With experts working in over 20 units across the University, the network is able to address the difficult questions that cross the borders of traditional academic disciplines: what does ‘good’ cybersecurity look like, and how does that change in different contexts? How can technology interact gracefully with messy human realities?
Our research fits broadly within five mutually-supporting themes:
Secure systems and technology: research into how to build ‘good tech’ including cloud security, cryptography, trusted platforms, wireless security, mobile security and secure coding paradigms. See for example the 5G Ensure project, the FastPass project, the Trustworthy Digital Systems project, the MyTrustedCloud project, the Software Engineering Programme and work in Steganography and steganalysis.
Verification and assurance: Two disciplines that help establish how much confidence you can have in a system. Assurance focuses on managing risks related to the use, processing, storage, and transmission of information, whereas Formal Verification seeks to build a mathematical model of a digital system and then try to prove whether it is ‘correct’ (this often helps spot subtle flaws). The Automated Verification group at the University of Oxford is one of the largest and most respected in the world. See for example the Scyther tool, the Tamarin prover, and work in Concurrency and Mobile security technology.
Operational risk and analytics: understanding the risk and harm resulting from cyberattack, and how it propagates across and between organisations. Work focuses on creating situational awareness; metrics and models for security postures; and analytics for predicting risk, prioritising responses and supporting security operations. See for example the Corporate Insider Threat Detection project, the METAVIS project, the Richer Picture project, and work on Corporate supply chain risk.
Identity, behaviour and ethics: bringing diverse perspectives and interpretations to questions like: Who are you online, how do you communicate, and what can (or should) you do? See for example work on Continuous user authentication and behavioural biometrics, the Trustworthy Remote Entities project, the SuperIdentity project, the Digital Wildfire project, and Ethical Privacy Guidelines for Mobile Connectivity Measurements.
National and international security and governance: looking at politics, international relations, defence, policy and governance issues: how do countries and communities interact with (and through) technology, and how might this change in different contexts? See for example the Cyber Studies Programme, the Smart Society project, the Changing Character of War Centre and the Global Cyber Security Capacity Centre.
And a cross-cutting theme, weaving through the others:
Human aspects of cyber security/Human-centred computing: understanding the ways humans interact with (and through) digital systems – whether to understand and design for target users, or to understand how adversaries operate and can exploit the systems. This includes aspects like usability, trust, collaborative practices, social embeddedness, nationhood, cultural diversity and the relationship between microsocial interactions and global structures. See for example the Human Cybercriminal Project, the Framework for Responsible Research & Innovation in ICT project, the Responsible Research and Innovation in Networked Quantum IT project (part of the NQIT hub), and our role in the Responsible Research and Innovation, ethics and human-factors components of the Alan Turing Institute and the PETRAS Internet of Things hub.
For a list of current and previous research, see our activities page.