John Crain, Chief Security, Stability and Resiliency Officer for ICANN, the international body in charge of maintaining the Internet’s Domain Name System (DNS) will open the workshop with a short talk covering the latest developments and trends in the world of cybersecurity, and his perspective on the challenges ahead, both on the technical and on the policy sides.
He will be joined by other experts including Emily Taylor, co-chair of the global DNS Security & Stability Review, for a discussion and an exchange with the audience.
Expanding to wider considerations, ICANN’s Vice President Europe Jean-Jacques Sahel will kick off the second part of the workshop with a short talk on the latest evolutions in Internet Governance, from ICANN becoming independent from government oversight to the ongoing efforts to improve governance and accountability which are happening across the Internet ecosystem. He will be joined by the other key participants for a discussion of these issues with the audience.
Participants will be expected to join in actively in the discussion, so we look forward to seeing you!
The University of Oxford has been recognised for a second time as an Academic Centre of Excellence in Cyber Security Research (ACE-CSR). Oxford is one of 14 universities recognised by the National Cyber Security Centre (NCSC) and the Engineering and Physical Sciences Research Council (EPSRC), based on review by a panel of experts. This was announced by the Minister for the Cabinet Office, the Rt Hon. Ben Gummer MP, on 3rd April.
The University of Oxford was first recognised as an ACE-CSR in 2012. In that first round, the work of ten academics was included; but since then the activity in Cyber Security at Oxford has grown and developed so that nineteen were in the recent submission.
Professor Andrew Martin, who is the lead for the ACE-CSR in Oxford, said: “In Oxford we have embraced an inter-disciplinary approach to Cyber Security. Our research network is centred on Computer Science, but embraces many in the social sciences, including the Department of Politics and International Relations, the Oxford Internet Institute, and the Saïd Business School. Many perspectives are needed if we are to make progress in solving Cyber Security problems.”
The Centre of Excellence gives the University a great platform from which to engage with the world beyond academia: a variety of Cyber Security research projects are engaged with industrial, government and civil society partners (see e.g. https://www.cybersecurity.ox.ac.uk/research/projects). Two of our experts received Oxford Impact Awards in 2017: Professor Ivan Martinovic for his research into the security and privacy aspects of the communications technologies used in air traffic control and surveillance in civil aviation, and Professor Cas Cremers for his work on the Transport Layer Security Protocol, which has led to significant improvements in the next generation of internet security. In 2016 Professor Bill Roscoe was given a lifetime award for external engagement and promoting impact of his pioneering work applying formal verification tools in industry.
There are a number of large initiatives within the University that contribute to the Cyber Security Oxford network: the EPSRC/DCMS-funded Centre for Doctoral Training in Cyber Security, the EU-funded Cyber Studies Programme in the Department of Politics and International Relations and the Global Cyber Security Capacity Centre, funded by the UK Foreign Office, and the Governments of Norway and the Netherlands. Oxford Cyber Security researchers are also involved with national flagship projects like the PETRAS Internet of Things hub and the Alan Turing Institute. Cyber Security research in the University spans topics as diverse as cryptography, wireless security, formal verification, situational awareness and analytics, online identity, and understanding how countries and communities interact with (and through) technology.
Minister for the Cabinet Office Ben Gummer said:
“Britain has to stay one step ahead of the often invisible cyber wars taking place on our networks, in our homes, and across our infrastructure.
“We can only do that with truly ground-breaking research. It is critical that the entire UK maintains its strength in this area, from London to Lancaster and from Belfast to Edinburgh.”
The white paper, entitled ‘The Relative Effectiveness of widely used Risk Controls and the Real Value of Compliance’, was launched at The Old Library, Lloyd’s of London, on 21 February.
The paper discusses the findings of the second phase of a collaborative research programme, sponsored and funded by Novae Group, which draws upon the expertise of academics at the University of Oxford both in the Department of Computer Science (Professor Sadie Creese, Professor Michael Goldsmith, Dr Ioannis Agrafiotis and Dr Jason R.C. Nurse) and at the Saïd Business School (Professor David Upton).
Professor Sadie Creese commented: “Instead of simply working to comply with standards, organisations must look carefully at the vulnerabilities inherent in the assets that they want to protect. Cyber-attackers are creative and aggressive. Both the changing threat and the attack-surface of an organization must be modelled in order to ensure that cyber-controls offer adequate protection from harm.”
The white paper can be downloaded here. A summary document is also available, here.
The Centre for Doctoral Training (CDT) in Cyber Security has been awarded £3.5m in government funding, starting from October 2016.
The Centre admits up to 16 students each year to undertake advanced study and research in cyber security. Students come from all over the world to study on this four-year programme, and graduate with a DPhil degree, having made a significant research contribution towards addressing one of the many challenges which arise in this fast-moving area of study. The Government funding, together with University funding, supports 12 of these students, paying their full fees and a stipend.
The Centre was established with a similar grant in 2013, and presently has around 45 students in progress, undertaking research in areas ranging from cryptographic and internet protocols through to international cyber policy and the laws around computer misuse. It is formed from a collaboration of several University Departments, including Computer Science, the Oxford Internet Institute, and the Department of Politics and International Relations. The work is strongly academic, but the CDT has regular interactions with leading businesses which create or use cyber security solutions.
Centre Director, Professor Andrew Martin, said, ‘Cyber Security affects everyone’s lives today. It is crucial that the leading thinkers of the next generation are well-versed in its challenges, and able to pre-empt new problems before they arise. The renewal of our funding is a great endorsement of our inter-disciplinary approach to education in this area.’
The new grant was awarded after a review from industry leaders and academics from outside the University. It is part of the funding for the UK Government’s new Cyber Security Strategy launched today by The Right Honourable Philip Hammond MP, Chancellor of the Exchequer.
The CDT website is here: www.cybersecurity.ox.ac.uk/cdt. Applications from well-qualified individuals for entry in 2017 are welcome, with a deadline early in 2017 – see the website for details.
The University is one of 13 recognised by EPSRC and GCHQ as Academic Centres of excellence in Cyber Security Research. Research in Cyber Security is carried out across around a dozen Departments of the University.
The 2nd Annual Cybersecurity Early Careers Researchers Symposium took place on 30 September 2016 at the Oxford e-Research Centre.
This event was organised by Cyber Security Oxford as an opportunity for Oxford students, RAs and Postdocs to showcase their work and make new connections: this year the event was expanded to include guests visiting from the University of Johannesburg and Columbia University. Submissions were encouraged from across the University and the range of talks spanned human-computer interaction, machine learning, authentication, security analytics, international relations, insurance, maths, law, medical research, sociology, and the University’s own IT systems. The keynote speaker was Professor Basie von Solms, Director of the Centre for Cyber Security at the University of Johannesburg, who started with a barnstorming talk on research ethics. Prizes were awarded to Grace Leung (Johannesburg: “Protecting Cybersecurity Machine Learning”), Laurie Pycroft (Nuffield Department of Surgical Sciences: “Brainjacking: Risks of Neurological Implants”), and Mike Davies (Computer Science: “Are we managing the risk of sharing Cyber Situational Awareness? A UK public sector case study”).
The programme and book of abstracts is available here; the book of abstracts from the 2015 event is available here.
Prof Lujo Bauer (Carnegie Mellon University) will give a talk on Friday 30th September at 2pm in Lecture Theater A, Wolfson building, Department of Computer Science.
Title: Is pa$$w0rd1 a good password or a bad one? Towards more secure and usable text passwords
Abstract: Many security problems arise at the interface between computer systems and their users. One set of such problems relates to authentication and text-based passwords, which despite numerous shortcomings and attacks remain the dominant authentication method in computer systems.
For several years, we’ve been studying how to help users create passwords that are hard for attackers to crack, but are still easy for users to remember and use. A key challenge in this work was to develop and validate a methodology for collecting passwords and assessing their strength and usability. I’ll discuss our approach, and how we applied it to over 50,000 participants to study a range of topics — including the effects on password security and usability of different password-composition policies, password meters, and other user guidance; and whether users make poor passwords on purpose or because they don’t know any better. I’ll also attempt to answer the age-old question: Do computer scientists or engineers make stronger passwords?
Bio: Lujo Bauer is an Associate Professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University.
He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D., also in Computer Science, from Princeton University in 2003.
Dr. Bauer’s research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online.
Dr. Bauer recently served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.