Centre for Doctoral Training in Cyber Security

CDT Research Themes

We have selected four major research themes into which the great majority of the CDT’s research fits – whether focussed upon application domains or on underpinning research challenges. These represent both notable application areas and emerging cyber security goals.

1. Security of ‘Big Data’ covers the acquisition, management, and exploitation of data in a wide variety of contexts. Security and privacy concerns often arise here – and may conflict with each other – together with issues for public policy and economic concerns. Not only must emerging security challenges be ad-dressed, new potential attack vectors arising from the volume and form of the data, such as enhanced risks of de-anonymisation, must be anticipated – having regard to major technical and design challenges. A major application area for this research is in medical research, as the formerly expected boundaries between public data, research, and clinical contexts crumble: in the handling of genomic data, autonomous data collection, and the co-management of personal health data. Potential Doctoral Project: identifying and classifying security threats via social media. Powerful statistical tests for undesired behaviour have been developed in steganography: can modifications of these mine social media data for security threats?

2. Cyber-Physical Security considers the integration and interaction of digital and physical environments, and their emergent security properties; particularly relating to sensors, mobile devices, the internet of things, and smart power grids. In this way, we augment conventional security with physical information such as location and time, enabling novel security models. Applications arise in critical infrastructure monitoring, transportation, and assisted living. Potential doctoral project: use of ad hoc security in military environments. It is now possible for humans to bootstrap strong security between devices based on their own judgement rather than heavyweight security infra-structure. What are appropriate rules for use, and modes of use in military and similar environments, at different classification levels?

3. Effective Systems Verification and Assurance has been at the heart of Oxford’s longstanding strength in formal methods for modelling and abstraction applied to hardware and software verification, proof of security, and protocol verification. In the CDT we place it in a wider process context extending to procurement and supply chain management, as well as criminology and malware analysis, high-assurance systems, and systems architectures. Possible project: Malware identification by verification – model-checking techniques can be used to check semantic properties of code. A piece of code which can generate a modified piece of code with essentially the same semantics is probably a virus.

4. Real-Time Security arises in both user-facing and network-facing tools. This theme addresses the technologies which make possible continuous authentication based on user behaviour, evolving access control making decisions based on past behaviour instead of a static policy, visual analytics and machine learning applied network security management, anomaly detection, and dynamic reconfiguration. These pieces contribute in various ways to an integrated goal of situational awareness. Potential project: continuous collection of data from webcams, keyboards, touchpads, etc., can extract a behavioural fingerprint for a user. What are the storage-performance-accuracy-privacy trade- offs entailed in presenting this as provenance information and post-hoc access control data, to track integrity and confidentiality in the long term?