Research

Cyber Security

Cyber Security

Cyber security is a research area that crosses multiple research areas, including Information Security, in particular for critical systems and end-users, or Identity & Privacy, where the strong identification provides a trust root and privacy the safeguards for citizens. Our cyber security research focuses mostly on combating cybercrime and protecting the social fabric. Cybercrime is a composition of crime and cyberspace.

 

Crime

The crime component implies the presence of a perpetrator, an adversary whose actions are harmful or costly for society. Crime also implies the involvement of a physical entity, for instance the victim or the capitalization in physical money, which implies in turn that there is no cybercrime entirely in cyberspace, in which we follow the defenition of Benenson et al. [Benenson2011]. There are always human beings that act or are acted upon, which raises the question of human factors in security.

 

Cyberspace

The cyberspace component implies that there is a cyber element present, where the most likely case may be hurt done by cyber means. Cyberspace may be the medium for the crime or be used by the perpetrator to gain more scalability. Newman [Newman2009] categorizes the role of cyberspace into tool, target or place for the crime.

 

Research Areas

In Newcastle, we research security against cybercrime, organized in the CCCS, along four themes:

  • Understanding cyber adversaries and their attack vectors.
  • Protecting critical infrastructures, such as the cloud or the identity infrastructure, and increasing the dependability and security of systems.
  • Supporting investigators,
  • Protecting victims, for instance with privacy tools.

 

The Role of Human Factors

Human decision making impacts cyber security, this is part of the research hypothesis of the Cyber Security Research Institute on Choice Architecture for Information Security. We believe that human users, e.g., victims in a cybercrime, are affected by decision biases, even if they are supported by rigorous decision making methods. Our work aims at integrating human factors in cyber security work.

 

 [Benenson2011] Benenson et al. Exploring the Landscape of Cybercrime.

 [Newman2009] Graeme R. Newman. Cybercrime.

Current Research: Cyber Security, Privacy and Evidence-based Methods for Security

I'm a Tenured Reader in System Security (Associate Professor) at the Newcastle University. Im the Director of the Centre for Cybercrime and Computer Security (CCCS), a UK Academic Centre of Excellence in Cyber Security Research (ACE-CSR). I'm a member of the Secure and Resilient Systems group and the Centre for Software Reliability (CSR).

 

Before that, I've been a tenured research scientist at the Information Security and Cryptography group of IBM Research - Zurich as well as IBM Corporation's Research Relationship Manager for Privacy and director of IBM's Privacy Research Institute (PRI).

 

Research Interests: Holistic System Security

 

Upcoming Projects

 

PhD Positions in Security and Privacy

  • In general, in PhD Topics of cloud and cyber security, identity and privacy and applied crypto.

Identity & Privacy

Identity & Privacy

Identity and privacy research are intertwined.

The former aims at protocols and systems for managing, exchanging and authenticating identity attributes, the latter governs the protection of a user's identity in the widest sense.

Other Interests: [Information Security]   [Applied Rigorous Methods]

Read more: Identity & Privacy

Information Security

Information security means the protection of information and information systems.

Security means that the properties confidentiality, integrity and availability (CIA) are fulfilled, considering the dependability and security taxonomy [ALRL2004].

These properties need to be defined with respect to a system, trust and adversary model, and specified in an explicit security goal.

Information can be at rest or in communication, which implies the security of systems as well as protocols and can include hardware security, as well.

Other Interests: [Identity & Privacy]   [Applied Rigorous Methods]

Read more: Information Security

Applied Rigorous Methods

protocol mag bWith the term rigorous methods, I refer to cryptography and formal methods (there are others, I don't mention).

I use both kinds of methods to reach security and privacy goals.

Both areas have in common that they establish security properties with respect to a system model, adversary model, security specification and proof methodology.

Other Interests: [Information Security]   [Identity & Privacy]

Read more: Applied Rigorous Methods