Academic Centre of Excellence in Cyber Security Research - University of Cambridge
Lead Research Organisation:
University of Cambridge
Department Name: Computer Science and Technology
Abstract
In the modern global society, everything is connected. Our communications, transport, finance, energy, commerce all rely on the continued availability of computers and networks. Ensuring the security of this critical infrastructure is a crucial priority for society.
By convening workshops in Cambridge and by attending relevant events elsewhere we will create further occasions for the cybersecurity academics to challenge the ideas of their peers and, beyond academia, to engage with the government and industry players whose assets are at stake.
By convening workshops in Cambridge and by attending relevant events elsewhere we will create further occasions for the cybersecurity academics to challenge the ideas of their peers and, beyond academia, to engage with the government and industry players whose assets are at stake.
Planned Impact
This is not directly research but rather a support activity consisting of communication, dissemination and networking.
Cybersecurity (or lack thereof) has wide-ranging implications, from national security to industrial espionage to security of critical infrastructure such as communications, transport, utilities and banking: the underlying research ultimately affects all members of society.
Our action will engage not only the academic community but also relevant stakeholders in government and industry, to ensure that the cybersecurity research carried out at the University of Cambridge's ACE-CSR continues to be relevant and connected to real-world needs, and that those in a position to benefit from this research have awareness of what is being done and have the opportunity to suggest further desirable developments.
Cybersecurity (or lack thereof) has wide-ranging implications, from national security to industrial espionage to security of critical infrastructure such as communications, transport, utilities and banking: the underlying research ultimately affects all members of society.
Our action will engage not only the academic community but also relevant stakeholders in government and industry, to ensure that the cybersecurity research carried out at the University of Cambridge's ACE-CSR continues to be relevant and connected to real-world needs, and that those in a position to benefit from this research have awareness of what is being done and have the opportunity to suggest further desirable developments.
People |
ORCID iD |
| Frank Stajano (Principal Investigator) |
| Description | Networking with other leading cybersecurity institutions in UK and abroad. This has resulted in additional grants to fund some very successful cyber security competitions and associated training, involving the other ACE-CSRs. We have also been involved in the creation of the International Cyber Security Centre of Excellence, led by Keio University in Tokyo, Japan and involving leading institutions originally from Japan, US, UK and now extending to Israel, Australia and beyond. |
| Exploitation Route | We have started two annual cyber security competition series that we hope will be long lived, the national "Inter-ACE" and the international "Cambridge 2 Cambridge" events. We have also launched a mailing list for job adverts for the ACE-CSRs. As a result of networking between ACE-CSRs we are now part of the newly formed Research Institute on hardware security, led by Queen's University Belfast. As a result of international networking, where contacts that would have happened anyway were nonetheless facilitated by the ACE-CSR brand, we are now part of the InterNational Cyber Security Centre of Excellence, led by Keio University. We hope the outcome of the networking will be further collaborations and joint projects. |
| Sectors | Creative Economy,Digital/Communication/Information Technologies (including Software),Education,Electronics,Financial Services, and Management Consultancy,Security and Diplomacy |
| URL | https://inter-ace.org |
| Description | Won one PhD scholarship award from GCHQ. Co-organized 3 workshops (2 in Japan and 1 in UK) to promote cybersecurity links between Japan and UK. Participated in a visit of UK academics to leading US universities about promoting entrepreneurship from academia. On invitation of the UK embassy in Japan and of Keio University, participated in several workshops in Japan, and met additional times in the UK with Japanese representatives, to help establish an International Cyber Security Centre of Excellence (INCS-CoE) between leading institutions in Japan, UK and US, of which the University of Cambridge is now a core member. Participated in the HutZero, ICURe, CSIT, ASI and CyLon business accelerators. Regularly participated in the annual ACE-CSR conference as delegates and presenters. Participated in various community-building cyber security initiatives from GCHQ, EPSRC, Royal Society, Digital Catapult, Foreign and Commonwealth Office, QUB CSIT and so forth. Co-founded an international cyber security competition with MIT (Cambridge2Cambridge) in 2015. Ran it once at MIT in 2016 and another time in Cambridge in 2017. This initiative is now growing to a worldwide competition involving also Japan, Israel, Australia and potentially other countries. Prof Stajano, co-founder, is on the steering committee. Founded a national cyber security competition, Inter-ACE to bring together the ACE-CSRs in 2016, and ran it in Cambridge for 3 years. Another university (Southampton) ran a similar initiative for 2019 and will continue to do so if they raise sufficient funding. |
| First Year Of Impact | 2015 |
| Sector | Creative Economy,Digital/Communication/Information Technologies (including Software),Education,Security and Diplomacy |
| Impact Types | Societal,Economic,Policy & public services |
| Description | Support for Cambridge2Cambridge 2016 |
| Amount | £135,877 (GBP) |
| Funding ID | RG80716 |
| Organisation | Cabinet Office |
| Sector | Public |
| Country | United Kingdom |
| Start | 12/2015 |
| End | 07/2017 |
| Description | Support for Cambridge2Cambridge 2017 |
| Amount | £77,500 (GBP) |
| Organisation | Cabinet Office |
| Sector | Public |
| Country | United Kingdom |
| Start | 02/2017 |
| End | 12/2017 |
| Description | Support for Inter-ACE 2017 |
| Amount | £227,832 (GBP) |
| Funding ID | Contract Ref: 4196768/ Cyber Funding RFA 15109 |
| Organisation | Government Communications Headquarters (GCHQ) |
| Sector | Public |
| Country | United Kingdom |
| Start | 10/2016 |
| End | 12/2017 |
| Description | Cambridge 2 Cambridge 2016 |
| Organisation | Massachusetts Institute of Technology |
| Country | United States |
| Sector | Academic/University |
| PI Contribution | We organized and ran a high profile cybersecurity challenge for students of MIT and the University of Cambridge, following an announcement of UK-US cooperation by David Cameron and Barack Obama in Jan 2015. |
| Collaborator Contribution | Hosting the event at MIT and fundraising from industry sponsors. |
| Impact | Establishing links between students and faculty at the two universities. Getting students engaged with cybersecurity. Getting industry interested in our students. |
| Start Year | 2015 |
| Description | Cambridge2Cambridge (C2C) Cyber Security Challenge 2016 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Undergraduate students |
| Results and Impact | As part of our collaboration with MIT described under "Collaborations and Partnerships", we co-organised a two-part international cyber security challenge between MIT's Computer Science and Artificial Intelligence Lab (CSAIL) and the University of Cambridge's Computer Laboratory. The competition that took place on 4-5 March 2016 featured a team-based 'capture-the-flag' style hackathon where students from both universities competed in a 24-hour session at CSAIL. |
| Year(s) Of Engagement Activity | 2016 |
| URL | https://cambridge2cambridge.csail.mit.edu/2016_event |
| Description | Inter-ACE Cyberchallenge 2016 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Undergraduate students |
| Results and Impact | We organised a hackathon event in March 2016 which was hosted by the University of Cambridge's Computer Laboratory, as well as Churchill College, and sponsored by Facebook. It brought together students from the UK's 13 Academic Centres of Excellence in Cyber Security Research (ACE-CSR). Students participated in a jeopardy-style "capture the flag" CTF competition. This was an inaugural event of a series which is planned to recur annually, which features a large trophy to be retained for the coming year by the winning institution. The event was pivotal in maintaining interaction between the ACE-CSRs, and inspiring students with an interest in cyber security to play their part in filling the looming skills gap in this sector. Following the day's competition, participants and their supervisors had the chance to network during a dinner at Churchill College. This event is quite impactful, being one of only very few occasions during the year that ACE-CSRs interact in this way. The Inter-ACE event is helping to forge a community between the ACE-CSRs. |
| Year(s) Of Engagement Activity | 2016 |
| URL | https://inter-ace.org |
| Description | Inter-ACE Cyberchallenge 2017 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Undergraduate students |
| Results and Impact | We are organising a hackathon event on 18 March 2017 which will be hosted by the University of Cambridge's Computer Laboratory, as well as Trinity College, and sponsored by Leidos and NCC Group. It will bring together students from the UK's 13 Academic Centres of Excellence in Cyber Security Research (ACE-CSR). Students will participate in a scenario-based "capture the flag" CTF competition. This will be the second time that the University of Cambridge has hosted this event (the first time being March 2016), which features a large trophy to be retained for the coming year by the winning institution. This event is pivotal in maintaining interaction between the ACE-CSRs, and inspiring students with an interest in cyber security to play their part in filling the looming skills gap in this sector. Following the day's competition, participants and their supervisors will have the chance to network during a dinner at Trinity College. This event is quite impactful, being one of only very few occasions during the year that ACE-CSRs interact in this way. It is already twice as big in its second year, suggesting that the heads of these institutions believe the event is certainly worthwhile and of benefit to students. The Inter-ACE event is helping to forge a community between the ACE-CSRs. |
| Year(s) Of Engagement Activity | 2017 |
| URL | https://inter-ace.org |
| Description | Inter-ACE run-up hackathon 2016 |
| Form Of Engagement Activity | Participation in an activity, workshop or similar |
| Part Of Official Scheme? | No |
| Geographic Reach | National |
| Primary Audience | Undergraduate students |
| Results and Impact | We organised a workshop in the run-up to the Inter-ACE 2017 Cyber Challenge event. This workshop was open to students from the 13 Academic Centres of Excellence in Cyber Security Research (ACE-CSR). This workshop focused on Linux binary reverse-engineering and exploitation, taking students from identifying and exploiting simple buffer overflows using classic "shell code", to defeating modern defences including non-executable stacks and address-space layout randomisation (ASLR) using Return Orientated Programming (ROP). The event was heavily subscribed, with more than 250 students in attendance. Following the event, a challenge problem was launched which required students to apply the skills they'd learned to deface a website by exploiting a setuid binary on the target system. To write a successful exploit, students needed to provide a working ROP chain which would overwrite a GOT entry and call a function from exec family in libc. Students from the University of Southampton achieved this goal in the first day the challenge was running, proving that they'd learned all the requisite skills during the preceding workshop. Students who attended this workshop will be well prepared for future capture the flag (CTF) competitions held between the ACE-CSRs. |
| Year(s) Of Engagement Activity | 2016 |