The PETRAS consortium of nine leading universities, led by UCL with Imperial College London, University of Oxford, University of Warwick, Lancaster University, University of Southampton, University of Surrey, University of Edinburgh and Cardiff University will work together over the next three years to explore critical issues in privacy, ethics, trust, reliability, acceptability, and security for the Internet of Things.
Oxford’s participation in the consortium is led by the e-Research Centre and the Oxford Internet Institute, and also involves the Department of Computer Science, the Department of Engineering Science and the Saïd Business School, with further collaborations planned. Work at the OII will focus and lead on the socio-ethical aspects of IOT research, technologies, and applications.
PROTECTIVE: Proactive Risk Management through Improved Cyber Situational Awareness
August 2016 - August 2019
August 2016 - August 2019
Jassim Happa (Oxford leader: 10 partners coordinated via Dublin)
PROTECTIVE is designed to improve an organisations ongoing awareness of the risk posed to its business by cyber security attacks. PROTECTIVE makes two key contributions to achieve this enhanced situational awareness. Firstly it increases the computer security incident response team’s (CSIRT) threat awareness through improved security monitoring and increased sharing of threat intelligence between organisations within a community. Secondly it ranks critical alerts based on the potential damage the attack can inflict on the threatened assets and hence to the organisations business. High impact alerts that target important hosts will have a higher priority than other alerts. Through the combination of these two measures organisations are better prepared to handle incoming attacks, malware outbreaks and other security problems and to guide the development of the prevention and remediation processes.
The PROTECTIVE system is designed to provide solutions for public domain CSIRTs and SME’s who both have needs outside the mainstream of cyber security solution provision. Public CSIRTs needs arise in part because commercial tools do not address their unique requirements. This has created a shortfall, clearly articulated by ENISA, of tools with the required analytical and visualisation capabilities to enable public CSIRTs provide optimised services to their constituency. SME’s also are vulnerable to cybercrime as they have limited resources to protect themselves and often a limited understanding of what needs to be done. Two pilots will be conducted to evaluate and validate the PROTECTIVE outcomes with CSIRTs from 3 National Research and Educational Networks (NRENs) and with SMEs via a managed security service provider (MSSP).
The PROTECTIVE consortium is constituted of 3 NRENs, 3 academic and four commercial partners from 8 countries so as to maximise the technical and commercial impact of the outputs and the dissemination and uptake of the results. http://cordis.europa.eu/project/rcn/202674_en.html
Trusted Cloud Knowledge Transfer Partnership
June 2015 - May 2017
June 2015 - May 2017
The EPSRC MyTrustedCloud project (2011) was highly successful with aspects of this work are being taken forward directly in an InnovateUK funded Knowledge Transfer Project. The original project investigated how this integration of trusted and cloud computing could be used in a practical scenario. The usecase supported trusted data exchange and application attestation to manage communication between the Distribution and transmission networks using cloud computing as the data exchange vehicle. The project created a detailed threat analysis of using IaaS cloud systems and the specific countermeasures that trusted platform allow within the system, an exemplar software framework in which energy researchers are able to start making use of commercially sensitive information while at the same time make full use of cloud computing.
The Trusted Cloud Knowledge Transfer Partnership (2015-17) will develop this substantially further bringing verifiable data privacy and security to production public cloud computing. This project, working with corporate partner 100PercentIT, will build a production trusted cloud which will be certified by NCSC and include digital key management technologies to ensure isolation of user certificates from the cloud provider. Through the developed Porridge remote attestation service it will enable multiple business models rooted in cryptographically verifiable trust. A cloud user will be able to verify the identity and configuration of any remote system in a scaleable and resiliant manner building from the cloud storage and physical infrastructure through to a full chain of trust capability of any virtual instance started within the cloud. This will support software whitelisting within all of the computational systems and trusted application or software signing through the trusted storage. The KTP has stated aims of doubling the profitability of the commercial partner who already has over 20 current and potential customers interested in this new capability and who have stated they would pay for it as soon as available and certified.
Global Cyber Security Capacity Centre
April 2013 - March 2017
April 2013 - March 2017
Sadie Creese, Ian Brown, Michael Goldsmith, David Upton
The Global Cyber Security Capacity Centre (GCSCC) is a leading international centre for research on efficient and effective cybersecurity capacity building. It has created the National Cybersecurity Capacity Maturity Model (CMM), the first-of-its-kind model to review a country’s cybersecurity capacity maturity. Together with key strategic international partners, such as the World Bank, the Organization of American States (OAS), the Commonwealth Telecommunications Organisation, and the International Telecommunication Union, the Capacity Centre has since 2015 successfully deployed the CMM in over 40 countries around the world, and significantly underpinned a regional study in Latin America and the Caribbean through collaboration with the OAS. The review processes and the resulting reports, drafted by the GCSCC, enabled the governments to benchmark national cybersecurity policy and strategies, cybersecurity culture, knowledge development, legal and regulatory frameworks, and risk controls. The results and recommendations enabled nations to better plan national strategies, facilitate international and regional collaboration and cooperation, and set priorities for strategic investment and capacity development. To foster global knowledge exchange and transfer of expertise gained in the global community, the GCSCC also runs the publicly-available Cybersecurity Capacity Portal, a global online resource for good practice and knowledge in cybersecurity capacity building, which also includes a mapping of international and regional capacity building efforts by the various actors in the field. [www.sbs.ox.ac.uk/cybersecurity-capacity/]
The deployment of the model has been in itself an effective capacity-building exercise and has been informing the thinking of the global community. The deployment of the CMM has also become part of two global and regional initiatives by the Global Forum on Cyber Expertise (GFCE). The GCSCC encourages the further uptake of the model by other countries and international community actors and has constant conversations with regional organisations, governments, private companies and other research institutions who work on this issue. It also has recently established its first regional partnership with the Oceania Cybersecurity Centre, which will be the focal point for cybersecurity capacity building in that region.
Rather than evaluating the country’s policies only, they look at the its maturity in addressing a wide range of questions, including: how well do the various stakeholders work together to create and revise policies, make decisions, and assess whether strategies are working? The resultant review allows countries to understand their strengths and weaknesses, and target their resources to develop cybersecurity capacity according to their national priorities.
This methodology has been endorsed by the Organization of American States, the World Bank, and the Commonwealth Telecommunications Organisation, and has been used to assess over 40 countries, including Bhutan, Jamaica, Uganda, the UK, and 32 members of the Organisation of American States (link). The model is a living document which continues to be revised and refined.
The Capacity Centre is also developing a model for Understanding Cyber Harm, moving beyond simple measures of financial harm to address complex issues of reputational, psychological, physical harm etc. Together the Capacity Maturity Model and the future HARM Model will enable nation states and/or organisations to make better informed decisions when it comes to financial investments in cybersecurity capacity building.
The Capacity Centre also hosts the Cybersecurity Capacity Portal, a global resource for expertise and knowledge on cybersecurity capacity building. This publicly-available online platform provides access to all of the tools, models and best cases, includes and inventory of international, regional and national cyber capacity building initiatives underway, and aggregates a number of other resources in the field.
This project develops an empirically based and theoretically sound model of the role of responsible research and innovation governance. It explores the dynamics of participation in research and innovation, and investigates the characteristics of responsible practices. The project also investigates the nature of new partnerships among various stakeholders, researchers and policymakers that are developing within innovation networks and the influence that these developments have on knowledge production and policy.
Identifiable information leaks out when people use the Internet. It is possible to infer individual prefernces from social groups via data aggregation. Can such aggregation be used to establish identity, broadera associations with social groups, and aliases? Could this pose a risk to enterprise environments?
The project developed metaphors for "visualisation" of anomalies of computer user metadata, allowing human analysts to interact with the data, enabling new insights and patterns to emerge.
May 2013 - August 2014
May 2013 - August 2014
Sadie Creese, Michael Goldsmith
At the time this project started, there was no methodology that currently addresses the mapping of attacks to business process, and no decision support tools which would enable a real-time assessment of risk based on such a mapping. This is the capability gap that CyberVis has addressed, specifically by developing a visualisation technology for communicating the possible impact of cyber attacks to business processes, optimised for human perception in order to facilitate the decision making core to an agile response.
Trust Domains – A framework for modelling and designing e-service infrastructures for controlled sharing of information
April 2011 - March 2014
April 2011 - March 2014
Ensuring flows of information to the right people over multiple collaborating organisations is becoming increasingly important for both business and government. There are, however, trade-offs between the productivity and functional gains from sharing information, on the one hand, and the risks of leakage and opening up IT systems, on the other. Recent developments in trusted computing and virtualization can address these trade offs in a flexible manner, as they allow for the creation of policy controlled IT systems with configurable security properties. Collaborative, secure sharing solutions can be realized through the creation of dynamic 'Trust Domains' -- a notion that we propose to explore at and between all levels of the policy-service-infrastructure stack -- that enforce information flow and configuration policies. We created a customer-driven project starting from examples of information sharing within police forces and agencies they work with. Based on a practical understanding of the required flows and policies, we developed an abstract framework for qualifying types of and flows of information and a corresponding model of the associated risks. This allows process owners to describe their requirements and concerns. We researched how to qualify and map information flows to Trust Domain configurations, derived guidelines and templates for supporting solution architects in building IT services, and extended our set of analytics and modelling tools to help stakeholders gain an understanding of the risks associated with information flows and enforcement mechanisms.There are business opportunities for creating and operating new e-services with enhanced trust and security properties based on new methodologies and toolsets. The framework we created takes a business-driven approach to risk, trust and security and covers aspects of process and system analysis, design, configuration, security policy, human roles, and operational management. We create a value proposition by having the models, tools and methodologies that allows us to bridge the current gap between business level risk and system configuration and policy design. Hence mapping service needs onto trusted platforms, domains, and infrastructure. The project complements and expands ongoing, TSB-funded work on trust economics as well as on complexity, risk, and resilience management pioneered and exploited by HP's UK Enterprise Services. Both HP Enterprise Services and HP Labs, Bristol believe that bridging high-level incentive models and systems design for trust domains would be a unique global differentiator, not only aligned with US-NITRD 'game-changing' themes, but ahead of them in suggesting an integrated approach. The academic components of this project contributed the following developments in support of this programme: - The concept of Trust Domain, at and between the various levels of the socio-technical system stack (policy-service-infrastructure); - Mathematical systems modelling technologies to support tools and methodologies for reasoning about the properties, dynamics, and applications of the Trust Domain concept; - A thorough taxonomy of technical, design, and architectural properties which give rise to different trust characteristics in deployed services; - Modelling the quality of trust and expectations among components, to the extent of being able to make a meaningful comparison of solutions based on different architectural paradigms, within a given context.Targeted market: intra-corporate and intra-governmental data centres and 'clouds' whose stringent information flow control requirements cannot be met by today's providers.
Felix Reed-Tsochas, Sadie Creese, Michael Goldsmith
The SATURN project provided information and advice about Critical Network Infrastructures (CNI), to provide resilience and reliability to the CNI in the presence of failures and possible attacks. The project used predictive models (developed by Oxford) to analyse techniques that mitigate the risks to the CNI, in order to devleop risk mitigation plans.
The project worked to create a solution to increasing problems caused by the uncontrolled flow of personal data. The team brought together researchers from HP’s Systems Security Lab in Bristol, the project leaders, with WMG at the University of Warwick, QinetiQ, HW Communications, Oxford University's Ethox Centre legal department, and regulation and business experts from the London School of Economics (LSE). EnCoRe, which is jointly funded by the Engineering and Physical Sciences Research Council, the Economic and Social Research Council and the Technology Strategy Board, will help businesses and Government adopt scalable, cost–effective and robust consent and revocation methods for controlling the use, storing, locating and sharing of personal data.
The profusion of cloud infrastructures, built both within the public but also private space have enabled a significant body of research to move their computational requirements into this new paradigm. There are though a collection of usecases that are not able to make use of this new paradigm though it is clear that this would improve the provision of computational and data resources available to them. This project worked on the energy sector, doing pilot research on Advanced Metering Infrastructure, Condition Monitoring and Distributed State Estimation to prove that the utilisation of hardware trust within the system for attestation of state and identification of both the data and algorithms and their hosting virtual instances would mean that this high value critically important system could utilise cloud computing. The project created a detailed threat analysis of using IaaS cloud systems and the specific countermeasures that trusted platform allow within the system, an exemplar software framework in which energy researchers are able to start making use of commercially sensitive information while at the same time make full use of cloud computing. The project was followed by a TSB Knowledge Transfer Partnership to implement some of this work in early 2015.
Corporate Insider Threat Detection: Cyber Security Inside and Out
Sadie Creese, Michael Goldsmith, David Upton, Min Chen
Insider threats come from people who exploit legitimate access to an organization’s cyber-assets for unauthorized and malicious purposes, or who unwittingly create vulnerabilities. They may be direct employees (from cleaners up to the C-suite), contractors, or third-party suppliers of data and computing services. This project is developing a suite of tools to help bring together managerial information (system use, physical access, psychological/HR information, etc) to yield important information about behaviours and personalities that will help detect danger and allow managers to manage their workforce effectively.
DIET: A Different Approach to Smart Meter Data Insight against Energy Theft
David Wallom, Andrew Martin
In collaboration with British Gas, G4S, EDMI Smart Meters, The DIET project supports the development of new services to investigate coordinated analysis streams of consumption and logging data produced by smart meters.
Building on the EPSRC Advanced Dynamic Energy Pricing & Tariffs (ADEPT) and the 'Working with Infrastructure Creation of Knowledge Energy strategy Development (WICKED) projects we have developed a number of different analytic techniques from which we can match consumption to customer behaviour at the whole premises scale as well as full understand the different resolutions of data required for different levels of insight. Building on these two projects we are working through InnovateUK funding on the Data Insight against Energy Theft (DIET, 15-17) which also takes forward the established relationship with the energy sector, to develop an approach using smart meter logging and error messages alongside meter consumption data to identifying potential energy theft and faulty equipment by examining changes in data through time. The project will analyse data collected from a pool of SME electricity meters with a view to developing a reusable method for the domestic market operation.
These streams of meter status and error messages that are not normally retrieved give details on the physical environment of the meters and in conjunction with consumption data will enable creation of richer and more in-depth knowledge of system behaviour. The primary aim of these analytics are to discover and then recognise signatures for two different classes of events, possible meter failure scenarios and warnings on the occurrence of patterns indicative of meter attack/tamper.
Smart Oxford is the strategic programme of a wide range of city partners working together to develop and promote Oxford as a smart city.
By 'smart' we mean creating an environment and infrastructure that engages with the current step-change in digital technologies to support the generation & sharing of city information and to facilitate the development of innovative city-related solutions more effectively, cheaply, sustainably, fairly and inclusively.
In September 2015 we hosted our first Early Careers Researchers Symposium, to showcase the exciting topics under investigation across the network: you can download the programme and book of abstracts here. We hope to make this an annual event!