Projects

Investigating the theory of Human Interactive Security Protocols and the cryptography that support them.

Further information: http://www.cs.ox.ac.uk/hcbk

It is widely recognised that the threat to enterprises from insider activities is increasing and that significant costs are being incurred. The multi-faceted dimensions of insider threat and compromising actions have resulted in a diverse experience and understanding of what insider threats are and how to detect or prevent them. The purpose of this research is to investigate the potential for near real-time detection of insider threat activities within a large enterprise environment using monitoring tools centred around the information infrastructure. As inside threat activities are not confined solely to cyber-based threats, the research will explore the potential for harnessing a variety of threat indicators buried in a different enterprise operations connected or interfacing with the information infrastructure, while enabling human analysts to make informed decisions efficiently and effectively.

PROJECT OVERVIEW

Our research incorporates both theoretical and applied research aimed at delivering a significantly enhanced capability in insider threat detection, as well as education and dissemination materials and strategies designed to maximise uptake of the insight generated by the research. Our approach is to combine cyber security, psychology, criminology, visual analytics, enterprise operations management and executive education expertise to:

• Develop a model for insider threat which is flexible enough to underpin detection systems based on both detecting deviations from normal behaviour, and the identification of specific events of interest which might indicate the presence of an attack involving an insider. The model will support the distinguishing of attack events relating to activities in the physical space and cyber space, based on data sources accessible via the information infrastructure.
• Understand the potential for psychological indicators of an insider becoming a threat, including how we might detect such indicators based on cyber behaviours.
• Identify the most effective pattern extraction algorithms for facilitating correlation and detection across heterogeneous operational contexts.
• Understand the enterprise culture and common practices that such novel detection systems would need to work within, and design processes appropriate to enabling operation.
• Provide a visual analytical interface to assist human analysts in more complex reasoning and decision-making processes by enabling them to fuse their knowledge and experience with the information and threat indicators discovered by the system, hence empowering the analysts to play an active role within the detection system in addition to being consumers of its outputs.
• Develop an understanding of both the various organisational roles that will be impacted by such an insider threat detection system and have responsibilities towards successful outcomes, and the various awareness raising and educational methods which are likely to have the greatest impact in enabling stakeholders to benefit from the research and to learn from the knowledge developed.

We will be working closely with Financial Fraud Action UK, SOCA, CISCO, CIFAS - the UK's Fraud Prevention Service - and others.

Ensuring confidence in collaborative working is an important concern; Government work is increasingly collaborative in nature and needs to be enabled by advances in ICT supporting the provision of collaborative working environments. Part of this challenge involves managing rapidly changing situations, where prospective collaborators join and existing collaborators leave a coalition, without compromising security requirements.

The aim of the EUSTACE project is to develop a decision-making framework and tool support for rapidly evaluating the security implications of ad-hoc collaborative work. We propose a framework that reuses existing models in Security, HCI, and Computer Science and makes these amenable to automated analysis and tool support.

The framework describes how formal specifications of implied behaviour are generated from existing usability and system models (such as personas and use cases) and combined with formal specifications of security requirements (derived from existing policies and requirements). A model checker is then used to analyse these specifications for failures and contradictions. These are then visualised in a collaborative work model that captures elements of the system, its users and their activities. The failures and contradictions are then highlighted in this model, providing the means of rapidly evaluating whether a proposed collaboration is likely to create security problems.

Federated Secure Sensor Network Laboratory aims to build a large scale federated sensor network framework with multiple applications sharing the same resources, where reliable intra-application communication is guaranteed, as well as a scalable and distributed management infrastructure.

SATURN is a collaborative research programme with the aim of improving the resilience of the UK critical national infrastructure (CNI), via a combination of enhanced situational awareness tools and dynamic semi-autonomous service management technologies. We aim to demonstrate a smarter and scalable service capability than exists within the CNI today. The focus is the automated discovery of sensor or service feeds, combined with intelligent data visualisation, and translation into sets of meta-services

A new generation of computer security, developed over the past 10 years, offers the opportunity for human users to decide what systems can communicate with each other with no need for any pre-existing structure of keys or structure linking them. This is based on the discovery of highly efficient protocols for authenticating systems and exchanging keys based on the comparison of short strings generated by the two or more parties involved. The researchers have been leaders in the development of these protocols from the start and have helped them mature to the point where they can and should be widely used in critical applications such as the military.

Our vision is that individual authorised users of systems should be permitted, within limits defined by their authorisation, to connect their devices and share data with other devices in situations where the pre-existing security architecture hasn’t foreseen the particular instance of need, or where the backbone services which are necessary to achieve secure communications are simply out of range. Our innovation will enable this by developing a suite of protocols and associated processes for use, which can be used to bootstrap secure communications without the need for extra services or pre-agreed secrets.

The method will interface with existing systems in a variety of ways:

·           The protocols will have software implementations which will need to be loaded onto devices.

·           The human user of the method will need to contribute to the successful establishment of secure cryptographic keys to protect communications between devices, via a range of potential interfaces which will be optimised for usability.

·           It may be that some protocols exploit peripherals on board some mobile devices, in which case interoperation with such elements will be required.

Further information: http://www.cs.ox.ac.uk/hcbk/spontaneoussecurity.html

Protecting critical infrastructures providing communications, energy, or healthcare presents increasing ICT challenges as ICT itself has become vital to them.

Internet-scale ICT infrastructures (“Infrastructure Clouds”) promise scalable virtualised computing, network, and storage resources over the Internet. They provide scalability and cost-efficiency but pose significant new privacy and resilience challenges.

Clouds may evolve into a single point of failure, threaten all dependent ICT, and put the Future Internet at risk.

TCLOUDS builds a resilient Future Internet platform by progress in four areas:

• Addressing the legal and business implications while building a regulatory framework for enabling privacy-enhanced cross-border infrastructure clouds.

• Architecture and prototypes for a federation of trustworthy infrastructure clouds that build on complementary and mutually re-enforcing technical approaches:

1. A Trustworthy Infrastructure Cloud enables individual providers to offer more resilient and privacy-aware infrastructure clouds accessible via open interfaces.
2. Privacy and Resilience for Commodity Clouds enables end users to put a security layer on top of existing commodity infrastructure clouds to enforce their security objectives. This enables integration of commodity clouds into the TCLOUDS federation.
3. Federated Cloud-of-cloud Middleware offers privacy-protection and resilience beyond any individual cloud. This expands trust from trusted (enterprise-internal) clouds to less trusted (off-shored) ones, or federates a set of partially trusted providers into a trustworthy and adaptive federation that furthermore prevents lock-in to a given dominating offering.

• Validation and impact through cloud scenarios:

1. Smart power grids connect renewable energy sources and users. It is a premier example of an Internet of Things.
2. Home healthcare provides prophylaxis to citizens. We focus on the privacy and usability challenges of cross-border usage of personal data.
   Collaboration with complementary standardisation and FP7 projects maximises impact and fosters an Open European Trustworthy Cloud ecosystem.

The web is the largest freely-available source of information in the world. It is also the largest open marketplace and social / political forum in the world. The first ports-of-call for most PC-based interactions on the web are the major search engines (Google, Yahoo!, Bing), social-networking sites (facebook, MySpace), online auction sites (ebay) and web-based email providers (Yahoo!, G-Mail, Hotmail).The resources that these sites introduce us to are often unknown to us. If we are to make an informed decision on which resource(s) to trust we need evidence of their reputation or of the provenance of the information they are offering us. Where services are transaction-based there is the possibility of building reputation data from previous transactions (financial or social). Such systems exist for online commerce (ebay, amazon) and are offered for other real-world services (trip-advisor for travel related services, for example). Where there is no interaction beyond the consumption of information from a known or unknown source, the options for accessing reputation data are more limited. The TEASE project is developing innovative tools to assist users in assessing the confidence they should place in the reliability of the information that is presented to them.

Further information: www.tease-project.info

Detecting identity-based attacks using location information.

Increasing situational awareness in face of cyber attack, supporting more agile decision making – visualizes impact on business processes.

There are many tools available for detecting and monitoring cyber attacks based on network traffic, and these are accompanied by a wide variety of visualisation tools designed to make such traffic tangible to a security analyst. Many visualisation approaches have been taken in the security domain that aim to help an analyst understand elements of an attack, the location of malicious activity on a network and the possible consequences for the wider system. In contrast, visualisation of the business impact of network attacks has received little attention.

The inability to directly relate an attack to particular enterprise business processes means that, in practice, any operator of the attack monitoring tools will not easily be able to determine the consequential impact and associated risk to an enterprise (in any but the simplest of systems). Indeed, in most environments the people tasked with monitoring systems won't have the knowledge or intuition required to formulate such reasoning. This means that the potential ramifications of attacks to an enterprise activity will not be understood until a monitoring officer has flagged an attack alert (or set of alerts) as of concern, and this information has been passed to somebody who can form a judgement about the enterprise-level impact and so priortise response options according to business need. The resulting delay limits an organisation's situational awareness possibly unnecessarily, and could result in lost opportunity for forming optimal risk mitigation and recovery actions.

There is no methodology that currently addresses the mapping of attacks to business process, and no decision support tools which would enable a real-time assessment of risk based on such a mapping. This is the capability gap that CyberVis has been conceived to address, specifically by developing a visualisation technology for communicating the possible impact of cyber attacks to business processes, optimised for human perception in order to facilitate the decision making core to an agile response.

We are developing a system which we intend will have the following characteristics:

• Can produce near real-time visuals of the areas of the network potentially under attack based on reported malicious activities, how they relate to business processes of concern, and the potential cascade effects across the enterprise both at the network layer and the business process layer. The visuals are based on a conventional network topology diagrammatic representation to optimise usability.
• Can support personalisation of visually salient graphics in order to offer adaptation for perception.
• Can support a “drill down” capability enabling both wide views of the enterprise network or processes, and deep views of either; an ability to pan out and take a broad view of the impact of an attack across a network or process layer will highlight possible cascade effects, a deep dive into specific processes or network components will support focused analysis where there are many events being flagged up as of interest.
• Can reflect uncertainty in environments where threat intelligence is from sources of varying provenance, or where the relationships between business process functions and the network is designed to be flexible and the exact mapping between the two at any point in time sometimes ambiguous, or where the network is dynamically changing with components unpredictably leaving or joining.
• Is supported by a clear methodology for initialisation and an unambiguous data format to ensure the integrity of “roll back” when past events require revisiting.

Our approach has been to pursue the theoretical consideration of how to relate attacks to business processes, the informatics requirements of such a tool (what to present and when) with a practical validation of the vision through creation of a working concept demonstrator.

Ensuring Consent and Revocation aims to make an individual's consent a more powerful means for allowing them to control what happens to the personal information they disclose to organisations.

We think that this control should be capable of shaping the purposes this information is used for, with which other organisations it is shared, and for how long and where it is stored. Today, the consent required of individuals for the use, sharing and storage of personal information by others will often be a one-off choice, described in vague terms or given implicitly. This type of consent gives individuals no real control over personal information, nor the ability to revoke their consent and be sure that their wishes are respected. Our work will improve the ease, reliability and rigour with which individuals can grant and, more importantly, revoke their consent to the use, storage and sharing of their personal information by others.

Create a Responsible Research and Innovation Observatory for ICT to hold information gathered and disseminate best practice for researchers and practitioners drawing on landscape studies from the ESPRC ICT portfolio.

This project will build a researcher network focused upon ethical issues in Information and Communication Technologies (ICT) through a baseline study to understand and analyse current perceptions of ethics in ICT. This will be done by interviewing a representative cross-section of the ICT community, starting with the participants in the “The Next Decade” event.

Future Home Networks and Services is addressing home network and service security by researching and developing security frameworks for sharing between networks and devices, protocols to connect devices with cloud services, and security analysis of remote management systems.

• Aiming to understand and manage complex, global, socially interactive systems, with a focus on sustainability and resilience.
• Revealing the hidden laws & processes underlying societies probably constitutes the most pressing scientific grand challenge of our century and is equally important for the development of novel robust, trustworthy and adaptive ICT, based on socially inspired paradigms

Adding secure High Performance processing to Smart Energy Grids.

Merging consumer, retailer and DNO information to support active electricity networks.

Studying how known methods for deriving data points from information exposed on the web can be composed to gather alarming range of details.

Integrated Mobile Security Kit integrates information from legacy and novel sensor technologies into common operational picture where information is fused into intelligence, in a mobile system suitable for rapid deployment at venues which temporarily need enhanced security.

University Information Security Policies

The University's Information Security Policies are currently in draft form but state clearly the University's objectives for Information Security

The policies are supported by an Information Security Toolkit which intended to go into detail as to how the policies may be implemented.

Information Security Project

anchorThe InfoSec project will move the University to a new degree of information assurance, make it more secure, mitigate information risk, and undertake the work necessary to create a permanent enterprise-wide activity that will deliver she best possible Information Security (IS) for Oxford. The project has established a team which is responsible for helping the Collegiate University to be compliant with a set of IS policies which have been developed and will be endorsed by Council in TT 2012. Once endorsed, the new policies will be contractually binding upon members of the University as part of the Terms and Conditions of Employment and compliance will be mandatory. Therefore, the project, which has full divisional and college support, will transform the way in which information security is managed and governed throughout the University.

The InfoSec project is sponsored by the Director of IT and led by a dedicated Information Security Officer (ISO). Staff from the University have been seconded to the team and support to the project will be offered by staff from the Computer Science department, Legal Services, Council Secretariat, Personnel. The project is also being driven in close collaboration with the Internal Auditors. The InfoSec team members will be advocates for information security, be a source of expertise and help for the University, and investigate new technical solutions such as whole disk ecnryption. The project is being run and operated alongside the OxCERT team in the Computing Services for a period of 24 months. However the activities undertaken by the project will become a permanent activity within the new ICT department, which will be formed from the three existing central IT departments.

Project Objectives

The main aims of the project are to:

• Mitigate IS risk for the University
• Establish a co-ordinated and strategic approach to Information Security within the University (and Colleges as they wish) with an appropriate governance structure which will underpin a permanent IS activity following the completion of the InfoSec project
• Foster an understanding that Information Security must be supported by the University's executive management
• Ensure Information Security Policies are recognised and interpreted consistently by units across the University
• Establish acceptance of the new polices with Heads of Department and Administratorsat a local level
• Increase awareness of Information Security issues and the procedures necessary to ensure compliance with legislation and University policy
• Alter the preconception that Information Security is an issue purely related to IT
• Identify the most valuable and at risk informational assets within the University and seek to mitigate the risks
• Conduct an effective 'Proof-of-Concept' activity which helps to establish the requirements for a follow on Information Security Assessment Service

Contact Information

Questions and comments relating to Information Security issues should be directed to infosec@oucs.ox.ac.uk

Developing new techniques for detecting insiders acting maliciously within cloud ecosystems and across supply chains.

Network of Excellence in Internet Science aims to strengthen scientific and technological excellence by developing an integrated and interdisciplinary scientific understanding of Internet networks and their co-evolution with society. Oxford is leading work on identity, privacy, reputation and trust.

The Information Security Best Practice project (May 2010 - Oct 2011) helped the collegiate University employ best practice by providing:

• a new Information Security Policy
• an Information Security Toolkit to support that policy

Investigating the interaction between Cloud and Trusted computing with a practical demonstration for the energy industry.

There are currently a profusion of projects working with the ‘cloud’, a flexible computational platform allowing significant scalability and service based provision model. Unfortunately there are currently significant limitations in assuring data provenance when using these systems, in terms of guaranteeing both the origin and operations performed on data. This is limiting uptake by a number of communities whose emerging information models appear otherwise well suited. The situation is complicated by the only available software on which a user community or institution would build a cloud being limited with a number based on a single open source solution. As an alternative the commercial providers have each developed their own software solutions, the internals of which are not visible, including the models of trust and security that are applied to these infrastructures.

Responsibility for network security within the University lies with the Oxford University Computer Emergency Response Team (OxCERT). Based within the Networks and Telecommunications Group at OUCS, the team exists primarily to ensure the security of the University backbone network.

The team's main responsibilities include the following:

• Identifying compromised or potentially-compromised systems within the University network, and taking appropriate measures to prevent malicious network traffic from such systems.
• Liaising with IT staff to ensure that security incidents are dealt with promptly, and to ensure that compromised systems are fully cleaned and patched against known vulnerabilities before being reconnected to the network.
• Informing IT staff where necessary of critical vulnerabilities and suggesting remedial action.
• Promoting good security practice throughout the University.
• Liaising with the global IT security community, in particular as a member of FIRST (Forum of Incident Response and Security Teams).

• Security can be compromised by users sharing systems with parties who are not supposed to be able to get any information about them.
• Highly relevant to Cloud.
• At the leading edge of formulating and automating methods for discovering unwelcome information flows, including, for the first time, timing channels.

Privacy Value Networks is producing an empirical base for developing concepts of privacy across contexts and timeframes, addressing a current lack of clarity of what privacy is and what it means to stakeholders in different usage scenarios.

Formalism for modelling interactions involving adjacency or action at a distance.  Rebarbative semantics being tamed to allow model-checking.

We are developing methods to support strong, but cheap and simple to use, authentication in pervasive devices used by humans.

• New family of security mechanisms that allow people to create secure connections between pairs or groups of devices with minimal effort.
• Collaborative working.
• Security where infrastructure is missing, compromised or out of action.
• Improved payment methods.
• Human-scale networks (e.g. healthcare sensors)

Creating new measures of identity combining physical and cyber inputs, resulting in a more complete and dynamic picture of who someone or some group is. Supported by visual analytics to help understand the complexities of identity attribution and communicate the relative confidence which can be placed in it.

A recent assessment by the National Fraud Authority estimates the cost of UK identity fraud to exceed £2.7 billion a year. This affects up to 1.8 million people with much of the impact directly hitting the public purse. In a criminal context, identification of the wrong suspect can contribute to the criminal trial, conviction and sentencing of an innocent party together with a failure to pursue the true perpetrator. As a response to these two issues, the Super Identity project will provide a framework, which incorporates an augmented reality user-interface, and which moves beyond any existing work through the combination of information from both real and cyber domains. As such, the Super Identity project will aim to:

1. Provide an informed identification decision, combining real-world and cyber measures.
2. Quantify the (un)certainty associated with the final identity decision.
3. Develop a more comprehensive academic understanding of the facets of identity.

The Super Identity project will provide an interactive visual interface to improve identification decisions. This can be implemented in a variety of security and intelligence situations, with the aim of detecting and reducing fraudulent activity. The project will also help law enforcement to have more certainty in their identification decisions, and to better direct their resources where information is lacking. Given the use of real-world and cyber measures of identity, one novel and exciting capacity within the Super Identity framework is the ability to identify groups of people as well as individuals. For instance, the Super Identity approach will be capable of indicating where seemingly unrelated people in a crowd are actually linked in online groups. This exceeds existing capacity, and offers a powerful and novel development in our understanding of identity.

webinos is an EU-funded project aiming to deliver a platform for web applications across mobile, PC, home media (TV) and in-car devices.

The webinos project will define and deliver an Open Source Platform and software components for the Future Internet in the form of web runtime extensions, to enable web applications and services to be used and shared consistently and securely over a broad spectrum of converged and connected devices, including mobile, PC, home media (TV) and in-car units.

webinos in a Nutshell: Promoting a “single service for every device” vision, webinos will move the existing baseline of web development from installed applications to services, running consistently across a wide range of connected devices, ensuring that the technologies for describing, negotiating, securing, utilizing device functionalities and adapting to context are fit for purpose.

Innovations in contextual description will be broad covering but not limited to device capabilities, network access, user identity and preferences, location, behaviourally induced properties and finally the more complex issue of the users’ social network context and social media engagement.

webinos will boost the industry migration towards web-based services. webinos can back this by providing inter-operable, standardised, open source technology utilizable across domains with direct commercially exploitable value. webinos will also act as an industry catalyst to encourage collaboration and discourage fragmentation in this space. There are strong industry moves towards Internet friendly and Internet integrated offerings, and there exists a window of opportunity to place the webinos technology on a robust open foundation that will remove economic barriers to engagement, embody policy on data privacy in concrete technology and creating a centre of web centric expertise.

(webinos was initially known as WAX). 

Intentional, real-time interference at the wireless channel: enforcing access control policies.

Using the physical environment as a source of randomness.