Computer and Information Security at Sheffield
Cybersecurity is, and will be, of growing importance for all aspects of our daily lives. Computer and Information Security is an important pillar of a cybersecurity strategy and, thus, a growing research interest in the Department of Computer Science. To address future cybersecurity challenges, the Department of Computer Science is driving an interdisciplinary initiative to join the outstanding research expertise in security- and privacy-related areas across all faculties of the University of Sheffield. This interdisciplinary expertise provides a unique opportunity to address the future cybersecurity challenges jointly from a technological, social, legal, as well as political perspective.
Security research in the Department of Computer Science: the Security of Advanced Systems Group and their Collaborators in the University
The Security of Advanced Systems Research Group investigates fundamental theory together with the development of practical tools and techniques for securing advanced systems that will play a critical role in societies worldwide. We carry out fundamental research in cybersecurity and collaborate with leading researchers across the Faculty of Engineering and beyond to bring our cyber expertise to bear in domains of critical importance, e.g. robotics, autonomous systems, and advanced manufacturing systems.
Our security expertise covers all aspects of systems that are secure by design. These include security policy and requirements, architectural design, security verification, security testing, and formal analysis of security properties. We also research a wide range of methods for security analysis, e.g., for the detection of covert channels and reverse engineering. This is complemented by leading expertise in artificial intelligence, allowing us to research, for example, intrusion detection and the automated synthesis of cryptographic algorithm building blocks and secure protocols.
Our group will be at the centre of collaborative efforts across the University regarding cybersecurity. Sheffield has tremendous long-standing strengths in particular areas of technology, particularly robotics and autonomous system and advanced manufacturing, areas now facing highly significant cybersecurity challenges. We believe that our cybersecurity expertise coupled with the domain expertise in some of today’s most critical technologies puts us in a unique position to make an impact. We can do fundamental and applied research informed by real world problems.
Interests of SASG Staff
Professor John Clark joins Sheffield in April 2017 to lead the Security of Advanced Systems Group. Previously, he was Professor of Critical Systems at the University of York whom he joined in 1992 after five and a half years as a evaluation as an R&D consultant in the security division of the software and systems house Logica. His PhD (2001) concerned the application of non-standard computational techniques in cryptographic applications and he maintains a strong interest in the application of Artificial Intelligence to problems in cybersecurity. He has wide-ranging interests in cybersecurity: threat modelling, security policies, system stressing, security protocol synthesis, and intrusion and insider detection, and the application of Artificial Intelligence and non-standard computation to high integrity software engineering problems. Current research investigates the application of AI to intrusion detection and to the discovery of cryptanalysis strategies.
The figure below indicates a Quantum Discrete Fourier Transform (QDFT) circuit synthesised via a genetic programming (GP) approach. The QDFT lies at the heart of Shor’s factorisation via Quantum Computing (one of the main reasons for the excitement about quantum computation). We are currently using GP and other AI techniques to search for faster than classical approaches for other cryptanalysis tasks.
The figures below illustrate the synthesis using evolutionary computation of optimal or near optimal placements of intrusion detection probes for a network. Other aspects of IDS have been an interest for some time, e.g., the tradeoffs concerning quality of detection with power consumption.
Dr. Achim Brucker is the first recruit to our new security group. A Senior Lecturer in Computer Science, Dr. Brucker was formerly a Research Expert (Architect), Security Testing Strategist, and Project Lead in the Global Security Team of SAP SE, where, among others, he defined the risk-based security testing strategy of SAP that combines static, dynamic, and interactive security testing methods and integrated them deeply into SAP's Secure Software Development Lifecycle.
Dr. Brucker's current work includes research on security aspects of distributed, e.g., service-oriented, systems. This includes research in applied security aspects such as access control or business-process modelling, as well as in fundamental aspects such as novel techniques in the area of static and dynamic approaches for ensuring the security of applications. Moreover, he is participating in the development of interactive theorem proving environments for Z (HOL-Z) and UML/OCL (HOL-OCL, which is integrated into a formal MDE toolchain) and a model-based test-case generator (HOL-TestGen).
In his work, Dr. Brucker is collaborating internationally with universities (e.g., the University of Darmstadt in Germany, University of Trento in Italy, and the Technical University Denmark) as well as international business software and security testing tool vendors.
Dr. Ali Dehghantanha is interested in interdisciplinary research projects in cyber security and artificial intelligence. His primary research goals are currently directed toward building (armoured) AI agents for active threat hunting in Internet of Things (IoT), Industrial Internet of Things (IIoT) and Internet of Battlefield of Things (IoBT). Moreover, he is interested in using multi-view and multi-kernel learning systems to achieve a global view of emerging cyber threats. Building adversarial learning models to support anti-forensics and anti-anti-forensics activities is another active area in his research agenda. Moreover, he is interested in technical research in cyber forensics (malware analysing, big-data investigation, SDN forensics, IoT investigation) cybercrime (criminology and policy research), anti (online) money laundering and counter terrorism financing, and privacy issues in digital forensics!
Collaborations on Critical Sheffield Strengths
The comments below from colleagues in two areas of undoubted Sheffield strength indicate why we are so excited about our vision for the security group. They illustrate both the need to secure emerging technologies of critical societal importance and a willingness to collaborate with us to do so.
The Advanced Manufacturing Research Centre (AMRC)
Dr Aiden Lockwood, Head of Manufacturing Informatics, AMRC comments:
“The AMRC with Boeing, established in 2001, has grown to become a world-leading centre of advanced machining and materials research for aerospace and other high-value sectors. It has over 80 industrial members, from global giants such as Boeing, Rolls-Royce, BAE Systems and Messier-Bugatti-Dowty, to local small businesses. The evolution in recent years of digital technologies has the potential to significantly disrupt the sectors where manufacturing is a significant element. Whilst this is an attractive opportunity for those manufacturing sectors likely to be affected, there is a great deal of concern about the security of manufacturing data and as a result the AMRC is enthusiastic about working with the new security group to dispel some of these fears for industry.”
Professor Tony Prescott, Director of Sheffield Robotics comments:
“The world is standing on the verge of a revolution in robotics. The kind of life-changing innovations we’ve been dreaming about for decades are now only steps away. She eld is taking those steps: through responsible, ethical research, we are pioneering new products and processes that will transform the world by changing manufacturing, healthcare, infrastructure and our understanding of the human condition. We work collaboratively across disciplines to engineer the advanced systems that will lie at the heart of tomorrow’s society. Ensuring the operation of such advanced systems remains free from malicious attack is critical to bringing their benefits to society and we look forward to working with the new Security of Advanced Systems group to achieve this.”
Security and privacy research in other Departments
- Dr. Matt Sleat. The ethics of cyber-warfare.
- Dr. Ross Bellaby. Cybersecurity, health security, surveillance and dataveillance, privacy.
School of Law
- Dr. Russell Buchan. International law relating to cyber-warfare.
- Prof. Nicholas Tsagourias. Collective security law, international law relating to cyber-warfare.
School of Mathematics and Statistics
- Number theory group. Mathematical foundations of cryptography.
Electronic and Electrical Engineering
- Dr. Mohammed Benaissa. Design and implementation of cryptosystems.
- Dr. Jonathan Rigelsford. Large scale electromagnetic modelling and cyber security.
Department of Automatic Control and Systems Engineering
- Dr. Iñaki Esnaola. Cyber attack detection in infrastructural systems such as smart grids.
- Prof. Paul Clough. User-oriented analysis of information access systems.
Department of Journalism Studies
- Dr. Emma Briant. Propaganda, digital media and terrorism. British and US politics and intelligence.
- Dr. Xavier L’Hoiry. Surveillance technologies and the impact on democracy and society.
- Prof. Clive Norris. Founder of the Surveillance and Society Journal.
School of English
- Dr. Fabienne Collignon. The fictions of total security adapting to constantly changing targeting strategies. Fantasies of conflict and closed worlds.