Skip to navigation Skip to content

Oxford University – Cyber Security Oxford


Driving major developments in the theory and practice of cyber security


Countering Online Hate Speech (UNESCO)

Hate speech online is situated at the intersection of multiple tensions: it is the expression of conflicts between different groups within and across societies; it is a vivid example of how technologies with a transformative potential such as the Internet bring with them both
opportunities and challenges; and it implies complex balancing between fundamental rights and principles, including freedom of expression and the defence of human dignity.
As the UN agency with a specific mandate to foster freedom of expression, and its corollaries, press freedom and freedom of information, UNESCO is actively working to promote mutual
knowledge and understanding of peoples, through all means of mass communication, including the Internet in general, and social networking platforms in particular. Read the rest.
(Oxford co-author Danit Gal).


Investigating the leakage of sensitive personal and organisational information in email headers

Email is undoubtedly the most used communications mechanism in society today. Within business alone, it is estimated that 100 billion emails are sent and received daily across the world. While the security and privacy of email has been of concern to enterprises and individuals for decades, this has predominately been focused on protecting against malicious content in incoming emails and explicit data exfiltration, rather than inadvertent leaks in outgoing emails. In this paper, we consider this topic of outgoing emails and unintentional information leakage to better appreciate the security and privacy concerns related to the simple activity of sending an email. Specifically, our research seeks to investigate the extent to which potentially sensitive information could be leaked, in even blank emails, by considering the metadata that is a natural part of email headers. Through findings from a user-based experiment, we demonstrate that there is a noteworthy level of exposure of organisational and personal identity information, much of which can be further used by an attacker for reconnaissance or develop a more targeted and sophisticated attack. Read the rest

Responsible Research and Innovation in ICT: Summary of key issues, recommendations, challenges and enablers

This report describes the current perception of ‘ethics in ICT’ through preliminary findings from a landscape study. This study included sixty-seven interviews with a broad range of stakeholders including HE ICT researchers at various stages in their careers, as well as portfolio managers and senior managers at the EPSRC who maintain and influence the ICT portfolio within the organisation. We also interviewed potential beneficiaries of ICT research including charities, professional organisations, and industry. We provide a summary of key issues, recommendations, barriers and enablers to the implementation of Responsible Research and Innovation in ICT. Read the rest

Realities and Challenges of NextGen Air Traffic Management: The Case of ADS-B

Air traffic is continuously increasing worldwide, with both manned and unmanned aircraft looking to coexist in the same airspace in the future. Next generation air traffic management
systems are crucial in successfully handling this growth and improving the safety of billions of future passengers. The Automatic Dependent Surveillance Broadcast (ADS-B) system is a core part of this future. Unlike traditional radar systems, this technology empowers aircraft to automatically broadcast their locations and intents, providing enhanced situational awareness. This article discusses important issues with the current state of ADS-B as it is being rolled out. We report from our OpenSky sensor network in Central Europe, which is able to capture about 30 percent of the European commercial air traffic. We analyze the 1090 MHz communication channel to understand the current state and its behavior under the increasing traffic load. Furthermore, the article considers important security challenges faced by ADS-B. Our insights are ntended to help identify open research issues, furthering new interest and developments in this field. Read the rest

Provably Repairing the ISO/IEC 9798 Standard for Entity Authentication

We formally analyze the family of entity authentication protocols defined by the ISO/IEC 9798 standard and find numerous weaknesses, both old and new, including some that violate even the most basic authentication guarantees. We analyze the cause of these weaknesses, propose repaired versions of the protocols, and provide automated, machine-checked proofs of their correctness. From an engineering perspective, we propose two design principles for security protocols that suffice to prevent all the weaknesses. Moreover, we show how modern verification tools can be used for the falsification and certified verification of security standards. Based on our findings, the ISO working group responsible for the ISO/IEC 9798 standard has released an updated version of the standard. Read the rest

Towards Ethical Governance of Social Machines

Abstract— We introduce the concept of Hybrid Diversity-Aware Collective Adaptive Systems (HDA-CAS) and their proposed role in addressing social problems associated with urban living, health, and financial markets. Our concern is for their responsible development and deployment, and to this end, we suggest perspectives on the governance of social machines and a framework from which to design governance regimes for HDA-CAS. Read the rest

Towards a Closer Dialogue Between Policy and Practice: Responsible Design in HCI

Given the potent and pervasive nature of modern technologies, this paper lays out the complexities involved in achieving responsible design. In order to do this we will first compare an emerging policy-oriented programme of research known as RRI (Responsible Research and Innovation) with initiatives in HCI. A focus on the similarities and differences may highlight to what extent responsibility is already and successfully embedded within the concerns and practices of design and use, and what may yet need to be incorporated for responsible design. The paper then discusses the challenges of ‘naturalising’ the very ambitious programme of RRI within specific design activities and concerns, through the lens of four analytic concepts: reflexivity; responsiveness; inclusion; and anticipation. Finally, we make a case for a pragmatic, ‘unromantic’, but engaged reinterpretation of RRI for HCI. Read the rest

Towards the Ethical Governance of Smart Society

This chapter is concerned with how social order is established within collectives and the ethical problems that arise when we attempt to create and direct collectives towards particular ends. It draws on our work to establish governance principles for Smart Society—an EU project aiming to engineer Collective Adaptive Systems comprised of people and machines with diverse capabilities and goals that are able to tackle societal grand challenges. We examine how social values are implicated in and transformed by Collective Adaptive Systems, and suggest approaches to multilevel governance design that are responsive to emergent capabilities and sensitive to conflicting perspectives. Finally we illustrate our approach with a worked example of a sensor-based system in a care setting. Read the rest

The Ten-page Guide to Trusted Computing

Networked computer systems underlie a great deal of business, social, and government activity today. Everyone is expected to place a great deal of trust in their correct operation, but experience shows that this trust is often misplaced. Such systems have always been subject to failures due to oversights and mistakes by those who designed them; increasingly such failures are exploited by those with malicious intent. The concept of Trusted Computing has been present in the computer security literature for quite some time, and has influenced the design of some high-assurance solutions. These ideas are now becoming incorporated in mainstream products — PCs, mobile phones, disc drives, servers — and are the subject of much discussion and sometimes misinformation… Read the rest

Cybersecurity Capacity Portal

This portal is a global resource for cyber security capacity building and how best to achieve it. It is also an online space for sharing experiences, best practice, and new developments. It contains information for policy-makers and those with responsibility in this area and has been created by the Global Cyber Security Capacity Centre with the Said Business School, University of Oxford. Visit the portal