PhD research project suggestions in the Kent Security Group
Comprehensive understanding of cybercrime
Supervisor: Budi Arief
One of the biggest challenges in understanding cybercrime relates to the massive landscape involved, making it impossible to encompass everything. An approach based on piece-by-piece research to create a complete taxonomy of cybercrime can be used to address this challenge, looking into the stakeholders involved: attackers, defenders, and victims; and looking at technical solutions alongside the human factors that are involved. Some ideas of potential investigation include:
- Mapping threats against cybercrime incidents, and looking at how these threats materialise, in order to understand the factors abetting or preventing them
- Conducting qualitative and quantitative study to gather data on various losses experienced by victims, as well as their circumstances, leading to the creation of victim profiles, which can help minimise the risk of victimisation
- Cataloguing existing measures and/or initiatives for combating cybercrime and evaluate their effectiveness
- Delving deeper into policing cybercrime and its associated metrics, such as the cost of policing tasks and statistics of cybercrime in the public sector
- Exploring other issues in human behavior and legal framework
Minimal Cost Quantum Security Infrastructures
Supervisor: Carlos Perez Delgado
The existence of quantum algorithms, such as Shor's Integer Factorisation Algorithm, implies that quantum computers pose an existential threat to a sizeable portion of our current security infrastructures. Many digital services, from privacy, to authentication, rely on protocols like RSA, or Diffie-Hellman that in turn rely on the hardness of factorisation. At the same time, quantum information provides some ways to implement cryptographic primitives like privacy (e.g. quantum key distribution). Some of these, however, incur heavy overhead costs that may be infeasible for widespread adoption (e.g. heavy use of quantum communication).
The purpose of this research project is to propose new complete cryptographic infrastructures that are provably secure to both classical and quantum attacks, and have provably optimal overhead costs.
Supervisor: Professor Andy King
Reverse Engineering is the process of taking a software artifact, such as a binary, and figuring out what it does. Reversing is important in the security industry where security engineers frequently have to inspect binaries when searching for security holes. This project will develop tooling not for reversing a binary to, say, a C program or even an intermediate language. Rather the project will develop tools that explain what a binary does by annotating it with information that details the values register might store. This will be achieved, not by directly executing the binary (since the binary may be malicious) but rather by following all paths through the binary. In this way, it is potentially possible to work out the values that registers will possibly store at each point in the binary. The studentship will develop this idea and apply it to develop tools for supporting security engineers.
Self-adaptation applied to Security and Privacy
Supervisor: Rogério de Lemos
A future challenge in any system from critical infrastructures to internet of things is ability of systems to look after themselves regarding security and privacy. The notion of self-protection would be a fundamental requirement in future systems considering their complexity and connectivity. At Kent we have worked on self-adaptive authorisation infrastructures, and have built prototypes that enable to handling insider threats using self-adaptive principles (https://saaf-resource.kent.ac.uk/). The goal is to continue this work in other directions, but mainly, in the area of provision of assurances. If guarantees need to be provided about the security and privacy of a system, then these systems need to be perpetually evaluated during run-time, and this is a huge challenge.
Security and Privacy of the Internet of Things (IoT)
Supervisor: Budi Arief
IoT has the potential to make our live more comfortable and effortless, but IoT devices could also pose new large-scale privacy and security risks that are not fully understood yet. For example, data collected from these devices (with or without authorisation from its owner) could reveal too much information about someone, and criminals might try to exploit this wealth of information in mounting more successful attacks, for example credit card fraud or social engineering attacks leading to identity theft. Furthermore, the abundance of connected, unsecured IoT devices makes it possible to launch a large scale DDoS attack. Therefore, new approaches and techniques for securing IoT devices are needed, which will be the focus of this research.
Dealing with insider threat
Supervisor: Budi Arief
Insider threat is a significant and ever-present risk faced by any organisation. While security mechanisms can be put in place to reduce the chances of external attackers gaining access to a system, the issue is more complex when dealing with insider threat. If an employee already has legitimate access rights to a system, it is much more difficult to prevent them from carrying out inappropriate acts, because it is hard to determine whether the acts are part of their official work or indeed malicious. This research will look into a more comprehensive integration of human factors, as well as better machine learning techniques to obtain more accurate results, and more advanced decision making tools to help organisations to detect and respond to insider threats early.
Human-based Decision Making in Resilient Cyber Security Systems
Supervisor: Rogério de LemosSystems are becoming more complex, and becoming more interconnected, and the access to the resources of those systems need to be controlled in an efficient, but trusted way. Humans alone are not able to manage the complexity of these emerging systems, hence the need of automating the decision making regarding the protection of resources. However, full automation is undesirable because there are limits in what can be achieved with self-adaptation considering the unpredicted nature of attacks. This requires humans to be involved in some of the non-mundane decisions regarding the protection of the system. The challenge now is how to involve humans in the process of decision making considering that systems, their goals and context may evolve in a way that humans are not able to follow in order to have an accurate interpretation of its state, which might have an impact on insightful/informative decisions.