The Centre for Cyber Security is at the forefront of advancing information security by linking emerging experimental and theoretical methodologies across disciplines (cryptography, mathematics, network communications, artificial intelligence, ICT and economic and social dilemmas).

Our contributions include building abstract high-level frameworks for capturing, evaluating and comparing identity management architectures, cyber threat models that form the basis for digital security assurance, testing and compliance, authentication and access control in fully decentralized networks, and assurance and dependability.

Novel techniques for designing modular security architectures have been developed for a variety of security controls such as authentication, anonymous authorization, auditing, firewall and intrusion detection. Some of these controls have been implemented as reusable components denoting security wrappers which can be readily integrated within other systems. With Engineering and Physical Sciences Research Council funding, our research has contributed to building the security layer for the Application Hosting Environment. This tool is used for securing information sharing on the grid and has been used to support hundreds of e-science users worldwide.

The Centre's strategic plan brings into focus emerging challenges such as security and privacy in smart cities, vehicular ad hoc networks and healthcare technologies. Building security in by design and through the application of design principles is another focus for our research. Other themes includes development of data mining algorithms and evolutionary algorithms for detecting patterns of abnormal security behaviour as well as the security issues in Big Data and cloud computation.

Research topics

Our research topics include, but are not limited to:

Formal Methods
  • Formal theories that underpin aspects of information security
  • Rigorous methods for the development of secure and resilient software and for "building security and privacy in"
  • Applying principles for assuring security, privacy and governance by design
  • Engineering secure and usable solutions to e-health, e-banking, e-government and environmental data applications.
Threat Modelling
  • Basis for security.
Identity Management and Trust
  • Trust, federation, usability and assurance.
Access Controls
  • Delegation, accountability, separation of duties, hierarchy and timing.
Building Tools
  • Security Testing
  • Dependency analysis and protection wrappers analysis
  • Visualisation
  • Linking threat models to quantitative data about actual attacks
  • Data mining tools for detecting patterns and abnormal behaviours.
Engineering Secure Solutions
  • Security of workflow engineering processes
  • Engineering secure software with emphasis on web services
  • Securing data from sensors in remote sites with applications to health (patients and elderlies), transports and internet of things
  • Manipulating big data involving privacy
  • Business intelligence lab
  • Cloud security.