The Centre for Doctoral Training (CDT) in Cyber Security has been awarded £3.5m in government funding, starting from October 2016.

The Centre admits up to 16 students each year to undertake advanced study and research in cyber security. Students come from all over the world to study on this four-year programme, and graduate with a DPhil degree, having made a significant research contribution towards addressing one of the many challenges which arise in this fast-moving area of study. The Government funding, together with University funding, supports 12 of these students, paying their full fees and a stipend.

The Centre was established with a similar grant in 2013, and presently has around 45 students in progress, undertaking research in areas ranging from cryptographic and internet protocols through to international cyber policy and the laws around computer misuse. It is formed from a collaboration of several University Departments, including Computer Science, the Oxford Internet Institute, and the Department of Politics and International Relations. The work is strongly academic, but the CDT has regular interactions with leading businesses which create or use cyber security solutions.

Centre Director, Professor Andrew Martin, said, ‘Cyber Security affects everyone’s lives today. It is crucial that the leading thinkers of the next generation are well-versed in its challenges, and able to pre-empt new problems before they arise. The renewal of our funding is a great endorsement of our inter-disciplinary approach to education in this area.’

The new grant was awarded after a review from industry leaders and academics from outside the University. It is part of the funding for the UK Government’s new Cyber Security Strategy launched today by The Right Honourable Philip Hammond MP, Chancellor of the Exchequer.

Notes

1. The CDT website is here:  www.cybersecurity.ox.ac.uk/cdt. Applications from well-qualified individuals for entry in 2017 are welcome, with a deadline early in 2017 – see the website for details.
2. The Cyber Studies Programme in the Department of Politics and International Relations is here:  http://www.politics.ox.ac.uk/centre/cyber-studies-programme.html  It is supported by the European Social Fund.
3. The University is one of 13 recognised by EPSRC and GCHQ as Academic Centres of excellence in Cyber Security Research.  Research in Cyber Security is carried out across around a dozen Departments of the University.

The Networked Quantum Information Technologies Hub (working to build a quantum computer in Oxford) is devoting part of its time to investigating considerations for Responsible Research and Innovation, to help make sure we have a clear-eyed understanding of the technology.  They have have produced an excellent video explaining some of the considerations: https://www.youtube.com/watch?v=b5acavRsB3Y&feature=youtu.be

The 2nd Annual Cybersecurity Early Careers Researchers Symposium took place on 30 September 2016 at the Oxford e-Research Centre.

This event was organised by Cyber Security Oxford as an opportunity for Oxford students, RAs and Postdocs to showcase their work and make new connections: this year the event was expanded to include guests visiting from the University of Johannesburg and Columbia University. Submissions were encouraged from across the University and the range of talks spanned human-computer interaction, machine learning, authentication, security analytics, international relations, insurance, maths, law, medical research, sociology, and the University’s own IT systems.  The keynote speaker was Professor Basie von Solms, Director of the Centre for Cyber Security at the University of Johannesburg, who started with a barnstorming talk on research ethics.  Prizes were awarded to Grace Leung (Johannesburg: “Protecting Cybersecurity Machine Learning”), Laurie Pycroft (Nuffield Department of Surgical Sciences: “Brainjacking: Risks of Neurological Implants”), and Mike Davies (Computer Science: “Are we managing the risk of sharing Cyber Situational Awareness? A UK public sector case study”).

The programme and book of abstracts is available here; the book of abstracts from the 2015 event is available here.

Prof Lujo Bauer (Carnegie Mellon University) will give a talk on Friday 30th September at 2pm in Lecture Theater A, Wolfson building, Department of Computer Science.

Title:  Is pa$$w0rd1 a good password or a bad one?  Towards more secure and usable text passwords

Abstract: Many security problems arise at the interface between computer systems and their users.  One set of such problems relates to authentication and text-based passwords, which despite numerous shortcomings and attacks remain the dominant authentication method in computer systems.

For several years, we’ve been studying how to help users create passwords that are hard for attackers to crack, but are still easy for users to remember and use.  A key challenge in this work was to develop and validate a methodology for collecting passwords and assessing their strength and usability.  I’ll discuss our approach, and how we applied it to over 50,000 participants to study a range of topics — including the effects on password security and usability of different password-composition policies, password meters, and other user guidance; and whether users make poor passwords on purpose or because they don’t know any better.  I’ll also attempt to answer the age-old question: Do computer scientists or engineers make stronger passwords?

Bio: Lujo Bauer is an Associate Professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University.

He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D., also in Computer Science, from Princeton University in 2003.

Dr. Bauer’s research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online.

Dr. Bauer recently served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.

Hot off the press: “Towards Designing a Multipurpose Cybercrime Intelligence Framework” by Mariam Nouh, Jason R. C. Nurse and Michael Goldsmith, presented at the European Intelligence
and Security Informatics Conference (EISIC) 2016. Paper downloadable here.

The 2nd Annual Oxford University Cybersecurity Early Careers Researchers Symposium, organised by the Department of Computer Science, will take place on Friday 30 September 2016 at the Oxford e-Research Centre.

This event is conducted through Cyber Security Oxford and offers a perfect opportunity for University of Oxford students, RAs and Postdocs to showcase their work. Submissions are encouraged from a wide range of disciplines, including computer science, human-computer interaction, social science, psychology, law, geography, politics, mathematics, and virtually any other field imaginable. This relaxed and multidisciplinary event offers a perfect setting for meeting colleagues from other departments. An exciting keynote speaker has been booked, and a number of great prizes will be on offer during the day.

Streams will be split in four ways, giving everyone the chance to present ideas, regardless of their completeness. Participants can present 15-minute full presentations, 5-minute lightning talks, academic posters or live demos.

Submissions should take the form of simple 200-word micro-abstracts, uploaded to EasyChair by Friday 9th September. https://easychair.org/account/signin.cgi?key=39890458.WXCMQRKV88zTVpy3

Registration for the event closes on Monday 19th September, with no registration fee.

The newly formed Oxford Capture the Flag team “Ox002147” faced tough competition at the annual flagship CTF competition conducted by SDSLabs and InfoSecIITR. They finished an impressive 6^th place out of 429 teams, many of whom are vastly more experienced.  The team consisted of Ilias Giechaskiel (CDT2014), David Korczynski, Rodrigo Carvalho (CDT2013), Alastair Janse van Rensburg (CDT2014), Louise Axon (CDT2014) and scored a total of 2280 points completing 15 puzzles over the 24 hour event.

The team plans to continue their impressive form at future events.

Bushra Alahmadi’s (CDT 2013) work on ‘Malware Classification using Network Flow Sequence Mining’ has been recognised by the Computer Antivirus Research Organisation at the 10^th CARO workshop held in Romania May 19^th – 20^th. The annual award was presented by well-known researcher Vessellin Bontchev as part of the two day workshop focussing on “War of the Machines”. Bushra relished the opportunity to present her findings to worldwide leaders in cybersecurity and continues to work on cutting edge research.

We fielded a team for the ascii overflow Capture-the-flag competition this weekend (13 May): see their twitter account for a blow-by-blow description of the competition.  Oxford’s team came 19th of 435 teams.  Well done!

Involved in the competition:

Cyber CDT students Ilias Giechaskiel, Alastair Janse van Rensburg, Rodrigo Carvalho, Richard Baker, Andrew Dwyer, Adam Zibak and Louise Axon.

Computer Science doctoral student David Korczynski

And the Best Newcomer award goes to Comp Sci undergraduate Emma Espinosa!