Developing our capability in cyber security

Academic Centres of Excellence in Cyber Security Research

Updated July 2020 2 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 3 Contents Developing our knowledge and capability to secure cyber space

Ministerial Foreword: Jeremy Fleming, Director, GCHQ...... 3 Much has changed since the and recognition of the UK’s academic research first Academic Centres of excellence on an international stage. The ACE- Academic Centres of Excellence in Cyber Security Research...... 4 Excellence in Cyber Security CSR universities are testament to what can be Key areas of expertise and specialism...... 5 Research (ACE-CSR) call was achieved when the public, private and academic launched in late 2011. The UK’s sectors unite to achieve a common goal. It is University of Birmingham...... 8 first National Cyber Security this sense of innovation, enthusiasm, shared Strategy was in its infancy; endeavour and deep expertise which is the University of Bristol...... 10 the concept of a National Cyber Security Centre hallmark of the ACE-CSR community. (NCSC) had not even been conceived, and cyber University of Cambridge...... 12 security research in UK universities was often I would like to thank colleagues in the NCSC Cardiff University...... 14 fragmented along the fault lines of academic and our partners in the Engineering and Physical disciplines. Sciences Research Council (EPSRC) for their De Montfort University...... 16 collaboration and leadership in this space. I am Fast forward to 2020, two successive Cyber grateful to industry leaders who continue to look University of Edinburgh...... 18 Security Strategies and a decade of sustained for ways to harness academic research, support government investment have seen the UK researchers and develop our research base. Imperial College London...... 20 develop into an international Cyber Power. And finally, I would like to thank and congratulate University of Kent...... 22 This has led to enormous advances in the the Vice Chancellors and their senior leaders for nation’s ability to benefit from the opportunities their continued investment in and support of the King’s College London...... 24 of new technologies and in keeping its citizens ACEs-CSR within their universities, as well as all safe online. The NCSC has played a central role the academic and support staff for their ongoing University of Lancaster...... 26 in that and is now a thriving organisation, with a dedication to this important discipline. broad customer base and a record of innovative Newcastle University...... 28 ways of working, backed by deep expertise. The challenges facing us are immense, Northumbria University...... 30 but the excellence demonstrated by the ACE- In 2012, an initial group of eight universities CSR universities gives me confidence we are in University of Oxford...... 32 were recognised as Academic Centres of a strong position to build on the success to date Excellence in Cyber Security Research. and cement the UK’s position as a world leader Queen’s University Belfast...... 34 This has now grown to an active community in creating a safe, resilient and prosperous of 19 universities encompassing hundreds of cyber nation. Royal Holloway, University of London...... 36 academics and spanning disciplines as diverse University of Southampton...... 38 as computer science, engineering, psychology, sociology, maths, law and humanities. University of Surrey...... 40 The impact of their work has been far-reaching: University College London...... 42 from expert academic input to government policy, to training the next generation of University of Warwick...... 44 Jeremy Fleming, researchers through vibrant Doctoral training Director GCHQ Contact Address Book...... 47 programmes; from the establishment of mutually beneficial partnerships between ACEs-CSR Glossary of terms...... 51 and private sector companies, to the promotion 4 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 5 Academic Centres of Key areas of expertise Excellence in Cyber and specialism Security Research Page Name of centre Key Areas of expertise/specialism

08 - 09 University of Birmingham • Design of secure systems • Security of embedded systems Academic Centres of Excellence in Cyber Developing our capability in • Cloud computing security • Privacy technologies for individuals Security Research (ACEs–CSR) have been cyber security • Network security and malware part of the UK Government’s National Cyber • Analysis and verification of systems Security Strategies since 2011 and continue By recognising the ACEs-CSR, the UK 10 - 11 University of Bristol • Cryptography to play a key role in helping Government make Government aims to: • Cyber-Physical Systems • Human Factors the UK secure and resilient in cyberspace. • Adversarial Behaviours • Enhance the quality and scale of academic • Privacy & Online Rights The ACEs–CSR are based at UK universities cyber security research and postgraduate • Network Security • Software Security which have been recognised as having an training undertaken in the UK. • Secure Software Lifecycle established critical mass and pedigree of good • Hardware Security quality cyber security research. The initiative • Make it easier for potential users of research • Risk Management & Governance is led by the National Cyber Security Centre to identify the best cyber security research 12 - 13 University of Cambridge • Socio-technical security, including human factors, user authentication, education (NCSC), which is a part of GCHQ and is the UK’s and postgraduate training that the UK has • Hardware security and anti-tampering Technical Authority for cyber security, and the to offer. • Network and operating system security Engineering and Physical Sciences Research • Strategic technologies including processors, architectures, compilers, operating systems Council (EPSRC), which is a part of UK Research • Develop a shared vision and objectives • Methodologies including static and dynamic analysis and Innovation (UKRI). among all those involved in cyber security • Cybercrime, frauds and phishing • Privacy and anonymisation research in the UK. • Compromising electromagnetic emanations From small beginnings, the community of ACEs- 14 - 15 Cardiff University • Artificial Intelligence-driven Security Operations CSR has grown to 19 universities which regularly • Showcase UK academia’s internationally- & Incident Management meet, hold conferences, collaborate, challenge leading research expertise. • Malware & Attack Technologies • Risk Management & Governance and support one another. In partnership with • Human Factors – susceptibility, individual differences and public and private sector organisations, our aim This document contains details of all 19 organised cybercrime is to build and maintain a flourishing community ACEs–CSR and is intended to be a useful • Privacy and Online Rights • Web Security of commissioners, producers and consumers of reference guide to help stakeholders and • Network Security internationally-leading research where everyone potential customers understand the broad • Cyber-physical systems security and resilience works together for the common good. range of work happening in the centres. • Distributed systems security If you would like to discuss your research 16 - 17 De Montfort University • Cyber physical systems: Industrial control systems, autonomous systems needs or find out more about what is on offer, • Risk assessment please contact the centres directly. • Security operations and incident management • Privacy and online rights • Human factors • Formal methods

18 - 19 University of Edinburgh • Law & Regulation • Human Factors • Privacy & Online Rights • Malware & Attack Technologies • Cryptography • Formal Methods in Cyber Security • Operating Systems & Virtualisation Security • Software Security • Web & Mobile Security • Hardware Security • Physical Layer and Telecommunications Security • Cyber Security and AI 6 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 7

Page Name of centre Key Areas of expertise/specialism Page Name of centre Key Areas of expertise/specialism

20 - 21 Imperial College London • Software security and the use of formal methods for software and 40 - 41 University of Surrey • Cryptography and Formal Methods systems security • Distributed and Networked Systems • Security and Resilience of Cyber-Physical Systems • Network analysis, anomaly detection and security operations 42 - 43 University College London • Anonymous communications • Privacy • Cryptocurrencies and blockchains • Cryptography and cryptanalysis 22 - 23 University of Kent • Authentication and Authorisation • Cyber safety • Communication and Network Security • Economics of security • Security Testing and Verification • Ethical, legal, and policy aspects of security • Socio-technical Security • Network security • AI and Security (AI for security and security of AI) • Privacy-enhancing technologies • Digital Forensics and Online Harms • Program verification and analysis • Information Hiding • Security and privacy in Artificial Intelligence • Quantum Cyber Security • Security in ubiquitous computing • Software and systems security 24 - 25 King’s College London • AI Security and Privacy • Human-centred Security and Privacy 44 - 45 University of Warwick • Privacy and Online Rights • Security Verification and Testing • Cyber-physical systems security • National Cyber Security Policy • Authentication, Authorisation & Accountability • Cyber Deterrence and Defence • Risk Management and Governance • Distributed Systems Security 26 - 27 Lancaster University • Security of Large-Scale Networks: • Physical Layer Security and Telecommunications • Security of Cyber Physical Systems and Infrastructures: • New forms of Privacy and Identity: • Cyber Security Behaviours:

28 - 29 Newcastle University • Risk Management and Governance • Human factors • Privacy & Online Rights • Adversarial Behaviours • Cryptography • Distributed Systems Security • Authentication, Authorization & Accountability • Cyber-Physical Systems

30 - 31 Northumbria University • Human, Organisational and Regulatory Aspects • Network Security • Authentication, Authorisation and Accountability

32 - 33 University of Oxford • Analysis and verification of software and security protocols • Systems security; trustworthiness and usability • Inter-disciplinary cyber security, policy and governance

34 - 35 Queen’s University Belfast • Secure hardware and embedded systems • Post-quantum cryptography and advanced cryptography architectures • Security Intelligence - AI for cyber security and mobile security • Networked security systems • Analytics-based monitoring & forensics in new network architectures • Industrial Control Systems and Operational Technology security • Cyber security research translation, innovation, commercialisation and policy advisory

36 - 37 Royal Holloway, University of London • Cryptography • Social aspects of information security • Software and systems security • Trustworthy autonomous systems

38 - 39 University of Southampton • AI and ML based data analytics for cyberattack detection and defence, and malware analysis; • Analysis and design of trustworthy software; • Blockchain and Distributed Ledgers; • Cyber identity; • Cyber risk analysis; • Data privacy; • International cyber law; • Provenance, trust and data assurance • Safety-and-Security by Design; • Secure embedded systems; • Secure web technologies; • Security of cyber-physical systems and the Internet of Things; • Security of Critical Infrastructures, transport networks, automotive systems, and smart energy systems (smart home, smart building, smart grid, etc). 8 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 9

systems as a result of vulnerabilities identified Security of Machine learning: We are by our research. The flaws could have allowed evaluating machine learning algorithms that a suitably equipped car thief to either unlock a are driving many new technologies, such as car or disable its immobiliser and start the engine. home virtual assistant devices (e.g. Alexa and This research has led to the improvements in Siri), autonomous vehicles and robots, and are the cryptographic designs used in most building defences against attacks on these vehicle immobiliser and remote keyless entry devices that could compromise the safety of systems worldwide. their users.

Cloud Security: Our researchers are exploring Key areas of expertise and specialism mechanisms which would allow organisations • Design of secure systems to encrypt their data before it is hosted in • Security of embedded systems • Cloud computing security cloud-based storage systems. This would • Privacy technologies for individuals enable them to safeguard it from security threats • Network security and malware and breaches, using hardware roots of trust to • Analysis and verification of systems University of Birmingham allow the cloud to operate securely on data.

The School of Computer Science Electronic Voting: We are focusing on creating procedures that will detect potential fraud and coercion in future electronic voting Who we are We participate in global collaborations with systems to ensure they do not compromise national and international academic colleagues democratic processes. The University of Birmingham Academic and partners from across a range of businesses, Centre of Excellence in Cyber Security Research including Jaguar Land Rover, HP, Huawei, Yubico Industrial control systems: We are is comprised of 36 researchers: 15 academics, Inc., Security Innovation, Microsoft, IBM, Google, working alongside national organisations and four postdoctoral researchers and 17 PhD Deloitte, BT and the National Grid as well as industrial partners in the energy and railway students. It is also home to the UK’s only Cyber regional partners such as ZF TRW. sectors, to identify and eliminate points of cyber Security Research Chair (appointed by HP). attack and increase the security systems of We are dedicated to research that strengthens Our Work critical infrastructure. our security infrastructures, developing secure systems and protocols that safeguard and Our expertise lies within a broad range of Industrial Control and Railway Systems protect privacy. areas of computer security. We also have Security: We are working to assist industry in multidisciplinary expertise in areas such as law developing secure products and assuring the The Birmingham ACE-CSR is also home to a and ethics, behavioural science, and psychology. security of industrial supply chains, working in funded automotive security lab, which includes Through this holistic approach we have built an collaboration with the UK Rail Research and a 2015 Range Rover Evoque and security international reputation for our research. Innovation Network to secure railway assets. diagnostic equipment. In the last four years, Birmingham ACE-CSR has been awarded £5.2 Our research areas include: Internet of Things: We are examining the million in research funding from EPSRC, NCSC, issues of internet-enabled devices such as cars, EU Commission, HP and Samsung. We also Applied Cryptography: The Centre is thermostats, door locks, traffic lights, trains, have projects in two of the EPSRC-NCSC-funded developing cryptography techniques aimed at TVs and dialysis machines. This investigation Research Institutes: the Research Institute in securing vehicles, messaging apps and voting covers the architectures and systems through Trustworthy Interconnected Cyber-physical systems, as well as engaging in active research in which devices are accessed and information is Systems (RITICS), and the Research Institute methods for post-quantum cryptography. shared, as well as the analysis of vulnerabilities in Secure Hardware and Embedded Systems in specific devices. (RISE). Automotive Security: Together with industry leaders, we are improving the current and future Privacy for Society: We are developing systems What we do security of next generation electronic vehicles, which aim to offer privacy to individuals and allow which integrates wireless interferences to operate for the targeted investigations of criminals such We work in conjunction with a number of national immobilisers, wireless locks and GPS. Hundreds as terrorists, without breaching the privacy of the regulatory agencies, government departments, of millions of vehicles by 33 manufacturers that majority of members of society. funding bodies and initiatives such as Rail Safety cover more than 150 models made between and Standards Board, GCHQ, NCSC and DCMS. 2000 and 2017 have migrated to more secure 10 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 11

• A privacy-enhancing technologies testbed to Cyber Security Body of Knowledge (CyBOK): be developed as part of REPHRAIN, A major National Cyber Security Programme the National Research Centre on Privacy, project, aligning cyber security with established Harm Reduction and Adversarial Influence sciences by distilling knowledge from over 100 Online. internationally recognised experts, defining the field’s interdisciplinary foundations. CyBOK has Research in the CG is focused on supporting been designed to address the workforce gap the hard problems on which it is based, and the by informing and underpinning education and hardware and software needed to implement professional training for the cyber security secure systems. Research topics include sector, through a range of resources including foundational research and number theory; extensive knowledge areas and curriculum design and formal security analysis of mapping support for universities applying for cryptographic primitives, protocols, and NCSC Degree Certification. applications; cryptography implementation in hardware and software, and; traditionally Post-Quantum Cryptography: Quantum University of Bristol cryptanalytic and implementation-style attacks Computation represents an important long-term on cryptographic targets. threat to cryptography, where practical quantum Bristol Security Centre computers will render various existing designs Research in BCSG focuses on security (e.g. RSA) insecure. The development and and vulnerability analysis of cyber-physical deployment of post-quantum designs resilient to Who we are tackle the human and technological challenges to systems; software security research; human this threat is an ongoing challenge to which CG cyber security, with outputs in major security and and organisational factors; usable security contributes. The University of Bristol ACE-CSR is composed privacy, software engineering and human factors- and privacy; data science approaches to of the Bristol Cyber Security (BCSG) and focused conferences and journals. cybercriminal activities and countermeasures, High Assurance Cryptography: Cryptography Cryptography Groups (CG). Together, we including applications in key areas such as online is almost within the trusted computing base foster leading international and interdisciplinary Research in the CG spans theoretical and child protection, mitigating mass-marketing of a given system, meaning a demand for programmes of research. This work extends practical aspects of cryptography. This combined fraud, social engineering and disruption of online high levels of assurance about correctness through collaboration with the GCHQ-funded way of working has led to numerous advances cybercriminal structures. of associated implementations, as any Heilbronn Institute, Smart Internet Lab and that would not otherwise have been possible. incorrectness may degrade the level of security Schools of Management, Sociology, Law and Outputs span all venues of the International Our Work provided. It is attractive to prove that any security Psychology. The Centre plays a leading role Association of Cryptologic Research (IACR), assumptions made by design are supported by in several major initiatives including CyBOK, including ASIACRYPT, EUROCRYPT, and A few of our completed and active implementation. Innovations in proof techniques REPHRAIN, PETRAS, RISE, RISCS and RITICS, CRYPTO, as well as the sub-conferences projects include: and tools as well as the analysis of security and trains future cyber security leaders through CHES, FSE, PKC, and TCC. properties of the platforms (such as information its EPSRC Centre for Doctoral Training on Trust, Why Johnny doesn’t write secure software: leakage) on which implementations execute is Identity, Privacy and Security in Large-scale What we do A diverse range of people now develop software ongoing within CG’s research priorities. Infrastructures. for phones, websites and IoT devices used by A strong ethos of rigorous experimental and millions of people – previously the domain of Key areas of expertise and specialism Research is supported by UKRI (EPSRC, ESRC), empirical research underpins the Centre’s those with training. Little is currently known of • Cryptography the European Commission, and direct investment research focus. This is facilitated by two state-of- the security behaviours and decision-making • Cyber-Physical Systems • Human Factors from industry as well as government departments the-art research facilities: processes of Johnny – our pseudonym for • Adversarial Behaviours and organisations such as the National Cyber such a developer. This project develops an • Privacy & Online Rights Security Centre. • Critical National Infrastructures (CNI) Testbed: empirically grounded theory of secure software • Network Security • Software Security a class-leading cyber security testbed for development, focussing on vulnerabilities arising • Secure Software Lifecycle BCSG research addresses security and privacy studying CNI and IoT security, with a wide from Johnny’s mistakes, why these mistakes • Hardware Security • Risk Management & Governance in large hyper-connected infrastructures, with a variety of devices and components to model occur and how to mitigate them by promoting focus on three interlinked strands: cyber-physical a range of networks and deploy and test the secure behaviours. systems, especially critical national infrastructures effectiveness of security tools. and Internet of Things (IoT); software security; • Hardware Development and Analysis adversarial and non-adversarial behaviours Laboratory: supports work in the applied field pertaining to cyber security. The group is highly of cryptographic engineering. interdisciplinary, embedding computer scientists with behavioural, social and crime scientists to 12 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 13

information on criminal activity. We have built one Of the many Cambridge security projects that of the largest and most diverse data sets that any have had significant impact worldwide, one in organisation holds. We share this hard-to-obtain particular stands out as exceptional: CHERI, in data with other academics under a strong ethical development since 2010 in collaboration with and legal framework. SRI International and with support from DARPA. CHERI is a hardware-software-semantics We run outreach initiatives such as hacking co-design, providing a capability extension seminars and high-profile cyber security to RISC instruction set architectures. It offers competitions. We founded the international fine-grained memory safety all the way from Cambridge 2 Cambridge CTF competition in processor to compiler. 2015, in collaboration with MIT, and the national Inter-ACE CTF in 2016, as our contribution ARM, which makes the CPUs in 95% of the towards closing the skills gap in cyber by world’s smartphones, has adopted CHERI in raising a new generation of cyber defenders. its experimental Morello high-end superscalar C2C, renamed “Country to Country”, has now processor. In 2019, UKRI announced the £170M University of Cambridge expanded to four continents and we continue to Digital Security by Design programme to explore serve on its steering committee. potential applications of CHERI, which it funded Department of Computer Science and Technology in collaboration with ARM, Microsoft and Google. The entrepreneurial spirit of Cambridge academics and graduates has created hundreds Key areas of expertise and specialism Who we are “Without false modesty, few other academic of start-up companies, of which several are in the • Socio-technical security, including human factors, user institutions in the country, or in the whole of security space. authentication, education • Hardware security and anti-tampering The University of Cambridge ACE-CSR, Europe, have the mix of skills, knowledge and • Network and operating system security located at the Department of Computer Science creative people to pursue cyber security as a • Xensource, founded by former Computer • Strategic technologies including processors, and Technology, includes 12 staff members, systems problem as effectively as the University Lab staff, on whose Xen hypervisor now runs architectures, compilers, operating systems • Methodologies including static and dynamic analysis complemented by world-leading domain of Cambridge.” Amazon’s EC2 cloud (the world’s largest), • Cybercrime, frauds and phishing experts across the university, particularly in was acquired by Citrix for $500M in 2007. • Privacy and anonymisation • Compromising electromagnetic emanations the Judge Business School, the Engineering What we do • nCipher, a company founded by a Computer Department and the School of the Humanities Lab graduate that made cryptographic and Social Sciences. The University of Cambridge has been accelerators, was bought by Thales for responsible for world-leading work on digital $100M in 2008. Frank Stajano, Professor of Security and Privacy network protection since before the internet • Cronto, co-founded by an academic staff and Head of the Cambridge ACE-CSR, says: existed: it was at Cambridge, for example, that member of the Cambridge ACE-CSR, “Cyber security is a fundamental enabler of the the now universal practice of protecting the licenses its secure online banking device to digital society: our collective safety and wellbeing password file with hashing was first conceived major international banks and was acquired depends on it. Cyber is not a “feature” but a and deployed in 1966 and that the Needham- by VASCO for $20M in 2013. holistic emerging property of a complex system. Schroeder protocol, precursor to Kerberos and • Bromium, which provides endpoint security to the now ubiquitous Windows Active Directory, through virtualisation and was founded by “Our vision is that success in cyber security was invented. some of the original Cambridge founders of comes from addressing it as a systems issue. Xensource, was acquired by HP in 2019. Our strongest asset as a cyber security research Our recent and current work touches on areas of institution is our unique combination of depth great impact for society, such as securing global And, although not security-specific, we also and breadth: at Cambridge we benefit from a infrastructure and the building blocks of the digital created the Raspberry Pi – the most successful renowned core of systems security expertise world, and the interaction between people and British computer of all time, with over 30 million but, through the rest of the University, we have computers. units sold. Besides founding start-up companies, ready access to world-class experts from other Cambridge ACE-CSR members have attracted disciplines, ranging from risk management to Our Work very significant grants towards cyber security resilient systems and from socio-economics to research from both industry and government criminology and law. We founded the Cambridge Cybercrime Centre agencies, from UK and abroad. in 2015 as a multi-disciplinary initiative between We are therefore uniquely placed to critically computing, criminology and law. We leverage analyse and contribute to all aspects of the our neutral academic status to collect substantial cyber security problem. datasets on cybercrime and mine them for 14 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 15

Our Work role in understanding the goals and motivation of the originators of the cyber threat. An ongoing Some example projects from our research ESRC grant is enabling us to study a range of themes include: malicious human behaviours in the context of transnational organised crime, and to better Artificial Intelligence-driven Security understand how to propose online social network Operations & Incident Management: interventions to disrupt activity. Our research has led to the first machine learning models to predict cyber attacks on online social Privacy and Distributed Systems Security: networks and the desktop PCs you would see We provide solutions that extract use out of the in every home and office. Part-funded by an data that users consent to provide, or to protect EPSRC grant, and taken forward into industrial privacy as much as possible while guaranteeing applications with investment from Airbus, this a utility level. We are currently working on work has allowed us to make in-roads into protecting against sensitive disclosures from proactively blocking and preventing attacks, published machine learning models. Cardiff University rather than reacting and repairing. Funding The ongoing EPSRC PACE: Privacy-Aware from InnovateUK will enable us to enhance the Cloud Ecosystems project addresses security Centre for Cyber Security Research adoption of AI-driven cyber, by explaining how and privacy requirements of environments where AI has decided there is a malicious presence multiple cloud computing providers need to work on the network to security operations experts, collaboratively to offer services to a user. Who we are What we do and resilience to adversarial subversion of these methods, as well as changing malware Key areas of expertise and specialism With interdisciplinary expertise from computer Cardiff University is a leading UK academic behaviours over time. • Artificial Intelligence-driven Security Operations & science, psychology, criminology and research unit for cyber security analytics. We Incident Management • Malware & Attack Technologies international relations, the Cardiff University focus on the fusion of data science/analytics This work has also been tested in the context • Risk Management & Governance Centre for Cyber Security Research (CCSR) and artificial intelligence methods, with of IIoT devices and Industrial Control Systems • Human Factors – susceptibility, individual differences offers a holistic, integrated and theoretically interdisciplinary insights into cyber risk, threat – detecting indicators of compromise and and organised cybercrime • Privacy and Online Rights informed approach to human and technical intelligence, attack detection and situational modelling/mitigating the impact of attacks • Web Security cyber security. The Centre includes 18 awareness. Within this scope we have a through goal-oriented risk and process modelling, • Network Security • Cyber-physical systems security and resilience permanent academic staff and currently number of core research themes including: cyber incident-response, and lightweight security • Distributed systems security supports a further 33 researchers within its solutions. We have translated our research on postdoc and PhD community. • Artificial Intelligence-driven Security monitoring physical symptoms into a commercial Operations & Incident Management – early solution, supported by the CyberASAP scheme. In the last decade, the CCSR has received detection and automated responses to We lead the safety-critical systems theme in significant University backing to grow the core cyber attacks. PETRAS – the National Centre of Excellence for team, and has attracted over £10 million in • Risk Management & Governance – IoT Systems Cyber Security. external grant income from UKRI (including focusing on goal-oriented risk, process EPSRC, ESRC and InnovateUK), as well as and impact modelling, linked to data-driven Human Factors: Threats to cyber security often from industry partners. We work with local and intelligence. have techniques to exploit human susceptibility international collaborators across all sectors to • Human Factors – individuals’ susceptibility at their core. Our current projects include carry out research that tackles real challenges to attack, cognitive aspects, and organised developing a fundamental understanding of the and excites and inspires our next generation of cybercrime. role played by human cognition. For example, cybersecurity professionals. We host Airbus’ only • Cyber Physical Systems Security and perception, attention, memory, judgement, Centre of Excellence in Cyber Security Analytics. Resilience – detecting digital and physical and decision making is a critical first step in The CCSR leads an EPSRC Doctoral Training indicators of compromise and mitigating understanding points of weakness and of Partnership Hub in Cyber Security Analytics, attacks. suggesting ways to safeguard individuals, which develops skilled PhD students to research • Privacy and Distributed Systems Security companies and institutions. We conduct the applications and implications of new and – ensuring privacy by design, whether in laboratory and field-based human factors emerging technologies through the fusion of AI, machine learning-based systems, research, often in collaboration with key industry cybersecurity and risk, from both a human and or improving transparency and trust in partners, to tackle the increasing occurrence algorithmic perspective. distributed (e.g. Cloud) and autonomous of people falling victim to progressively (e.g. vehicular) systems. sophisticated cyber attack techniques. Individual and social cognition also plays a 16 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 17

which connects cyber investment to a Core members of the ACE-CSR also work cyber attack playing out in tandem. on distributed ledger technology and its cryptographic underpinnings, with applications An ongoing project looks at privacy risk and in authentication and electronic business. impact assessment, in collaboration with data protection professionals working across Key areas of expertise and specialism a wide variety of contexts. This has led to • Cyber physical systems: Industrial control systems, experimental research to measure privacy effects, autonomous systems • Risk assessment complementing earlier foundational research in • Security operations and incident management privacy metrics, including in smart cities and for • Privacy and online rights genomic data. Our research into human error in • Human factors • Formal methods cyber security has had notable impact in industry and healthcare.

We work in collaboration with academics in De Montfort University economics, criminology, law and psychology in the interdisciplinary investigation of cyber Cyber Technology Institute crime. In particular, DMU led the EPSRC project EMPHASIS in which six universities investigated ransomware from multidisciplinary angles. Who we are What we do Synergy with world leading AI research at DMU occurs in the application of machine learning The Cyber Technology Institute at De Montfort The CTI is a collaborative research hub which techniques in intrusion detection systems and University (DMU) is one of the three research focuses on the development of knowledge and malware analysis. institutes in the School of Computer Science and technologies to ensure a smart, safe and secure Informatics, with strong synergies with the other cyberspace. institutes: the Centre for Computing & Social Responsibility (CCSR) on privacy and ethics, and Our research covers many aspects of cyber with AI on its application in the cyber security security, with a few areas of particular focus. context. Our ACE-CSR core members consist of The majority of these areas provide outcomes 10 cyber security focused staff in the CTI, with that are directly applicable in industry and other additional members from the CCSR and the DMU organisations. Business & Law Faculty. The other 20 academics in the CTI work in cyber security as well as in Our work strongly affiliated areas such as smart systems, formal methods, and automotive systems. Activity in Incident Response is supported by the CyRan mobile cyber range, as well as the We have strong industry links through an SOC that has been instrumented to facilitate Industrial Advisory Group (IAG) consisting of the observation of human factors. The AIR4ICS Airbus, BT, Deloitte UK and Rolls Royce. The IAG project (NCSC/RITICS) developed agile provides regular input to research, enterprise, methods for incident response specifically in and teaching in the CTI. The CTI is an Airbus industrial control systems. Cyber security in Centre of Excellence in SCADA cyber security such systems in general is another area of focus, and forensics, and an active member of RISCS broadening this out also to wider consideration and RITICS. It has specialist laboratories for of critical infrastructure. teaching and research, including a training Security Operations Centre (SOC) recently built in Significant research activities centre around risk collaboration with Deloitte. assessment. The ACTIVE project (InnovateUK) developed methods for optimising cyber investment decisions based on cyber intelligence sharing and cyber risk measurement. Board level cyber security decision making is also supported through gamification in the SCIPS serious game, 18 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 19

Our work • Sociotechnical security solutions, such as using PETs (Privacy-Enhancing Technologies) In our current large projects, we are investigating: to tackle adversarial online influences and privacy violations, and devising governance • Security-by-construction, applying approaches for biometric and online programming languages, logics and data technologies that sense, learn and interact science to cyber-physical systems such as with emotions and moods. autonomous vehicles and surgical assistance • Quantum cyber security, finding replacement robots, and to future computer architectures. algorithms which resist future quantum • Foundations and applications of distributed computer attacks, as well as applying current ledger, including new cryptocurrencies, smart quantum devices to provide new, stronger contracts with cryptographic and formal security solutions. assurance, and e-voting protocols.

• Network architectures for 5G and 6G, Key areas of expertise and specialism including assurance frameworks with built-in • Law & Regulation monitoring, AI-based network management, • Human Factors University of Edinburgh • Privacy & Online Rights and physical layer security enabled by optical • Malware & Attack Technologies Cyber Security, Privacy and Trust Institute wireless systems. • Cryptography • Formal Methods in Cyber Security • Internet-of-Things, including intelligent • Operating Systems & Virtualisation Security algorithms that can detect and counteract • Software Security Our ACE-CSR connects to other Scottish cyber threats in home IoT, and how cloud- • Web & Mobile Security Who we are • Cyber Security and AI Universities through SICSA (Scottish and-edge AI systems can support human The University of Edinburgh’s ACE-CSR unites a Informatics and Computer Science Alliance), trust and ethically-sensitive design. diverse set of researchers under the umbrella of and the Scottish Government supported • Cyber risk associated with emerging FinTech, the Cyber Security, Privacy and Trust Institute. SICSA Cyber Nexus project. This feeds into using data-driven designs to optimise next Our core expertise is in the School of Informatics, Scotland’s Cyber Resilience programme, generation mobile services for banks, trading the largest computing department in the UK. helping develop the regional skills base and and insurance firms. Beyond Informatics, cyber security research solving problems for industry, public sector takes place in Design, Engineering, Maths, and government. Sociology, Law, Politics & International Relations and Social & Political Sciences. What we do

We have several connected inter-disciplinary We tackle research questions raised by current groups. CeSeR (Centre for Security Research) technologies and longer-term problems considers critical security studies, policy and raised by future and emerging technologies. governance, including privacy and surveillance. Typically, our research approach flows from SCRIPT (Scottish Research Centre for IP and fundamentals to application, concentrating on Technology Law) considers relationships among finding correct and robust solutions and often law, ethics, commerce and society. The long- exploiting multi-disciplinary knowledge. running ISSTI (Institute for Study of Science Technology and Innovation) addresses relevant We have a range of national and international sociological questions, extended by the recently industry partners. Our translational and founded Edinburgh Futures Institute with its applied research are supported by a dedicated established Chair in the Ethics of Data and AI. commercialisation team in the Bayes Centre, The University of Edinburgh is a founding partner an innovation hub for Data Science and of the Alan Turing Institute, linking to security and AI, and also by Edinburgh Innovations, the ethics research there. University’s innovation subsidiary.

We offer an MSc and two PhD programmes in Cyber Security, Privacy and Trust. Our four-year PhD programme is a partnership scheme which embeds external innovation training and internships. 20 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 21

Our work Intel, NVIDIA and Qualcomm, and formed the basis of a spin-out company called Under RITICS, we used optimisation techniques GraphicsFuzz which was acquired by to evaluate different defensive strategies Google in 2018. against various attackers, and looked at the role of diversity in defending against zero-day We have uncovered design flaws and severe attacks. This has led to multiple international vulnerabilities on real-world mobile systems, collaborations and an award-winning publication. including the Android operating system, Amazon Services and commodity IoT devices. Our work on the security of cyber-physical In response, our work has introduced tools, systems has led to new techniques to defend methods and end-to-end systems to improve sensor environments against malicious data privacy and strengthen security. injection attacks and to sensor deployment assessment methods at various levels of risk. IoT and personal data space privacy and security We have significantly improved the scalability of has also been a focus as part of the EPSRC Imperial College London risk analysis techniques based on attack graphs Databox and Defence Against Dark Artefacts and are investigating new methods for network projects. Our extensive data collection and Engineering Secure Software Systems resilience and reconfiguration in response to analysis test bed has been instrumental to attacks. industry collaborations and bug finding, as well as government policy recommendations in the Who we are What we do Statistical cyber security work has explored the IoT space. use of graph theory, time series analysis, change Imperial was one of the first recognised Over the period 2011-2016 our members detection, self and mutually exciting stochastic We are investigating the vulnerability of machine Academic Centres of Excellence in Cyber held over 75 grants worth £35.5 million and processes, latent factor models and cluster learning systems including both mechanisms that Security Research and has played a significant graduated over 25 doctoral students, with many analysis for building predictive models of normal can allow sophisticated attackers to compromise role in the national cyber security programme. more ongoing. The work is often conducted and adversarial behaviour. Collaborative work machine learning systems, as well as designing We are leading the Research Institute in Verified in collaboration with public and private sector has been performed together with government new defensive techniques to mitigate such Trustworthy Software Systems (VeTSS) and the partners and many of the projects involve research labs and industrial partners including EY attacks. We are also applying this in the context Research Institute in Trustworthy Inter-connected collaborations with other universities worldwide. and Microsoft. of federated machine learning platforms. Cyber-physical Systems (RITICS) and help run the PETRAS National Centre of Excellence for Our research activities range over a broad We have taken a global lead on using Intel’s Key areas of expertise and specialism IoT Systems Cybersecurity. spectrum, from quantum techniques to SGX technology for trusted execution, building Imperial’s work focuses on engineering secure and computational privacy and adversarial machine substantial expertise and funding. We explored resilient software systems, including:

The Imperial College London ACE-CSR is a learning, from physical layer security to mobile if Intel SGX is vulnerable to new types of attacks, • Software security and the use of formal methods for broad group comprising over 25 members security and cloud environments, from practical and how it can be used to protect legacy software and systems security and several associate members across three deployments to formal methods and analysis. applications and design new secure applications. • Security and Resilience of Cyber-Physical Systems • Network analysis, anomaly detection and security departments. We cover an extensive research Broad themes of work include: operations portfolio that converges on developing methods, Our work in providing certified verification of • Privacy tools and techniques for Engineering Secure and • Software security and the use of formal client-side web programmes has developed Resilient Software Systems. methods for software and systems security JSIL, an intermediate language well-suited for • Security and Resilience of Cyber-Physical JavaScript verification, to which we compile The ACE-CSR is led from within the Institute for Systems JavaScript programs; JS-2-JSIL, a correct Security Science and Technology (ISST), which • Network analysis, anomaly detection and compiler from JavaScript to JSIL, currently coordinates and applies interdisciplinary research security operations being used by Amazon; and JSVerify, the first and innovation to national security and resilience • Privacy verification tool for JavaScript, which will be challenges. ISST draws upon more than 150 used for proving different classes of trace internal affiliates, as well as visiting fellows from properties of JavaScript programs. across government and industry, giving the ACE- CSR the opportunity to enable and coordinate We have designed a suite of tools for formal research initiatives and programmes across the analysis, verification and testing of GPU programs entirety of the College. and compilation tools. The tools have been used to find various defects in a number of compilers from major vendors including, AMD, Apple, ARM, 22 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 23

Our Work Socio-technical Security and Privacy: Research work in this theme spans several Authentication and Authorisation: Work in this CyBOK KAs especially “Human Factors”, theme concentrates mostly on Cyber Security “Privacy & Online Rights”, “Law & Regulation”, Body of Knowledge (CyBOK) Knowledge “Risk Management & Governance”, and Areas (KAs) “Authentication, Authorisation & “Adversarial Behaviours”. This interdisciplinary Accountability”, especially on user authentication theme involves most of the Core and Associate (passwords, biometrics-based authentication, Members of KirCCS from all participating behavioural authentication), authorisation, schools, and intersects with the three other identity management and verifiable credentials. themes especially with “Authentication and Some work in this theme focuses on human Authorisation” (e.g. usability of password/ behaviours in user authentication and some biometrics-based authentication systems looks at user authentication on mobile devices, and identity management systems) and thus relating to CyBOK KAs “Human Factors” “Communication and Network Security” and “Web & Mobile Security”. KirCCS hosts In addition to the above four research themes, University of Kent one of the largest research groups working members of KirCCS have been active in a on biometrics in the UK, addressing issues of number of cross-cutting research areas in cyber algorithmic design, mobile platforms, usability security, including the following: Who we are What we do and standardisation. • AI and Security (including AI for security Kent Interdisciplinary Research Centre in Research at KirCCS has grown significantly Communication and Network Security: and security of AI, which can map to almost Cyber Security (KirCCS) was established in since its inception. The Centre’s current cyber Most work in this theme falls within CyBOK all technical KAs of CyBOK), 2012. The Centre harnesses expertise from security capabilities are organised into four KA “Network Security”, and some work different disciplines across the University of main research themes: relates to other KAs such as “Distributed • Digital Forensics and Online Harms Kent to address current and future cyber Systems Security” (e.g. blockchain), “Operating (including computer forensics, multimedia security challenges. The interdisciplinary focus • Authentication and Authorisation Systems & Virtualisation Security” (e.g. cloud forensics, cybercrime, online child protection, of the Centre is reflected by our current 18 • Communication and Network Security security), “Forensics” (e.g. network forensics), false information detection and prevention, Core Members from two academic schools • Security Testing and Verification “Cyber Physical Systems” (e.g. IoT security), and cyber threat intelligence), (Computing, Engineering and Digital Arts), • Socio-technical Security and Privacy and “Physical Layer and Telecommunications and over 50 Associate Members from more Security” (e.g. physical-layer identification based • Information Hiding (including than 10 different academic schools covering In addition to research and enterprise, KirCCS on intrinsic device signatures). Work in this steganography, steganalysis, and digital a wide range of subjects in the sciences, is also actively working and engaging with theme has benefitted from close collaboration watermarking), social sciences and humanities. governmental bodies, industry, schools, NGOs with industrial partners in the telecommunication and media on joint projects, innovations, public sector. • Quantum Cyber Security (i.e. quantum- Since 2012, we have successfully attracted engagement, outreach activities, professional resistant cyber security systems based on around £10 million of external funding to the training and other initiatives in cyber security. Security Testing and Verification: Work in quantum mechanics). University of Kent for cyber security related For instance, the University of Kent is an this theme spans across several CyBOK KAs research projects, many of which have involved academic partner of the Chartered Institute of particularly “Software Security” and “Malware These cross-cutting research areas can be interdisciplinary research. Our research has Information Security (CIISec) and a Network & Attack Technologies”, but also “Hardware mapped to a number of CyBOK KAs such as been funded through public sector funders such Member of the Academic RiSC, and KirCCS has Security”, “Web & Mobile Security”, “Network “Forensics”, “Security Operations & Incident as UKRI (especially EPSRC and Innovate UK), an appointed membership on UK Government’s Security”, and “Cryptography”. A major Management”, “Malware & Attack Technologies”, European Commission, NCSC, Dstl, and by Biometrics and Forensics Ethics Group. application area in this theme is automatic and “Adversarial Behaviours”. our industrial partners. malware and vulnerability detection via static Based on the success of KirCCS, the University analysis, conducted mainly by researchers Key areas of expertise and specialism of Kent is in the process of setting up the Institute from the world leading PLAS (Programming • Authentication and Authorisation • Communication and Network Security of Advanced Studies in Cyber Security and Languages and Systems) research group of • Security Testing and Verification Conflict (SoCyETAL), which will cover both cyber the School of Computing at the University of • Socio-technical Security and Privacy security research and educational activities. Kent. Members of the PLAS group also work • AI and Security (AI for security and security of AI) • Digital Forensics and Online Harms on providing a formal programming language • Information Hiding semantics, to act as an improved foundation for • Quantum Cyber Security the verification of security properties. 24 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 25

Our Work RePriCo: Resolving Multiparty Privacy Conflicts, funded by EPSRC, focused on multiuser access The following highlight a selected set of both control decisions and how to support them using active and recently completed projects at the AI techniques. The project was the first to create a KCL Cyber Security Centre: large-scale empirical base to understand multiparty access control conflicts. This project also proposed SAIS: Secure AI assistants, funded by EPSRC, a novel way of resolving multiuser access control will provide an understanding of attacks on conflicts based on Argumentation, and the AI assistants (AIS) considering the whole efficacy of the approach was tested in a large- AIS ecosystem, the AI models used in them, scale experiment with more than 900 participants, and all the stakeholders involved. It will focus which demonstrated that the use of arguments particularly on the feasibility and severity significantly improves the optimality of the decisions of potential attacks on AIS from a strategic made. The outputs were published in the top threat and risk perspective. Based on this human-centred security venues (CHI, TOCHI). understanding, SAIS will propose methods to King’s College London specify, verify and monitor the security behaviour Brexit and Cyber Security, funded by NCSC, of AIS and the AI models they embed, based analysed the potential impacts of Brexit on KCL Cyber Security Centre on symbolic AI techniques. These are known cybercrime policing and cyber threat intelligence to provide richer foundations than data-driven sharing, following a multi-stakeholder approach. ones for explanations of the behaviour of AI- The findings were published by the influential and Who we are In particular, AI for Cyber Security covers based systems. It will also co-create security renowned international security and defence think- the application of a broad spectrum of AI explanations following a techno-cultural method tank Royal United Services Institute (RUSI) in their The Kings College London (KCL) Cyber techniques to cyber security, from data-driven to increase users’ literacy of AIS security. flagship journal. Security Centre brings together a diverse techniques such as Machine Learning, to community of researchers across KCL, working knowledge-based, symbolic techniques such DADD: Discovering and Attesting Digital ‘Active Cyber Defence: Scaling Up from on the socio-technical aspects of cyber security, as Argumentation and Normative Systems. Discrimination, funded by EPSRC, is an Government to Nation’, funded by ESRC, including academics at the Department of Cyber Security of AI focuses on the security, ongoing project focusing on the undesired explored the UK NCSC’s Active Cyber Defence Informatics, the Department of Engineering, the trust, privacy and transparency guarantees effects of personal data use in AI-based systems, programme and its potential expansion beyond Department of War Studies, the Department of AI models, as well as of the systems that particularly discrimination against users the public sector. We worked closely with NCSC to of Defence Studies, the Department of Digital embed AI models. because of protected characteristics. DADD is develop our independent assessment of the ACD Humanities, the Dickson Poon School of Law, developing a cross-disciplinary understanding programme, the results of which were reported and the Policy Institute. 2. Formal Cyber Security – this includes the of the nature of digital discrimination and its widely in the press and in government theoretical aspects of cyber security, such relation to AI bias, and methods to assess and parliamentary reports. The Centre currently involves more than 40 as theoretical computer science approaches discrimination in AI-based systems underpinned academics across these departments and for verification and testing to provide by symbolic AI techniques through Key areas of expertise and specialism a multi-million pound portfolio of projects assurance, correctness and technology- non-discrimination norms. It considers different • AI Security and Privacy funded by EPSRC, ESRC, UKRI, InnovateUK, readiness of security protocols, security levels of access to the AI models in the systems, • Human-centred Security and Privacy • Security Verification and Testing EU Horizon2020, NCSC, US Office of Naval ceremonies, mobile and web applications, as well as different kinds of transparency • National Cyber Security Policy Research Global, US Air Force Office for and cyber-physical systems and the Internet depending on the stakeholders involved. • Cyber Deterrence and Defence Scientific Research, European Office of of Things (IoT). Aerospace Research & Development, Google and PTDF. 3. Strategic Cyber Security – this addresses the socio-political, strategic and international What we do aspects of cyber security. These include national cyber security policy, military cyber While the KCL Cyber Security Centre provides operations, cyber deterrence and defence, expertise on most areas of cyber security, it has cyber diplomacy, cyber intelligence, and a critical mass of researchers working on three cross-cutting issues of risk assessment, main research themes and their interrelationships: management and governance.

1. AI Cyber Security – this includes both the use of AI to address cyber security problems as well as the cyber security of AI itself. 26 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 27

products and processes, supported by SDN and EASY-RES: Developing novel control algorithms NFV testbed facilities, and a CyberThreat Lab and innovative Ancillary Services, which will developed through collaboration and investment allow the penetration of up to 100% of renewable from Fujitsu. energy sources in the European energy system. EASY-RES is paving the way for a more Security of Cyber Physical Systems and sustainable power grid, which delivers energy Infrastructures: We develop techniques to from renewables, reliably and securely. address security problems of cyber physical infrastructures commonly known as the Internet H-unique: Driven by casework and ground- of Things (IoT), developing new approaches to breaking research in forensic identification from systems, communications, and understanding an images in child abuse cases. H-Unique is the infrastructure’s unique risks to develop resilient first multi-feature automated examination of platforms to support the automation of physical visible hand anatomy through the analysis and processes in domains such as the nuclear interpretation of human variation. This is a large industry. This research is supported by our ICS interdisciplinary project supported by anatomists, Lancaster University (Industrial Control Systems) lab that hosts real anthropologists, geneticists, bioinformaticians, equipment found in control environments. image analysts and computer scientists. Its Security Lancaster aim is to accelerate identification, reduce New forms of Privacy and Identity: exposure of investigators to indecent images and We explore new forms of identity for technology considerably increase capacity for casework. Who we are in real-world settings, or through state-of-the-art and humans, working alongside other leading facilities, such as our Industrial Control Systems universities and industrial partners on large scale Cyber Foundry: The Cyber Foundry is a series The Cyber Security Research Centre (CSRC) and Software-defined Networking testbeds. projects like PETRAS (Privacy, Ethics, Trust, of multi-million-pound secure digitalisation at Lancaster University is nationally and Reliability, Acceptability and Security). Lancaster projects that will help SMEs across the Greater internationally renowned for its multidisciplinary Design with resilience in mind: We design University is also the home to IsoLab, the most Manchester and Lancashire regions to defend, research that puts the person at the heart of systems able to operate under attacks and our advanced environment for studying quantum innovate and grow their businesses. The GMCF security decisions. We are one of the few centres focus on novel resilience approaches keeps systems in controlled conditions. and LCF projects are working with over 250 to tackle human and technological cyber security attackers out and improves the survivability of companies to develop cyber security-based challenges in socio-technical systems. Since large-scale socio-technical systems. Cyber Security Behaviours: Using a business growth and productivity strategies, gaining ACE-CSR recognition in 2012, our cyber combination of psychology and linguistic and more than 60 companies to develop new security community has grown from 10 to more Engage with the very best partners: techniques, we undertake studies of how products and services. than 26 academics, and comes as a result of We combine our expertise with our partners to specific individuals or groups use the internet, strategic investments by Lancaster University, tackle key cyber security problems and support us and, conversely, how we can use internet Business & Engagement and Knowledge which sees security and cyber-security research in undertaking disruptive, innovative research with behaviour to make inferences about an Exchange: The team here have extensive as a priority. considerable, internationally recognised, socio- individual’s actions, both of regular users and experience in business and student engagement economic impact. adversaries. Examples of this include our and collaborative research. Since 2005, the team Our research philosophy is built around four research on the detection of insider threats, have assisted over 1,000 SMEs through funded defining pillars, developed through reflection What we do sophisticated social engineering attacks, projects and programmes, to transform ideas into on our own practices and engaging with the noise-aware stylometry and mimicry in online new digital products, processes, services and literature: Our research in the CSRC is focused around four conversations, led by CREST (Centre for strategies, providing expert advice to business key themes: Research and Evidence on Security Threats). and public sector bodies. A socio-technical approach: We consider humans, organisations and technical systems Security of Large-Scale Networks: We perform Our Work Key areas of expertise and specialism together, enabling us to more insightfully theoretical and experimental research to increase • Security of Large-Scale Networks: encapsulate the socio-technical aspects of the resilience, survivability and dependability of Some examples from our portfolio of world- • Security of Cyber Physical Systems and Infrastructures: • New forms of Privacy and Identity: security and establish distinctions between networks. Examples of this include the EPSRC/ class, interdisciplinary research and engagement • Cyber Security Behaviours: concepts as online/offline, attacker/insider, risk/ BT Prosperity Partnership, NG-CDI (Next activities: protection. Generation Converged Digital Infrastructure), an ambitious £5 million multi-disciplinary collaborative Based on grounded, systems-centred partnership programme, geared towards creating research: We undertake studies of large-scale a radically new architecture for the UK’s internet socio-technical settings and validate novel cyber and telecommunications infrastructure. We have security solutions emerging from our research cutting-edge facilities to develop and test new 28 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 29

the UK Research Institute in Sociotechnical Our work in CRITiCaL and EMPHASIS aims Cyber Security (RISCS). at conceptualising cybercrime psychologically and criminologically while pitting the strengths of We benefit from Newcastle’s tradition of machine learning against it, e.g., with detection world-leading research in dependability and of attack vectors, and automated classification of formal methods, as well as from rigorous ransomware. quantitative and evidence-based underpinnings in the research of the human aspects of security In our FinTrust work, we aim at infusing trust in and privacy. Our cyber security research is the growing FinTech industry, especially focusing reinforced by Newcastle’s growing strength in on automation and machine learning algorithms, data science: Newcastle University is home to the balancing commercial interest with societal National Innovation Centre for Data and partners interests and addressing the potential biases of with the Alan Turing Institute. the algorithms involved.

Our Work Key areas of expertise and specialism Newcastle University • Risk Management and Governance Our current and recent work includes inter- • Human factors • Privacy & Online Rights Newcastle University Cyber Security & Resilience disciplinary projects, often considering systems • Adversarial Behaviours as a whole, such as in the following examples: • Cryptography • Distributed Systems Security • Authentication, Authorisation & Accountability Who we are technical aspects of cyber security. Overall, we In PETRAS, we investigate privacy, ethics, • Cyber-Physical Systems pursue a vision of ‘Protecting Society’s Fabric’. trust, reliability, acceptability and security of IoT Newcastle University founded its cyber devices, systems and networks. We study smart security research initiative in 2010 in response In our systems security work, we investigate buildings as whole socio-technical systems, to the increasingly important global scope of cryptographic protocols and their applications, including their inhabitants and their privacy, cybercrime and the growing need for dependably distributed systems security, authentication, collected data and their legal and ethical issues. resilient systems. Recognised as an ACE-CSR authorisation, and accountability, complemented in 2013, Newcastle University Cyber Security & by interests in malware, adversarial behaviour, In the European Research Council project, Resilience pursues a holistic research vision in and forensics. CASCAde, we enable the security assurance this area, from the protection of cyber systems of evolving topologies, while preserving supporting society to the socio-technical aspects In this research, we are interested in systems, confidentiality, considering not only the system of cyber security. big and small. Benefiting from the Newcastle as a whole in relation to the attestation of its Urban Observatory and our purpose-built and constituent parts, but also the users and their While we have roots in Newcastle University’s sensor-instrumented Urban Sciences Building, trust in the overall assurance. School of Computing and its Secure and Resilient we pursue research in the cyber security and Systems (SRS) group, our remit is across faculties privacy of smart buildings and smart cities as well including, for example, the Newcastle University as of cyber-physical systems, in general. At the School of Engineering, the Business School, and same time, we have a keen interest in the security the Newcastle Law School. and privacy of the Internet of Things (IoT) and its manifold devices. Our ACE-CSR hosts 10 permanent academics in core cyber security topics, plus a range of When it comes to human and organisational academics interested in dependability, model- aspects of cyber security, we research risk based engineering and reasoning, artificial management and governance – for instance, in intelligence, scalable computing, electrical FinTech. We study privacy and online rights with engineering, medicine, psychology, and law. a range of topics, including privacy-enhancing technologies (PETs) and human behaviour What we do and decision making in face of privacy. We are interested in data protection, transparency Following the conviction that cyber security and regulatory aspects, especially as applied does not arise from protecting systems alone, to AI and algorithms. Finally, we investigate we complement core systems security research human dimensions of cyber security, in general, with studies in human, organisational and socio- especially as manifested in our contributions to 30 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 31

cyber risk and cyber insurance uptake and Fake news and misinformation are increasingly take an inclusive approach to cyber-security, issues that security teams are expected to addressing the issues facing marginalised and address. Both technology and people have a stigmatised communities including hate crimes role to play in reducing their spread and impact, and algorithmic bias. but when it comes to deep fakes that people will have more difficulty detecting, the need Forensics, law, digital policing and online for authenticity of multimedia content to be rights: We explore digital and sensor forensics, recognised by technology is paramount. Our online grooming detection, hate crimes, online work addresses this problem from both the privacy including marginalised and stigmatised technical and human perspectives. groups, children and family. We are particularly interested in ethical aspects of big data and AI, Our research on bio-inspired machine learning the data shadows data analytics can create, is achieving excellent results with our bio- and the potential for algorithmic bias in Policing inspired, flow-based and intelligent Botnet and justice. Detection System achieving an average detection Northumbria University accuracy of 99.8% across bot datasets, with Our Work a false positive rate of 0%. We are working on Cyber Security Research Group the Temporal forensic analysis of digital camera We are particularly interested in human security sensor imperfections for picture dating. behaviours in context – understanding the This project seeks to establish, for any given Who we are What we do underlying reasons for the lack of cyber security digital camera, a model that allows the analyst behaviours and how behaviour change can be to estimate the acquisition date of digital pictures. The Northumbria University Cyber Security Our ultimate aim is to deliver end to end secure motivated. Research Group brings together disciplines solutions that address the broader human, legal, We involve our students in our research, and from across the university to advance cyber ethical and societal aspects of security, privacy Research in the panacearesearch.eu project the application of that research, running a Cyber security research. The ACE-CSR comprises and trust. Our four research themes are: is exploring the cyber security behaviours of Clinic where cyber security students learn of core members of staff from computing healthcare workers. The team is designing ethical hacking and pen testing using Kali Linux. and psychology, as well as further associate Network security and intrusion detection: a toolkit to help hospitals and other facilities The objective is to connect trained students to members who join us from subjects including We focus on cutting edge research into the explore current behaviours and underlying industry. We currently work with The North East business, law and design. design and development of end to end secure reasons for such behaviours, to identify ways to Business Resilience Centre, which employs and reliable network systems. We aim to find motivate people to behave more securely. some of our Cyber Clinic students as part- We use these diverse perspectives to address solutions using state of the art sonification and time Cybersecurity consultants, and seven challenges in a unique and holistic way, that visualisation techniques, to detect intrusions Research in the EPSRC project cSalsa looks at Police Forces. takes into account context, human behaviours and machine learning techniques that mitigate cyber security behaviours at different life stages, and technology design, to fully address the security threats and vulnerabilities while exploring including new cyber vulnerabilities triggered by Key areas of expertise and specialism cyber security vulnerabilities facing individuals, potential biases. the retirement transition. • Human, Organisational and Regulatory Aspects organisations and governments. • Network Security • Authentication, Authorisation and Accountability Authentication, authenticity and identity The CyberGuardian project has looked at how • Human Centred Security, Privacy and Trust The Centre plays an important role in management: Here, the team conducts work we can develop peer support to improve the • Human Factors Northumbria’s Multidisciplinary Research on biometric encryption, digital forensics, cyber defences of older adults. • Digital and Multimedia forensics • Network security and malware detection (CHANGE strategy. The digital and human design theme biometric recognition including face and activity FROM: network security) provides a ‘think tank’ environment for critical recognition, novel authentication methods, One aspect of cyber security is to manage • Steganography inquiry at the intersections of people, place machine learning for media security, image/video privacy concerns which particularly affect and interactive digital and other emerging authentication and watermarking and secure and those from vulnerable or stigmatised groups. technologies. We also work closely with trusted identity and access management. As more data is collected online about members of the Centre for Crime and Policing individuals, their ‘data shadow’ shapes decisions around digital technology and policing as well Usable, human-centred sociotechnical by the justice system. The fear of such data as law and governance. security: We focus on a social/psychological collection may lead to self-censorship for some approach to human-centred, usable security. who fear stigmatisation. Such issues are covered The aim is to model cyber security behaviour by our EPSRC intuitproject.org project. across a number of contexts, apply psychological models of behaviour change, assess the psychological correlates of digital hoarding, 32 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 33

Our Work The Department of Computer Science runs a highly successful Master’s programme, including In order to solve cyber security problems, an NCSC-certified MSc in Software and Systems we need strong technology combined with an Security. Together, the Professional Programmes understanding of the context in which it is used, for software engineering recruit around 90 and how people will relate to one another through students each year to study part-time, whilst it. Our research interests find application in areas retaining professional roles in high technology such as smart power grids, sensor networks, companies and government departments. This is fraud detection, secure web applications, a crucial aspect of our technology transfer work, sensor networks, personalised medicine, home and is one of the means by which we develop networking and services, sustainable ICT, and long-term relationships with external partners for security standards. Integration across divisions mutual benefit. and departments – and beyond the University – have led to projects looking at cyber risk and Key areas of expertise and specialism insurance, software and cloud supply chains, • Analysis and verification of software and University of Oxford understanding how criminals collaborate online, security protocols • Systems security; trustworthiness and usability and a founding membership of the UK’s • Inter-disciplinary cyber security, policy and governance Oxford University Cyber Security Network national PETRAS IoT hub.

Oxford hosts a Centre for Doctoral Training in Who we are What we do Cyber Security, training students in the diverse disciplines which contribute to cyber security, The 16 academics in the Oxford ACE-CSR form The breadth of our work allows the University and equipping them to make a lasting research the hub for the wider cyber security research to create impact in numerous areas, including contribution in this cross-disciplinary area. network in Oxford (over 300 people in 26 the theory of security protocols and their The Global Cyber Security Capacity Centre, administrative units across the University). automated analysis, applied cryptography, founded in 2014, sets out to understand how Research activities encompass the themes of: and steganography, the security of systems, to deliver effective cyber security within the UK secure systems and technology; verification and particularly the technical and human factors and internationally. By collating best practice assurance; operational risk and analytics; identity, contributing to trust and security in distributed stories and case studies, it has developed the behaviour and ethics; national and international contexts (including mobile and cloud systems), Cybersecurity Capacity Maturity Model for security and governance; and human aspects of wireless security, network operations, situational Nations (CMM) for improving capacity across cyber security. awareness and security, insider threat detection, the areas of policy, risk management, society ad hoc collaboration, privacy and governance, and culture, legal frameworks, workforce We have particular expertise in bringing different trusted computing, and operations management. skills, and security controls. Working with key disciplines together, with collaborations spanning stakeholders from across the international the Business School, Sociology, Politics and Our researchers have played a key role in the community, the Centre and its partners such as International Relations, Computer Science, development of the Responsible Research the World Bank, the Organization of American Engineering, Maths and Medical Sciences. and Innovation field, looking at topics ranging States, the International Telecommunication We are also driving development of a community from trust in autonomous robots, to helping Union, the Commonwealth Telecommunications of practice for research ethics for cyber security individuals make more informed security and Organisation and the Global Forum in Cyber and data-driven research. privacy decisions. The network also draws on Expertise, have successfully applied the CMM wider expertise in software engineering and more than 110 times to over 80 countries. verification, quantum computing, management of large datasets and compute resources, medical informatics and privacy, modelling and understanding of risk, and programming language design. 34 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 35

the Association for Computing Machinery’s (ACM) Innovation programmes delivered to over 100 global technology policy council and the Open companies, namely London Office for Rapid Network Operating System (ONOS) Security & Cyber Advancement (LORCA) – the cyber performance analysis brigade. security accelerator programme funded by the Department for Digital, Culture, Media Our Work & Sport (DCMS) and delivered by Plexal, Deloitte and CSIT. HutZero – a pre-accelerator CSIT has delivered, is co-ordinating and is programme that seeks to encourage early involved in numerous projects, including: stage entrepreneurs and wantrepreneurs and generate cyber start-up ideas. Cyber101 – CSIT Research Institute in Secure Hardware and is a delivery partner on the DCMS funded Cyber Embedded Systems (RISE) – Led by Professor Security SME ‘Cyber 101’ programme. Led Máire O’Neill and supported by a staff team by Digital Catapult, Cyber 101 aims to provide based in the CSIT IKC, RISE has achieved broad workshops on business basics to early-stage support from the UK academic community cyber security companies across the UK. Queen’s University Belfast (seven UK universities are now funded via RISE) and has been very successful in engaging CSIT has also delivered industry contract CSIT – The Centre for Secure Information Technologies industrial partners from major hardware OEMs research and development covering malware and technology companies. reverse engineering, Zero Day attacks, vulnerability analysis, fraud detection, network Who we are What we do SPRITE+ (Security, Privacy, Identity, and Trust processing hardware design, driver condition Engagement – A NetworkPlus that will deliver detection and driver authentication, crypto The Centre for Secure Information Technologies Uniquely for a university, industry experienced a step change in engagement between people implementations and hardware security. (CSIT) is the national Innovation & Knowledge engineers and business development people involved in research, practice, and policy relevant Centre (IKC) for cyber security research. CSIT work alongside CSIT academics, researchers and to trust, identity, privacy, and security (TIPS) Key areas of expertise and specialism was awarded a Queen’s Anniversary Prize for PhD students to facilitate a culture of innovation with a focus on digital contexts. SPRITE+ will • Secure hardware and embedded systems Higher and Further Education in 2015. Originally that is industry focused and measured on deliver a coherent, coordinated, multi-disciplinary • Post-quantum cryptography and advanced cryptography architectures established in 2009, the Centre’s significant economic impact and commercial exploitation. approach, with strong stakeholder relationships • Security Intelligence - AI for cyber security and mobile achievements over its initial five-year period at the centre. Professor Sakir Sezer is a Co- security have also been recognised by core funders. Operating an Open Innovation model to Investigator of the network and several CSIT • Networked security systems • Analytics-based monitoring & forensics in new network The EPSRC, Innovate UK and Invest Northern drive collaboration with member organisations, academics participate as Expert Fellows. architectures Ireland have confirmed follow-on funding totalling we carry out contract research, license • Industrial Control Systems and Operational Technology security £10.5 million, whilst the University has committed intellectual property, spin-out companies COSMIC - Cloud-enabled Operation, Security • Cyber security research translation, innovation, a further £9 million, to sustain CSIT as an IKC and have a membership programme where Monitoring, and Forensics is a current project commercialisation and policy advisory and help it raise the bar on translating its world industry can invest in the vision of CSIT and running in the Research Institute in Trustworthy leading research into commercial impact right join in developing the research strategy Interconnected Cyber-physical Systems up to 2022. that has the overarching theme of ‘secure (RITICS). COSMIC investigates approaches for connected intelligence’. the seamless and secure transition of legacy- We employ over 80 people and have world critical industrial control systems to the cloud leading research expertise in areas such as CSIT is engaged in a number of cyber security with improved security, resilience, and failover network security, video analytics, cryptography, collaborative research projects with world protection, while also enabling new opportunities security informatics, SCADA security, malware leading organisations including Allstate, BAE to enhance intrusion response and post-event detection and embedded security. Systems, Citi, EBay, First Derivatives, Seagate, forensics. This work is led by Professor Sakir Thales, numerous SMEs, spin-out ventures Sezer and has precipitated CSIT’s latest spin-out Professor Máire O’Neill is Principal Investigator (Titan IC Systems (Acquired by NVIDIA in company Ditaca Ltd. and Dr. Godfrey Gaston is CSIT Director with March 2020), Liopa, Ditaca Ltd.) and leading overall responsibility for the Centre. institutes in the USA, South Korea, Japan, DCMS – Advisory work on the UK Cyber India and Europe. CSIT representatives are Security Sectoral Analysis and Understanding members of the UK National delegation to the the UK cyber security skills labour market security standardisation Study Group 17 of the projects in 2018, 2020 and beyond. International Telecommunication Union (ITU), the UK’s Multi-stakeholder Advisory Group on Cyber issues (FCDO), ETSI, the UK AI Council, 36 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 37

access control, hardware implementations of • Lattice-based cryptography for advanced cryptography and information-theoretic security. privacy-preserving techniques – The ISG is involved in efforts to standardise schemes Researchers in the ISG pioneer the use of for computing on encrypted data and qualitative social science methods such advises on the security of such schemes. as creative methods of engagements and It is also involved in building and analysing ethnography in information security. The research other advanced cryptographic primitives that is focused on the security needs of under-served remain secure in a post-quantum world and and unvoiced communities and groups. against even nation-state level adversaries (EU H2020 funded). The area of software & systems security is a focus for several members of staff. Key areas • Post-quantum TPM – We are involved in an include intrusion/anomaly detection and malware effort to make secure attestation of system mitigation, mobile security, execution integrity state post-quantum secure (EU H2020 verification, secure enclaves and systems funded). Royal Holloway, University of London engineering. • Post-quantum and quantum joint Information Security Group The area of trustworthy autonomous systems protocols – We are involved in a consortium and smart emerging technologies for financial, building joint protocols relying on both post- telecommunications and autonomous vehicular quantum cryptography and quantum key Who we are in the social sciences and has led to a fruitful security is a focus. Key areas of expertise include distribution (InnovateUK funded). collaborations across other schools and integrated and resource-constrained devices, Most of the research in information security at departments including Geography, Business and explainable artificial intelligence, self-testing/ • Digital forensics – We are involved in a Royal Holloway is undertaken by members of Management, Economics, Electronic Engineering, validating, digital forensics, cyber physical project with law-enforcement agencies the Information Security Group (ISG), which Law/Criminology, Politics and International systems and micro architectural attacks for to develop techniques for enhancing the is one of the world’s largest research groups Relations, and Psychology. trusted execution environments. forensic extraction of information from working in information security. modern encrypted smartphones (EU What we do Our Work H2020 funded). The ISG is one of the oldest groups of its type, having worked on cryptography since the mid- The ISG addresses and collaborates across a The ISG provides advisory and research • Everyday security – We are working on 1980s. Royal Holloway was the first institution broad range of areas, from the social, definitional, services on information security and associated making services used in the everyday safer, in the world to offer a degree in information complexity-theoretic and mathematical topics, drawing on the expertise of its research working closely together with communities security in 1992. There are now over 4,000 foundations of information security, to attacks staff and, as appropriate, a network of trusted and other stakeholders (EPSRC funded). alumni of the course from over 100 countries, and efficient implementations to applications professional associate consultants and external many working in senior information security and policy. Areas include cryptography, social researchers. ISG members have advised • Doctoral training – We host the EPSRC roles in government and industry. science, software & system security, malware over 100 organisations worldwide, including Centre for Doctoral Training in Cyber Security analysis, network security, automotive security, trade unions, activist networks, multinational for the Everyday at Royal Holloway. The ISG is a department within the School cyber-physical systems, drone security, the corporations, government departments, trade of Engineering, Physical and Mathematical economics of information security, embedded and standards associations and SMEs. In 2019 Key areas of expertise and specialism Sciences. We employ 20 full-time permanent systems, digital forensics, psychological we were founding members of the International • Cryptography members of staff. We also employ five post- aspects of information security, resource- Cyber Security Centre of Excellence (INCE-CoE). • Social aspects of information security • Software and systems security doctoral research assistants, working on a wide constrained security, security testing, security • Trustworthy autonomous systems range of funded projects. The ISG currently has standardisation, threat analysis, trusted execution Some of our current projects include: around 80 PhD students and hosts one of three environments, trustworthy autonomous systems, doctoral training centres for cyber security, ubiquitous computing and web security. • Lattice-based cryptography for post- funded by EPSRC. quantum applications – The ISG is involved The area of cryptography has historically in several candidate proposals for the The activities of the ISG are supplemented been and remains a core strength of the ISG. ongoing NIST Post-Quantum Standardisation by research undertaken by colleagues in Cryptographic research within the ISG is Process and in analysing the security of such the Mathematics and Computer Science focused on cryptanalysis and cryptographic schemes (EPSRC and EU H2020 funded). departments in particular. Our research in primitives. Areas of cryptographic research information security has been enriched by include lattice-based and post-quantum the recruitment of students with backgrounds cryptography, cryptographic protocols, statistics, 38 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 39

• Fostering excellence in research, depth Dr. Halak secured two fellowships from the Royal in impact, and educating top-class cyber Academy of Engineering, focusing on securing security experts. hardware supply-chain and on developing AI- based countermeasures to device tampering. Our Work Professors Butler and Sassone and Dr. Aniello We engage in externally funded, high-quality secured the EPSRC grant HD-Sec to work research and outreach activities with NCSC/ on security verification of capability hardware. GCHQ, FCO, NCA, Bank of England, the Cabinet Professor Butler’s previous project aims to Office, the Metropolitan and Hampshire Police develop a unified tool-based framework for forces, and other public administrations across automated formal verification and validation of the world. Our partnership with government cyber-physical systems. agencies and industry leaders include Dstl, Northrop-Grumman, Roke Manor Research, Dr. Karafili was awarded the prestigious Marie and the South East Regional Cyber Crime Unit Curie Individual Fellowship funded by EU H2020 University of Southampton (SEROCU). Together with these partners, program for her project AF-Cyber (Logic-Based we founded and operate a Cyber Security Attribution and Forensics in Cyber Security), CyberSecurity Southampton Academy, whose objectives span from research and is part of the CyberASAP (Cyber Security and consultancy to outreach, training and Academic Startup Accelerator Programme) knowledge transfer. Furthermore, we are part of funded by DCMS with Innovate UK & KTN. Who we are What we do the SPRITE+ consortium, the EPSRC’s national Trust, Identity, Privacy and Security NetworkPlus, Key areas of expertise and specialism The University of Southampton Cyber Our current research and where our specific responsibilities include leading • AI and ML based data analytics for cyberattack Research Group aspires to lead the academic activities include: on the development of cyber security training. detection and defence, and malware analysis; • Analysis and design of trustworthy software; agenda towards a secure cyberspace. • Blockchain and Distributed Ledgers; Our multidisciplinary expertise contributes • Supplying secure embedded, IoT, and Professor Sassone holds a Royal Academy of • Cyber identity; understanding, knowledge and innovation to cyber-physical systems and their design Engineering Research Chair in Cyber Security • Cyber risk analysis; • Data privacy; the protection of critical infrastructures, users, methodologies via integrated hardware and was scientific leader of H2020 project • International cyber law; their data and interests. Our activities connect software co-design, tool-based approaches. SUNFISH on federating clouds, whose partners • Provenance, trust and data assurance • Safety-and-Security by Design; across electronic, software, hardware, IoT and • Securing the cyberspace by design, include the UK and the Italian governments. • Secure embedded systems; cyber-physical systems, data analytics and AI analysis, simulation and proof, to protect Professor Sassone also held grants BlockIT • Secure web technologies; for security, data assurance and blockchain, infrastructures and data, users and their and CS-SED, focusing on the application of • Security of cyber-physical systems and the Internet of Things; advanced networking and protocol security, interests. blockchain technologies to data privacy and • Security of Critical Infrastructures, transport networks, situational awareness, cyber risk and threat • Enhancing the security and trustworthiness assurance in smart-energy applications, automotive systems, and smart energy systems (smart home, smart building, smart grid, etc). analysis, cybercrime, social acceptability of of computer hardware. devices and data. cyber regulations, and related education. • Developing AI, deep and reinforcement learning based advanced data analytics for Professors Surridge and Sassone secured Led by Professor Vladimiro Sassone, the centre cyber attack detection and defence at the the H2020 project CyberKit4SMEs, aimed at includes researchers from Computer Science, software, hardware, and system level. developing a toolkit to help SMEs improve their Engineering, Law, Management, Mathematics, • Supporting policy and strategy makers, cyber stance. Part of the ideas here arose NanoElectronics, Psychology, Sociology and government, industry and society at large to from Surridge and Sassone’s previous work Web Science. This places us in a unique position enhance the national and international cyber on Cyber Essentials in project CSCE. to respond to the need for UK Government, security capacity. business and consumers and their infrastructures • Forming partnerships with industry, Dr. Aniello and Professor Sassone secured to become more resilient to cyber attacks. government agencies, and local communities two Defence Accelerator projects from the in order to further our institutional mission MoD, CyPrIAAAn and OCCAM-RT, The Cyber Research Group delivers a wide more effectively. focusing on developing predictive cyber analytics spectrum of interwoven research, ranging from • Adopting a holistic and multidisciplinary and situational awareness against multi-stage electronic devices to social and legal aspects, approach, which takes into full account cyber attacks. passing through world-leading research on human aspects and behaviour, as well as cyber-enabling infrastructures, addressing social and legal acceptability issues. core cyber security issues through formal and experimental methods. 40 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 41

Members of SCCS are active members of ETSI, malware detection and software engineering. ISO SC27, Trusted Computing Group, FIDO Brijesh Dongol applies formal techniques to Alliance and LORA Alliance. concurrent objects and weak memory models for transactional memory. Constantin Catalin Dragan Our Work works on provable security and verification using Easycrypt. Steve Schneider works on model- Applied cryptography – Liqun Chen works checking and theorem-proving approaches. on anonymous attestation and post-quantum Helen Treharne works on formal verification of cryptography and is internationally known for her protocols such as V2X using Tamarin. work on applied cryptography. Robert Granger and David Gerault work on cryptanalysis. Mark Trusted systems – Ioana Boureanu works on Manulis works on privacy-oriented cryptography hardware roots of trust for combatting proximity and on authentication protocols. Other protocols frauds. Liqun Chen leads the H2020 FutureTPM work includes distance bounding and contactless project exploring next generation TPM-based payments (David Gerault and Ioana Boureanu) solutions incorporating robust and formally University of Surrey and anonymous smart-ticketing (Helen Treharne). verified quantum-resistance cryptographic Blockchain and distributed ledgers – Gregory primitives. Steve Schneider leads research on Surrey Centre for Cyber Security Chockler works on Byzantine agreement verifiable electronic voting. Helen Treharne and and foundations for secure data replication Mark Manulis work on cloud architectures for in permissioned distributed ledgers. Steve password-less authentication. Who we are What we do Schneider, Mark Manulis and John Collomosse work on DLT applications to digital identity, Social media – Nishanth Sastry leads research Surrey Centre for Cyber Security (SCCS) brings SCCS research is concerned with technical archiving, information brokering and on the production, distribution and consumption together teams focused on innovative research foundations of cyber security, the design and electronic voting. of online content in social media, for example in cyber security across the University of Surrey. development of cyber security technologies and focusing on patterns aiming to detect and Established in 2014, we currently have 17 core their applications to real-world systems. Communications and networks – Ioana understand harmful contents academics with established track records in key Boureanu and Helen Treharne work on technical areas of cyber security. Our broader We are internationally known for our work in LoRaWAN protocols. Haitham Cruickshank In addition to the above, some socio-technical activity encompasses a further 25 associate applied cryptography, security verification and works on security and routing in heterogeneous aspects of cyber security at Surrey include members with interdisciplinary expertise in distributed systems, with strong backing in networks including 5G. Mark Manulis works on Mikołaj Barczentewicz’s (Surrey Law and AI, Communication Systems, Engineering, trusted computing and networks. communications in fleets of consumer drones, Technology Hub) work on law and policy Psychology, Criminology, Business and Law. and on secure satellite ranging and cyber security solutions to problems of data security and We have strong links with Surrey’s 5G Innovation Our research focuses on the design of secure in new space. Helen Treharne works on train-to- privacy, and Mike McGuire’s work on criminology, Centre, Surrey Space Centre, and the Centre for and resilient technologies. Applications are in cloud communications and Zhili Sun works on cybercrime, and technology in the justice system. Vision, Speech and Signal Processing. many domains, including electronic transactions reliable satellite communications. and digital identity, electronic voting, smart Key areas of expertise and specialism SCCS research and PhD projects are supported ticketing and transportation, and future Distributed systems – Gregory Chockler • Applied Cryptography by various funding bodies including EPSRC, communications and networks. leads research on foundations and applications • Formal Modelling and Verification • Authentication, Authorisation and Accountability EU, InnovateUK and industry, and including our of trustworthy distributed computing, fault- • Privacy Enhancing Technologies Centre for Doctoral Training in Future Connected We collaborate with leading international groups tolerance, scalable data storage, and cloud • Network Security Technologies, supported by EIT Digital and for research, training and networking. Current computing. Brijesh Dongol works on inter- • Distributed Systems industrial partners. We also offer an Information collaborations include leading universities and process communications and applications to Security MSc programme which was certified research institutes in Australia, India, Israel, USA robotic systems. Lee Gillam works on cloud by the NCSC in 2014. In 2019 a modern 200- and Europe. resilience, security and performance. Nishanth seat laboratory was built to support our practical Sastry develops systems and architectures research and teaching activities. We maintain strategic research collaborations around mobile edge computing. and projects with key industry players in cyber security technologies and their applications. Formal Modelling and Verification – Ioana Partnerships include Amazon, ARM, BT, Boureanu works in formal security analysis, Facebook/Novi, Galois, HP Labs, IBM Research, provable security, and formal verification IOTA, MasterCard, Mozilla, NCC Group, Nomadic via model-checking. Taolue Chen works on Labs, Saab, Stellar Development Foundation, verification through probabilistic model-checking. Tendermint, Thales, VISA, Vodafone, and Yubico. Santanu Dash works in secure software, 42 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 43

The longer-term aim is to automate the addition of robustness to programs and Key areas of expertise and specialism • Anonymous communications hardware designs. • Cryptocurrencies and blockchains • Cryptography and cryptanalysis • Cyber safety Another project we led aimed to better • Economics of security understand the potential crime threats associated • Ethical, legal and policy aspects of security with consumer IoT devices, understand what • Network security • Privacy-enhancing technologies is communicated to consumers about security • Program verification and analysis prior to their purchase, examine the factors • Security and privacy in Artificial Intelligence • Security in ubiquitous computing that consumers care about, and estimate what • Software and systems security effect labels, that communicate details of device security, might have on consumer choice. A market surveillance exercise with 270 devices, which involved a review of the materials that were available prior to purchase, revealed that University College London none provided details of the duration over which security updates would be provided, only 10% Computer Science Department provided advice on cyber hygiene, and only 5% detailed the security of the cloud services used. A systematic review of the academic literature Who we are What we do revealed that crime threats associated with the consumer IoT included burglary, stalking, identity University College London’s (UCL) ACE-CSR The ACE-CSR conducts a broad range of theft and online sex offending. Our studies on includes 24 academics across six research research in cyber security and in conjunction with consumer choice indicated that consumers groups within the Computer Science Department the Department of Security and Crime Science would be willing to pay more for secure devices, including Information Security Research works on understanding cyber safety and and that some security labels would be more Group, Science of Cyber Security Research preventing cybercrime. UCL is educating future effective than others. This work informed Institute, Systems and Networking Research cyber security professionals through its MSc DCMS’s Secure by Design agenda. Group, Software System Engineering Research and PhD programmes. The MSc in Information Group, Jill Dando Institute of Security and Security is a one-year programme where Last but not least, our Centre for Doctoral Crime Science, and Department of Science, international security experts teach a balance of Training (CDT) in Cybersecurity, opened in Technology, Engineering and Public Policy. established theory and cutting-edge practice, 2019, is an innovative and exciting collaboration equipping graduates with the broad expertise bringing together research teams in three UCL Cyber security research is one of UCL’s strategic necessary to succeed in information security. departments, to increase the capacity of the research priorities and the Centre of Excellence UK to respond to future information and cyber aims to help make the UK Government, business, Our Work security challenges. Through an interdisciplinary and consumers more resilient to cyber-attacks approach, the CDT trains cohorts of highly by extending knowledge and enhancing skills in We research and solve real-life problems across a skilled experts drawn from across the spectrum cyber security. In particular, our mission is to: broad range of areas. A few illustrative examples of Engineering and Social Sciences, to become include the ELVEN project, the work at the Dawes the next generation of UK leaders in industry • Encourage collaboration and expand the Centre for Future Crime and PETRAS, as well as and government, public policy, and scientific level of innovation our Centre for Doctoral Training in Cybersecurity. research. The CDT equips the students with • Enhance the UK’s cyber knowledge base a broad understanding of all sub-fields of through original research Robust software is resistant to “meddling”. It cybersecurity, as well as specialised knowledge • Provide top quality graduates in the field of possesses a form of correctness attraction that and transferable skills to be able to operate cyber security allows it to continue to produce its intended professionally in business, academic, and policy • Support NCSC’s cyber defence mission responses in spite of transient errors or circles. Overall, the CDT has an ambitious adversarial efforts to affect it. The ELVEN project, portfolio of projects and over 40 members of funded by Facebook, is investigating the role faculty with internationally excellent expertise that entropy loss via program execution plays in across all aspects of cybersecurity. robust code. ELVEN is using program analysis to map entropy loss regions in software and relate this to robustness behaviour. 44 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 45

Systems. Our portfolio of work on authentication, The University is a founding core partner of the access control and identity management includes PETRAS National Centre of Excellence for IoT Authentication and Access Control in IoT Systems Systems Cybersecurity. There have also been and Pattern of Life Analytics for Authentication. numerous projects undertaken at the University Professor Chang-Tsun Li recently completed the funded through PETRAS, including Evaluating IDENTITY project for Computer Vision Enabled Trustworthiness of Edge-Based Multi-Tenanted Multimedia Forensics and People Identification IoT Devices (TEAM), led by Dr. Arshad Jhumka. and is taking this work forward with Dr. Victor TEAM is developing a framework that will enable Sanchez-Silva and Professor Maple through the the deployment of trusted edge-based multi- Real-time Detection of Concealment of Intent for tenanted IoT networks where applications are of Passenger Screening project. varying criticality.

Infrastructure Security: The University has The University is also a founding partner in the considerable expertise in securing infrastructure Alan Turing Institute and undertakes a range through a range of applications. This includes of work in this regard. The work is conducted University of Warwick our work on Resilient IoT at the Edge, a project through Turing’s Defence and Security which aims to collect good design patterns, programme and includes the work of Cyber Security Global Research Priority taking advantage of existing National Cyber Professors Rob Proctor and James Smith on Security Centre (NCSC) secure design patterns Bayesian predictive models of violent extremist and build on related Warwick research in resilient threat building upon Smith’s Chain Event Who we are Rights spans technological developments, architectures for cyber security. Building upon graphs work that has been widely applied implementation and governance. Our work ground-breaking implementation of secure to criminal activity. Within the programme, The University has a long history of undertaking on Privacy Enhancing technologies (PETs) is and private communications in vehicular Dr. Fahmy is undertaking leading work in research in what now falls under the umbrella supported by NCSC funding for a doctoral communications, the University is part of a hardware accelerated data analytics. of cyber security. Today, cyber security at the studentship and summer internship programme consortium delivering the £8 million project, University spans many departments and is over the past three years and grants including AirQKD. This project, led by BT, will develop and Key areas of expertise and specialism coordinated through the Cyber Security Global a Royal Society Wolfson Research Merit Award implement quantum key distribution in connected • Privacy and Online Rights Research Priority (GRP). held by Professor Graham Cormode. and autonomous vehicle systems. • Cyber-physical systems security • Authentication, Authorisation & Accountability Professor Carsten Maple is a PI on the • Risk Management and Governance The University’s GRP programme provides a Trustworthy National Digital Identity Systems Our Work • Distributed Systems Security platform for multidisciplinary research in key project funded by the Bill and Melinda Gates • Physical Layer Security and Telecommunications areas of international significance, encouraging Foundation, which involves developing privacy- The ACE-CSR attracts funding from a variety cross-departmental collaboration and enabling enhancing techniques for national digital identity of sources, reflecting the importance of cyber our researchers to work together across systems. Following successful foundational security research to a number of stakeholders, departmental and disciplinary boundaries on EPSRC projects, Professor Irene Ng is seeing gaining funding for more than 100 projects in issues of global importance. The ACE-CSR her work from the Hub-of-All-Things, DROPS the past four years. We also receive substantial brings world-renowned academics from many and Contrive projects being implemented funding from commercial partners. For example, disciplines together to address a broad range of through the global start-up Dataswift. The work in 2018, the National Automotive Innovation cyber security challenges. of Sorell and Aldrich covers the transparency, Centre opened on the University of Warwick ethics, and democratic values of privacy, secrecy campus. The Centre, which is a beacon for Our aim is to be a world-leading, single- and security. Dr. Matt Spencer is the recipient automotive research bringing together the institution, multidisciplinary research group for of an EPSRC Future Leaders Fellowship and brightest minds from industry and academia, to cyber security and to create new knowledge and is currently investigating the social processes develop future vehicles and mobility solutions, is understanding that will improve cyber security through which knowledge and trust are a £150 million investment between Jaguar Land through active partnership with key stakeholders, negotiated in the security profession through the Rover, Tata Motors, WMG and the University of and have national and international impact. Scaling Trust project. Warwick, with an additional £29.5m funding from the UK Research Partnership Investment Fund What we do Systems Security: Our work in Systems (UKRPIF), through Research England. Security includes a large number of projects in Human, Organisational & Regulatory Aspects: Authentication, Authorisation & Accountability. A significant proportion of our work lies in this Professor Feng Hao was awarded an EPSRC area of the Cyber Security Body of Knowledge grant in April 2020 on End to End Authentication (CyBOK). Our work on Privacy and Online of Caller ID in Heterogeneous Telephony 46 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 47 Contact Address Book

University of Birmingham University of Bristol De Montford University The University of Edinburgh Professor Mark Ryan, Dr. Daniel Page, Professor Eerke Boiten, Professor David Aspinall, Director, School of Computer Science [email protected] Director, Cyber Technology Institute, Director [email protected] [email protected] [email protected] +44 (0) 121 414 7361 Professor Awais Rashid, +44 (0)131 650 5177 [email protected] School of Computer Science University of Birmingham, and Informatics, Dr. Vesselin Velichkov, Edgbaston, University of Bristol, De Montfort University, Deputy Director Birmingham, Department of Computer Science, Leicester [email protected] B15 2TT Merchant Venturers Building, LE1 9BH +44 (0)131 650 2697 Woodland Road, sec.cs.bham.ac.uk Bristol, www.dmu.ac.uk/cti/ Dr. Ahmed El-Rayis, BS8 1UB Commercial Director [email protected] +44 (0)773 651 4165

The University of Edinburgh https://www.ed.ac.uk/cyber-security-privacy/

University of Cambridge Cardiff University Imperial College London University of Kent

Professor Frank Stajano, Professor Pete Burnap, Professor Emil C Lupu, Professor Shujun Li Head, ACE-CSR; Director, Security Science Fellow Director of KirCCS and PI for the Kent Fellow, Trinity College; Centre for Cyber Security Research, Institute for Security Science and Technology, ACE-CSR Professor of Security and Privacy, [email protected] [email protected] [email protected] Professor Gareth Howells and Professor +44 (0) 1223 763 500 Cardiff University, Imperial College London South Julio Hernandez-Castro Cardiff CF10 3AT Kensington Campus Deputy Directors of KirCCS University of Cambridge, London, School of Computing, Department of Computer Science and Technology https://www.cardiff.ac.uk/centre-for-cyber- SW7 2AZ University of Kent (The Computer Laboratory), security-research Canterbury, William Gates Building, https://www.imperial.ac.uk/cyber-security/ CT2 7NF 15 JJ Thomson Avenue, Cambridge, [email protected] CB3 0FD. https://cyber.kent.ac.uk/

http://www.cl.cam.ac.uk/projects/ace-csr/ 48 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 49

King’s College London Lancaster University University of Oxford Queen’s University Belfast Dr. Jose Such, Professor Nicholas Race, Professor Andrew Martin, David Crozier, Director, Director, Professor of Systems Security PI for Head of Strategic Partnerships, KCL Cybersecurity Centre, Cyber Security Research Centre, ACE-CSR and Director of the CDT in Centre for Secure Information Technologies, Department of Informatics, Infolab21, Cyber Security, ECIT Institute, [email protected] [email protected] [email protected] [email protected] +44 (0) 28 9097 1700 King’s College London, Lancaster University, Katherine Fletcher, Bush House, Lancaster, Coordinator, Queen’s University Belfast, 30 Aldwych, L A1 4WA, Cyber Security Oxford network Queen’s Road, London, [email protected] Queen’s Island, WC2B 4BG https://www.lancaster.ac.uk/cybersecurity Belfast, University of Oxford BT3 9DT http://kcl.ac.uk/cybersecurity-centre Department of Computer Science, Wolfson Building, www.qub.ac.uk/csit Parks Road OXFORD OX1 3QD

www.cybersecurity.ox.ac.uk

Newcastle University Northumbria University Royal Holloway University University of Southampton Dr. Thomas Gross, Professor Lynne Coventry, Professor Peter Komisarczuk, Professor Vladimiro Sassone, Reader of Systems Security, Department of Psychology, Information Security Group, Director, PI and Director for ACE-CSR, University of Northumbria, Royal Holloway University of London, Cyber Security Research Centre, Academic Centre of Excellence in [email protected] [email protected] [email protected] Cyber Security Research, +44 (0) 191 243 7772 +44 (0)2380 599009 [email protected] Egham Hill, +44 (0) 191 208 7997 Newcastle upon Tyne, Egham, University of Southampton, NE1 8ST TW20 0EX Southampton, Newcastle University, SO17 1BJ Urban Sciences Building, https://www.northumbria.ac.uk/about-us/ https://www.royalholloway.ac.uk/isg 1 Science Square, academic-departments/computer-and- https://cyber.southampton.ac.uk Newcastle upon Tyne, information-sciences/research/northumbria- facebook and twitter @CybSecSoton NE4 5TG cyber-security-research-group/ 50 Developing Our Capability in Cyber Security Developing Our Capability in Cyber Security 51 Glossary of terms

5G 5th generation mobile network

University of Surrey University College London 6G 6th generation mobile network

Professor Steve Schneider, Professor Emiliano De Cristofaro, ACD Active Cyber Defence Surrey Centre for Cyber Security, Director, ACM Association for Computing Machinery University of Surrey, Academic Centre of Excellence in [email protected] Cyber Security Research University AI Artificial Intelligence +44 (0) 1483 68 9637 College London, ACE-CSR Academic Centre of Excellence in Cyber Security Research Department of Computer Science, Guildford, [email protected] CIISec Chartered Institute of Information Security GU2 7XH CNI Critical National Infrastructures Gower Street, www.surrey.ac.uk/sccs London, CPU Central Processing Unit Twitter: @SCCS_UniSurrey WC1E 6BT CyBok The Cyber Security Body of Knowledge

https://www.ucl.ac.uk/cybersecurity-centre- DCMS Department for Digital, Culture, Media and Sport of-excellence/ DLT Distributed ledger technology

Dstl Defence Science and Technology Laboratory

EPSRC Engineering and Physical Sciences Research Council

ERC European Research Council

EU European Union

FCDO Foreign, Commonwealth and Development Office

GCHQ UK Government Communications Headquarters

IACR International Association of Cryptologic Research

IAG Industrial Advisory Group

Warwick University ICT Information Communications Technology

Professor Carsten Maple, IoT Internet of Things Professor of Cyber Systems Engineering, MoD UK Ministry of Defence [email protected] MSc Master of Science, a UK post-graduate qualification +44 (0) 24 7652 4348 NCA National Crime Agency University of Warwick, NGO Non-governmental Organisation Coventry, CV4 7AL PACE Privacy-Aware Cloud Ecosystems PETs Privacy-Enhancing Technologies https://warwick.ac.uk/research/ priorities/cyber-security/ PhD Post-graduate doctoral qualification available in the UK RISCS Research Institute for Sociotechnical Cyber Security

RISE Research Institute in Secure Hardware and Embedded Systems

RITICS Research Institute in Trustworthy Interconnected Cyber-physical Systems

UKRI UK Research and Innovation © Crown copyright 2020

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated.

To view this licence, visit nationalarchives.gov.uk/doc/open-government- licence/version/3

This publication is also available on our website at https://www.ncsc. gov.uk/information/academic-centres-excellence-cyber-security- research

Any enquiries regarding this publication should be sent to us at [email protected]