Academic Centre of Excellence in Cyber Security Research - University of Southampton

网络安全研究卓越学术中心 - 南安普顿大学

• 批准号: EP/R007268/1
• 负责人: Vladimiro Sassone
• 金额: $ 10.43万
• 依托单位: University of Southampton
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2017
• 资助国家: 英国
• 起止时间: 2017 至 无数据
• 项目状态: 已结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FR007268%2F1
• 关键词: Academic; Centre; Excellence; Cyber; Security

Cyber security is ultimately about devices and people, which together give rise to a 'cyberspace' of networks and systems. Vulnerabilities arise from hardware, software and human factors, but typically from any combination of them. Our interdisciplinary approach affords us expertise over a significant number of such combinations. We deliver a wide spectrum of interwoven research ranging from electronic (nano) devices to (physical and cyber) biometrics, passing through world-leading research on cyber-enabling infrastructures using behavioural and cognitive psychology, and deploying both formal and experimental methods.We work on secure hardware devices such as data-secure sanitisable memories, embedded security and trusted hardware, their secure formal design and verification, and fabrication in our state-of-the-art cleanrooms. This links to (mission-critical, multi-clearance) software systems, whose design and validation builds on our expertise in language-based security. Mathematical models and static analysis techniques are also used for privacy systems, whose ultimate goal is to drive the design of data-confinement and privacy-enhancing web applications, online protocols and analysis tools. Of a similar goal-driven nature is our research on trust-and-reputation models, aimed at exploiting mutual trust mechanisms in agent communities to meet collaborative goals in the absence of reliable information.Agents systems link to secure services and information risk management over advanced networks and provide the basis for cutting-edge research on situational awareness. The latter extends to ad-hoc networks of practical operational relevance, such as the integration of human-agent teams. This establishes a synergy with our behavioural and cognitive scientists, who focus on the analysis of patterns of cyber-behaviour and group decision-making and risk behaviour.Our work on the security of critical infrastructures concerns cyber-physical and industrial control systems, financial trading, and the web. It includes IoT, the power grid, building automation, clouds, distributed ledgers, the analysis of cyber controls and of human factors affecting response time to cyber-attacks in financial trading markets. We also focus on access control, attack visualisation, linked-data (de-)anonymisation and provenance. A theme of growing importance concerns users' (web) identities. This builds on foundational work on cryptoprotocols, and provides a strong connection between our computer and social sciences researchers, in particular through the issues of (un-linkable) identities, super-identities, and the work on privacy and cyber-crime legislation. Finally, we mention our seminal work on biometrics for access control based on physical and cyber individual characteristics.The present proposal aims at securing a support grant for the centre. Specifically, we seek funds to: support the Director in the organisation and daily running of the centre; run a series of seminars in Cyber Security; foster multidisciplinary activities; participate in networking events with other ACE-CSRs and host a national ACE-CSR workshop; run outreach, public engagement and industrial liaison events; revamp our web portal; print and distribute brochures and publicity material.

网络安全归根结底是关于设备和人的，它们共同形成了一个由网络和系统组成的“网络空间”。漏洞来自硬件、软件和人为因素，但通常是它们的任意组合。我们的跨学科方法为我们提供了大量此类组合的专业知识。我们提供从电子(纳米)设备到(物理和网络)生物识别的广泛相互交织的研究，通过使用行为和认知心理学对支持网络的基础设施进行世界领先的研究，并部署正式和实验方法。我们致力于安全硬件设备，如数据安全可消毒存储器、嵌入式安全和可信硬件，它们的安全正式设计和验证，以及在我们最先进的洁净室中制造。这与(关键任务、多许可)软件系统相关联，其设计和验证建立在我们在基于语言的安全方面的专业知识基础上。数学模型和静态分析技术也被用于隐私系统，其最终目标是推动数据限制和增强隐私的网络应用程序、在线协议和分析工具的设计。具有类似目标驱动性质的是我们对信任和声誉模型的研究，旨在利用代理社区中的相互信任机制来实现在缺乏可靠信息的情况下的协作目标，代理系统链接到高级网络上的安全服务和信息风险管理，并为态势感知的前沿研究提供基础。后者延伸到具有实际业务意义的特别网络，例如人-代理人团队的整合。这与我们的行为和认知科学家建立了协同作用，他们专注于分析网络行为模式、群体决策和风险行为。我们在关键基础设施安全方面的工作涉及网络-物理和工业控制系统、金融交易和网络。它包括物联网、电网、建筑自动化、云、分布式账簿、网络控制分析以及影响金融交易市场对网络攻击反应时间的人为因素。我们还专注于访问控制、攻击可视化、关联数据(去)匿名化和来源。一个日益重要的主题与用户(网络)身份有关。它建立在密码协议基础工作的基础上，并在我们的计算机和社会科学研究人员之间建立了牢固的联系，特别是通过(不可链接的)身份、超级身份以及关于隐私和网络犯罪立法的工作。最后，我们提到我们在基于物理和网络个人特征的访问控制的生物识别方面的开创性工作。目前的建议旨在为该中心获得支持拨款。具体地说，我们寻求资金支持中心主任的组织和日常运作；举办一系列关于网络安全的研讨会；促进多学科活动；参与与其他ACE-CSR建立联系的活动，并主办一个全国性的ACE-CSR工作坊；举办外展、公众参与和行业联络活动；改进我们的门户网站；印刷和分发小册子和宣传材料。

项目成果

A Review of Upgradeable Smart Contract Patterns based on OpenZeppelin Technique

基于OpenZeppelin技术的可升级智能合约模式综述

• DOI: 10.31585/jbba-6-1-(3)2023
• 发表时间: 2023
• 期刊: The Journal of The British Blockchain Association
• 作者: Amri S

Bootstrapped Driver and the Single-Event-Upset Effect

自举驱动程序和单事件翻转效应

• DOI: 10.1109/tcsi.2020.3008112
• 发表时间: 2020
• 期刊: Regular Papers
• 作者: Al-Daloo M

A Prototype Evaluation of a Tamper-Resistant High Performance Blockchain-Based Transaction Log for a Distributed Database

• DOI: 10.1109/edcc.2017.31
• 发表时间: 2017-09
• 期刊: 2017 13th European Dependable Computing Conference (EDCC)
• 作者: Leonardo Aniello;R. Baldoni;E. Gaetani;Federico Lombardi;Andrea Margheri;V. Sassone

Learning-based BTI stress estimation and mitigation in multi-core processor systems

多核处理器系统中基于学习的 BTI 压力估计和缓解

• DOI: 10.1016/j.micpro.2020.103713
• 发表时间: 2021
• 期刊: Microprocessors and Microsystems
• 影响因子: 2.6
• 作者: Abbas H

A memristor fingerprinting and characterisation methodology for hardware security.

• DOI: 10.1038/s41598-023-33051-z
• 发表时间: 2023-06-09
• 期刊: SCIENTIFIC REPORTS
• 影响因子: 4.6
• 作者: Aitchison, Callum;Halak, Basel;Serb, Alex;Prodromakis, Themis
• 通讯作者: Prodromakis, Themis