation |
Year Produced | 2019 |
Impact | This video has been used to promote collaborations with other partners through social media. |
URL | https://www.youtube.com/watch?v=3daFpdrkiow&feature=emb_title |
Title | Quest video campaign |
Description | A video produced for the University's quest campaign |
Type Of Art | Film/Video/Animation |
Year Produced | 2019 |
Impact | Video features researchers from the Centre for Cyber Security and Privacy talking about: How can we stay safe from hackers in the era of 'smart products'? |
URL | https://www.youtube.com/watch?v=PDCCNuAjW5s&t= |
Title | Video Animation |
Description | A video animation showcasing the findings of our research and its impact on industry. |
Type Of Art | Film/Video/Animation |
Year Produced | 2019 |
Impact | Was used in business engagement events and social media to attract industry collaboration. |
URL | https://www.youtube.com/watch?v=N2gHjZcj2wc |
Description | This project did not (and was not intended to) fund any research directly. It was intended to fund the growth and development of our research group, and it achieved this in several ways. It allowed us to employ a manager for the group for a limited period. It funded our seminars, in which we invite visitors to come and present their work, and our visits to other UK universities. It allowed industry-focussed dissemination of our work. |
Exploitation Route | This project did not (and was not intended to) fund any research directly. |
Sectors | Digital/Communication/Information Technologies (including Software) Electronics |
Description | The project doesn't support research directly, but supports the development of our ACE-CSR. The funding has facilitated, among other activities, an ongoing Security Seminar Series with invited speakers. This includes academics from other ACE-CSRs, academics from other institutions both in the UK and internationally, as well as researchers from industry. The ACE-CSR recognition has recently been renewed following submission of further evidence and internally the University has supported the establishing of a Centre for Cyber Security and Privacy to promote interdisciplinarity and enhance opportunities for engagement and impact. We have also contributed to various public fora, such as the New Statesman review of cyber security, and the British Science Festival, and Pint of Science. |
Description | (FutureTPM) - Future Proofing the Connected World: A Quantum-Resistant Trusted Platform Module |
Amount | € 4,868,890 (EUR) |
Funding ID | 779391 |
Organisation | European Commission |
Sector | Public |
Country | European Union (EU) |
Start | 01/2018 |
End | 12/2020 |
Description | Accelerating RNS-CKKS Homomorphic Encryption Scheme On CPU-FPGA Heterogeneous Platforms |
Amount | £437,562 (GBP) |
Organisation | Samsung |
Sector | Private |
Country | Korea, Republic of |
Start | 03/2020 |
End | 11/2020 |
Description | CAP-TEE: Capability Architectures for Trusted Execution |
Amount | £1,000,206 (GBP) |
Funding ID | EP/V000454/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 07/2020 |
End | 06/2024 |
Description | IOTEE: Securing and analysing trusted execution beyond the CPU |
Amount | £448,286 (GBP) |
Funding ID | EP/X03738X/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 08/2023 |
End | 08/2026 |
Description | Isogeny-based cryptography: from theory to practice |
Amount | £327,745 (GBP) |
Funding ID | EP/S01361X/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 03/2019 |
End | 09/2022 |
Description | SCAvenger - Attacking Machine Learning with Side Channel Attacks |
Amount | £54,000 (GBP) |
Organisation | Intel Corporation |
Sector | Private |
Country | United States |
Start | 02/2021 |
End | 02/2023 |
Description | SIPP - Secure IoT Processor Platform with Remote Attestation |
Amount | £1,294,888 (GBP) |
Funding ID | EP/S030867/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 12/2019 |
End | 08/2023 |
Description | User-controlled hardware security anchors: evaluation and designs |
Amount | £486,082 (GBP) |
Funding ID | EP/R012598/1 |
Organisation | Engineering and Physical Sciences Research Council (EPSRC) |
Sector | Public |
Country | United Kingdom |
Start | 02/2018 |
End | 01/2024 |
Title | StatVerif |
Description | A software tool to verify the security properties of protocols. |
Type Of Material | Improvements to research infrastructure |
Year Produced | 2014 |
Provided To Others? | Yes |
Impact | Take up by other researchers |
URL | https://sec.cs.bham.ac.uk/research/StatVerif/ |
Description | Google Asylo |
Organisation | |
Department | Research at Google |
Country | United States |
Sector | Private |
PI Contribution | Disclosed vulnerabilities. Found instances of the problematic [user_check] attribute that lacked proper pointer validation, leaving critical vulnerabilities in the compiled enclave |
Collaborator Contribution | - |
Impact | Improved security of products. |
Start Year | 2019 |
Description | INTEL-SA-00289 |
Organisation | Intel Corporation |
Department | Intel Corporation (UK) Ltd |
Country | United Kingdom |
Sector | Private |
PI Contribution | Vulnerabilities disclosed. CVE-2019-11157 |
Collaborator Contribution | They fixed the flaw in all Intel processors via a microcode update. |
Impact | Improved security of products. |
Start Year | 2019 |
Description | Intel SGX-SDK |
Organisation | Intel Corporation |
Department | Intel Corporation (UK) Ltd |
Country | United Kingdom |
Sector | Private |
PI Contribution | Disclosed vulnerabilities, CVE-2018-3626 and CVE-2019-14565. |
Collaborator Contribution | - |
Impact | Improved security of product. |
Start Year | 2019 |
Description | L-3 TRL |
Organisation | L3 TRL Technology |
Country | United Kingdom |
Sector | Private |
PI Contribution | Collaboration on Secure Cloud-based Collaboration Platform |
Collaborator Contribution | Collaboration on Secure Cloud-based Collaboration Platform |
Impact | Discussion and meetings Ongoing research partnership Solutions for key management and data processing in the cloud |
Start Year | 2014 |
Description | Microsoft Open Enclave |
Organisation | Microsoft Research |
Department | Microsoft Research Cambridge |
Country | United Kingdom |
Sector | Private |
PI Contribution | Disclosed Vulnerabilities. CVE-2019-0876, CVE-2019-1369,and CVE-2019-1370. |
Collaborator Contribution | - |
Impact | Improved security of products. |
Start Year | 2019 |
Description | ACE-CSR #3 |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Awarded Academic Centre of Excellence in Cyber Security Research (ACE-CSR) status. |
Year(s) Of Engagement Activity | 2024 |
Description | Article published in The Register |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published in The Register titled: Intel's SGX cloud-server security defeated by $30 chip, electrical shenanigans |
Year(s) Of Engagement Activity | 2020 |
URL | https://www.theregister.com/2020/11/14/intel_sgx_physical_security/ |
Description | Centre Launch Event |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | The University of Birmingham brought together experts in cyber security and privacy to learn from each other and work on solutions to a range of challenges, including protecting essential systems from cyber-attacks and preserving our privacy in a world of quantum computing. The event featured expert speakers from academia, industry and government, who spoke on the thematic areas of infrastructure and embedded systems, post-quantum cryptography, the changing nature of security and privacy in society and the cyber security skills gap. |
Year(s) Of Engagement Activity | 2019 |
URL | https://www.birmingham.ac.uk/research/centre-for-cyber-security-and-privacy/news/2019/new-centre-for... |
Description | Cutting Through the Complexity of Reverse Engineering Embedded Devices |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Presentation of our paper "Cutting Through the Complexity of Reverse Engineering Embedded Devices" and the flagship annual Conference on Cryptographic Hardware and Embedded Systems (CHES). |
Year(s) Of Engagement Activity | 2021 |
URL | https://ches.iacr.org/2021/program.php |
Description | Delivered a Talk at HP Labs |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Professional Practitioners |
Results and Impact | Co-I Ryan delivered a tutorial talk at HP Labs 22 October 2020, "Intro to Keystone (an enclave system for RISC-V)" |
Year(s) Of Engagement Activity | 2020 |
Description | Delivered a Talk at Huawei Security Advisory Board |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Co-I Ryan delivered a Talk at Huawei Security Advisory Board 27 November 2020, "An overview of hardware security anchors for IoT and embedded applications" |
Year(s) Of Engagement Activity | 2020 |
Description | Help Net Security Article |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published on Help Net Security titled: 'Researchers break Intel SGX by creating $30 device to control CPU voltage' |
Year(s) Of Engagement Activity | 2020 |
URL | https://www.helpnetsecurity.com/2020/11/16/break-intel-sgx/ |
Description | Interviewed for article featured in the Chronicles of Higher Education |
Form Of Engagement Activity | A press release, press conference or response to a media enquiry/interview |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | changing perception of offensive cyber research and demonstrating its benefits to industry. |
Year(s) Of Engagement Activity | 2019 |
URL | https://www.chronicle.com/paid-article/Hack-ademics-prepare-us/291 |
Description | Phoronix Article |
Form Of Engagement Activity | A magazine, newsletter or online publication |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Media (as a channel to the public) |
Results and Impact | Article published online in Phoronix titled ' VoltPillager: Researchers Compromise Intel SGX With Hardware-Based Undervolting Attack' |
Year(s) Of Engagement Activity | 2021 |
URL | https://www.phoronix.com/scan.php?page=news_item&px=VoltPillager-HW-Undervolt |
Description | invited talk at STW'2021 |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Ryan had an invited talk at STW'2021 (Huawei Security and Technology Workshop, October 2021). |
Year(s) Of Engagement Activity | 2021 |
Description | invited talk at the Shonan seminar |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Ryan gave an invited talk called "Hardware technologies for making privacy violations transparent and accountable" at the Shonan seminar (Japan) on the theme of "Biggest failures in privacy" on 28 Sept. |
Year(s) Of Engagement Activity | 2021 |
Description | invited talk at workshop on the Security of Software / Hardware Interfaces (SILM 2021) |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Garcia gave an invited talk on the hardware attack aspects of our work: "Plundering and Pillaging with Voltage: Software and Hardware-based Fault-injection Attacks against SGX", 3rd edition of workshop on the Security of Software / Hardware Interfaces (SILM 2021). Co-located with EuroS&P. |
Year(s) Of Engagement Activity | 2021 |
Description | keynote talk at 14th International Conference on Security for Information Technology and Communications |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Ryan gave a keynote talk at 14th International Conference on Security for Information Technology and Communications |
Year(s) Of Engagement Activity | 2021 |
Description | panel member to "Cyber Security, Fraud & Human Error" (part of a civil servants' conference on public sector cyber security) |
Form Of Engagement Activity | A formal working group, expert panel or dialogue |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Policymakers/politicians |
Results and Impact | Ryan was invited as panel member to "Cyber Security, Fraud & Human Error" (part of a civil servants' conference on public sector cyber security, 300 delegates), December 2021. |
Year(s) Of Engagement Activity | 2021 |
Description | showcase for National Cyber Strategy 2022 |
Form Of Engagement Activity | Participation in an activity, workshop or similar |
Part Of Official Scheme? | No |
Geographic Reach | National |
Primary Audience | Industry/Business |
Results and Impact | Oswald and other project members (virtually) attended the National Cyber Strategy 2022 on Wednesday 15 December. We had prepared a CAP-TEE showcase for the in-person event, but due to the Covid situation the event was made virtually at short notice. |
Year(s) Of Engagement Activity | 2021 |
Description | talk at hardwear.io |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Professional Practitioners |
Results and Impact | Future CAP-TEE / DsbDtech contributions to TEE security and work around hardware undervolting highlighted in Oswald's talks at hardwear.io |
Year(s) Of Engagement Activity | 2021 |
Description | virtual seminar talk at Infineon |
Form Of Engagement Activity | A talk or presentation |
Part Of Official Scheme? | No |
Geographic Reach | International |
Primary Audience | Industry/Business |
Results and Impact | Oswald gave a virtual seminar talk at Infineon, relating to fault injection and the hardware attack aspects of the project. |
Year(s) Of Engagement Activity | 2021 |