CyberSecuritySoton.org@CybSecSoton
Academic Centre of Excellence in Cyber Security Research
Vladimiro Sassone Cyber Security Centre
University of Southampton
it all started here
2
cybersecurity southampton
3
new PhD/MSc degrees adapt UG degrees fill gaps in industry
what does the world look like from our ACE?
4
Government
Cabinet Office EducaDon
Training
GCHQ
Cyber profession
Research
Industry
NCA/Police
Impact
BIS, CPNI, NAO, BoE UKCERT, MoJ, DECC, …
judiciary, police, law & policy makers,
civil servants,…
work with IAA and BIS on educa=on pathways
set up cybercrime units, support inves=ga=ons, …
OCSIA, CPNI, …
on economy, policies, society, community, …
innova=on, consultancy, partnership, spinout, spinin
partnership, guidance,…
5
research at southampton ACE
devices software users
high assurance SW development via formal methods reliability & reliance to cyber aWacks verified design soUware verifica=on
security by design
[For
mal
Met
hods] cyber-‐risk/behaviour
model norms & detect devia=ons human agents social acceptability ethical responsibility legal framework
security science
[Hum
an S
cien
ces]
embedded security device-‐level security system-‐level security automo=ve security
security engineering
[Ele
ctro
nics]
data security
identity management
provenancecryptography
anonymisa=onprivacy
web
open data
auto biometrics soU biometrics
cybermetrics trust
cyber-‐physical systems
6
Verified safety properties of railway signalling and driverless trains
• Meteor: Paris Line 14 -‐ Driverless – 117 kloB – 29 K proofs – 87 kloc (auto generated Ada)
• Canarsie: New York Line L – Mixed mode – 273 kloB – 83 K proofs – 110 kloc (auto generated Ada)
with Siemens Transportation Systems (STS)
Verifica=on of smart metering implementa=on programme Under government plans, every home and business in the UK will be fiWed with a smart meter by 2019.
Mul=-‐vendor data communica=on hubs will be used to collect data from smart meters in customers’ homes. Objec&ve: guarantee resilience of the cri=cal infrastructure, customers’ data security & privacy, and u=lity companies bills by formally verified design.
more: smart metering implementaDon
7
a new computaDon model for the IoT
8
energy module
timer
sensing module actuation module
commsmoduleprocessing module
store
operations
eF
eS
A
eS
IoT Entity
IoT Environment
notable engagement acDviDes of the ACE
• Centre applica=on + Founding grant • Na=onal Cipher Challenge • ICO’s Anonymisa=on Code of Prac=ce • Cabinet Office’s consulta=on on Iden=ty Assurance Scheme
• Cabinet Office Cyber Policy Foresight • Royal Society consulta=on on a Vision for UK Cyber Security Research
• BIS’ selec=on of Government’s preferred Organisa=onal Cyber Security Standard
• US/UK Cyber Security Business Forum • Na=onal Audit Office’s review of Government’s Cybersecurity spend
• Anonymisa=on work for Ministry of Jus=ce (reoffending rates per county)
• Anonymisa=on work for Department of Energy (electricity spend per household)
• Analysis of IoT security for GCHQ
9
• With the Foreign & Commonwealth Office: • UK-‐China Cyber Security Workshop • UK-‐Japan Cyber Security Workshop • UK-‐Singapore Cyber Security Workshop
• With the Na=onal Crime Agency • South East Cyber Crime Workshop • Consulta=on on Bitcoin • Training of Cyber Crime Police Unites, with the Academy of Policing
• Metropolitan Police Workshop • Bank of England’s consulta=on on crypto-‐currencies
• BIS’s work on Cyber Security Exports • Cyber Professional profiles, with Informa=on Assurance Agency
• Analysis Smart Metering Programme for DECC • and coun=ng…
Ac&vi&es