The white paper, entitled ‘The Relative Effectiveness of widely used Risk Controls and the Real Value of Compliance’, was launched at The Old Library, Lloyd’s of London, on 21 February.
The paper discusses the findings of the second phase of a collaborative research programme, sponsored and funded by Novae Group, which draws upon the expertise of academics at the University of Oxford both in the Department of Computer Science (Professor Sadie Creese, Professor Michael Goldsmith, Dr Ioannis Agrafiotis and Dr Jason R.C. Nurse) and at the Saïd Business School (Professor David Upton).
Professor Sadie Creese commented: “Instead of simply working to comply with standards, organisations must look carefully at the vulnerabilities inherent in the assets that they want to protect. Cyber-attackers are creative and aggressive. Both the changing threat and the attack-surface of an organization must be modelled in order to ensure that cyber-controls offer adequate protection from harm.”
The white paper can be downloaded here. A summary document is also available, here.
The Centre for Doctoral Training (CDT) in Cyber Security has been awarded £3.5m in government funding, starting from October 2016.
The Centre admits up to 16 students each year to undertake advanced study and research in cyber security. Students come from all over the world to study on this four-year programme, and graduate with a DPhil degree, having made a significant research contribution towards addressing one of the many challenges which arise in this fast-moving area of study. The Government funding, together with University funding, supports 12 of these students, paying their full fees and a stipend.
The Centre was established with a similar grant in 2013, and presently has around 45 students in progress, undertaking research in areas ranging from cryptographic and internet protocols through to international cyber policy and the laws around computer misuse. It is formed from a collaboration of several University Departments, including Computer Science, the Oxford Internet Institute, and the Department of Politics and International Relations. The work is strongly academic, but the CDT has regular interactions with leading businesses which create or use cyber security solutions.
Centre Director, Professor Andrew Martin, said, ‘Cyber Security affects everyone’s lives today. It is crucial that the leading thinkers of the next generation are well-versed in its challenges, and able to pre-empt new problems before they arise. The renewal of our funding is a great endorsement of our inter-disciplinary approach to education in this area.’
The new grant was awarded after a review from industry leaders and academics from outside the University. It is part of the funding for the UK Government’s new Cyber Security Strategy launched today by The Right Honourable Philip Hammond MP, Chancellor of the Exchequer.
The CDT website is here: www.cybersecurity.ox.ac.uk/cdt. Applications from well-qualified individuals for entry in 2017 are welcome, with a deadline early in 2017 – see the website for details.
The University is one of 13 recognised by EPSRC and GCHQ as Academic Centres of excellence in Cyber Security Research. Research in Cyber Security is carried out across around a dozen Departments of the University.
The 2nd Annual Cybersecurity Early Careers Researchers Symposium took place on 30 September 2016 at the Oxford e-Research Centre.
This event was organised by Cyber Security Oxford as an opportunity for Oxford students, RAs and Postdocs to showcase their work and make new connections: this year the event was expanded to include guests visiting from the University of Johannesburg and Columbia University. Submissions were encouraged from across the University and the range of talks spanned human-computer interaction, machine learning, authentication, security analytics, international relations, insurance, maths, law, medical research, sociology, and the University’s own IT systems. The keynote speaker was Professor Basie von Solms, Director of the Centre for Cyber Security at the University of Johannesburg, who started with a barnstorming talk on research ethics. Prizes were awarded to Grace Leung (Johannesburg: “Protecting Cybersecurity Machine Learning”), Laurie Pycroft (Nuffield Department of Surgical Sciences: “Brainjacking: Risks of Neurological Implants”), and Mike Davies (Computer Science: “Are we managing the risk of sharing Cyber Situational Awareness? A UK public sector case study”).
The programme and book of abstracts is available here; the book of abstracts from the 2015 event is available here.
Prof Lujo Bauer (Carnegie Mellon University) will give a talk on Friday 30th September at 2pm in Lecture Theater A, Wolfson building, Department of Computer Science.
Title: Is pa$$w0rd1 a good password or a bad one? Towards more secure and usable text passwords
Abstract: Many security problems arise at the interface between computer systems and their users. One set of such problems relates to authentication and text-based passwords, which despite numerous shortcomings and attacks remain the dominant authentication method in computer systems.
For several years, we’ve been studying how to help users create passwords that are hard for attackers to crack, but are still easy for users to remember and use. A key challenge in this work was to develop and validate a methodology for collecting passwords and assessing their strength and usability. I’ll discuss our approach, and how we applied it to over 50,000 participants to study a range of topics — including the effects on password security and usability of different password-composition policies, password meters, and other user guidance; and whether users make poor passwords on purpose or because they don’t know any better. I’ll also attempt to answer the age-old question: Do computer scientists or engineers make stronger passwords?
Bio: Lujo Bauer is an Associate Professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University.
He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D., also in Computer Science, from Princeton University in 2003.
Dr. Bauer’s research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online.
Dr. Bauer recently served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.
In a university-wide student survey the Department’s Centre for Doctoral Training in Cyber Security has top marks for student satisfaction. This year’s Student Barometer shows very high levels of satisfaction across all aspects of student life and across the student career: learning and teaching, accommodation, social life, welfare and support services.The annual Student Barometer surveys all full-time students at all levels of study, and all nationalities (except final-year undergrads). It surveys all aspects of life as a student at Oxford.
The CDT scored 100% in categories including expertise & teaching ability of staff, opportunities for work experience and quality of lab space.
Read more about the Centre for Doctoral Training in Cyber Security here:
The 2nd Annual Oxford University Cybersecurity Early Careers Researchers Symposium, organised by the Department of Computer Science, will take place on Friday 30 September 2016 at the Oxford e-Research Centre.
This event is conducted through Cyber Security Oxford and offers a perfect opportunity for University of Oxford students, RAs and Postdocs to showcase their work. Submissions are encouraged from a wide range of disciplines, including computer science, human-computer interaction, social science, psychology, law, geography, politics, mathematics, and virtually any other field imaginable. This relaxed and multidisciplinary event offers a perfect setting for meeting colleagues from other departments. An exciting keynote speaker has been booked, and a number of great prizes will be on offer during the day.
Streams will be split in four ways, giving everyone the chance to present ideas, regardless of their completeness. Participants can present 15-minute full presentations, 5-minute lightning talks, academic posters or live demos.
The newly formed Oxford Capture the Flag team “Ox002147” faced tough competition at the annual flagship CTF competition conducted by SDSLabs and InfoSecIITR. They finished an impressive 6th place out of 429 teams, many of whom are vastly more experienced. The team consisted of Ilias Giechaskiel (CDT2014), David Korczynski, Rodrigo Carvalho (CDT2013), Alastair Janse van Rensburg (CDT2014), Louise Axon (CDT2014) and scored a total of 2280 points completing 15 puzzles over the 24 hour event.
The team plans to continue their impressive form at future events.