Maysara Alhindi

Usable Sandboxing for Embedded Operating Systems

Sandboxing and privilege separation mechanisms are essential security concepts that enable resilience by isolating and limiting what a program can do. While desktop operating systems have various sandboxing APIs and libraries, embedded and real-time operating systems have a limited set of options. Embedded operating systems can significantly benefit from solutions that enable a more granular and specific privilege separation mechanisms. The research aim is to harden operating systems' security by studying how developers use sandboxing mechanisms in their software and make further suggestions in order to improve the usability and security of operating systems, and potentially to create a solution that fits the technical needs of embedded operating systems.

Dr Joseph Hallett (Bristol) 

Dr Daniel Page (Bristol)

John 'JC' Chapman 

Cybersecurity Considerations for the Implementation of Quantum Technologies in Smart Cities

Smart Cities (SC), or Connected Places (CP) in UK Government terms, promise to deliver many benefits for its citizens; however, strengthening and maintaining cyber resilience within the technological systems that underpin the SC services is crucial.  Although this has been recognised for some years, and mechanisms to protect SC infrastructures have been proposed, Quantum Computing (QC) capabilities may provide methods to undermine, or even circumvent, such protection mechanisms.  This thesis will assess what emergent QC capabilities are likely to threaten the cybersecurity of SC and propose new or enhanced methods to mitigate prioritised threats.  To do this the thesis will: 1) Review the technical and data enterprise architectural frameworks of SC and the current techniques offered to mitigate cybersecurity threats against their underlying CIS infrastructure and data repositories; 2) Provide a quantitative assessment of QC as a capability, in systems engineering terms, identifying what services, relevant to SC cybersecurity vulnerabilities, QC is likely to deliver, with what level of assurance and in what time frame; 3) Provide a threat analysis and highlight those areas/technologies of SC that are likely to be most at risk from emergent QC capabilities; and 4) Propose potential new or enhanced solutions to mitigate identified QC cybersecurity threats to SC.    

Professor Theo Tryfonas (Bristol)

Dr Sana Belguith (Bristol)

Zaina Dkaidek

Determining the Optimal Level of Cyber Security Investment

Cyber risk relevance and its impact on industry is growing significantly. This escalation is due to society’s increasing digitisation extending ICT systems’ attack surface, which form the backbone of advanced economies. Securing these systems is often complex and expensive, giving malicious actors numerous opportunities to exploit them. Therefore, firms must prioritise mitigating specific threats and vulnerabilities due to the probability and scope uncertainties of potential attacks. Currently, historical data is a poor proxy and insufficient for well-grounded cyber risk predictions; thus, determining which potential cyber security incidents to prepare for is a challenge. Furthermore, due to the increasing interdependence and interconnectedness of the cyber security realm, institutions are only as strong as their weakest link. 

Thus, organisations need to invest not only at a level that reduces their financial risks but also accounts for their interconnectedness and potential security externalities that could emerge from insufficient investments. These can leave great potential for negative externalities or decisions which can significantly impact all stakeholders, including firms, the general public, supply chains, and critical infrastructures. An entity must instead attempt to reach of level of security to allow resilience within these interdependent systems which will help in quickly bouncing back from and successfully responding to concerted attacks without high costs to firms and the public.

This study aims to produce a model that offers a scientific basis for high-level decision-making concerning the optimal investment in cyber security across various industries. It will consider investment in cyber security tools and human knowledge based on the Cyber Security Body of Knowledge (CyBOK) framework and also be able to adapt to the dynamic cyber security landscape. Ultimately, this model seeks to provide a cyber security investment methodology that would steer organisations to select the appropriate cyber security controls to maximise their  benefit, not just at the firm but also at the socially optimal level 

Dr Joanna Syrda (Bath)

Dr Matthew Edwards (Bristol)

Professor Adam Joinson (Bath)

 The impact of Machine Learning Security on the resilience of Connected Autonomous Vehicle Architectures

The future lies in smart cities where we have technology improving and facilitating citizens daily lives. Smart cities are a highly connected environment, which includes mobile devices, sensors around the city and services in the cloud. All of these components contribute data to big data analytics that use machine learning to bring value to the citizens of smart cities. Autonomous vehicles have also benefited from the evolution of machine learning, enabling functions such as the real time perception of hazards on the road, analysis of sensor data to prevent collisions and the optimisation of route planning. The future of autonomous vehicles will be connected and cooperative so that they benefit from the rich information systems around them to assist in decision making. This will provide benefits in time efficiency, money and most importantly improvement in safety. Nevertheless, the inclusion of machine learning technologies also provides another attack vector for adversaries.

Attacks on machine learning will have serious consequences for connected autonomous vehicles regarding safety of passengers and pedestrians in addition to impacts on businesses and services utilising these vehicles. We therefore must understand how the resilience of the connected autonomous vehicle networks are impacted by attacks on machine learning. By considering connected autonomous vehicle networks as a complex dynamic and connected system of machine learning models, we can investigate the possible cascading impact of attacks to aid architects in understanding the areas of weakness in these systems.

Dr Sana Belguith (Bristol)

Professor Theo Tryfonas (Bristol)

A mixed methods exploration of the motivations for, and impact of, Digital Identity Concealment 

Professor Adam Joinson (Bath)

Professor Catherine Hamilton-Giachritsis (Bath)

The Governance of Digital Immortality

‘Digital Immortality’, conceived by Microsoft researchers at the turn of this century (Bell & Gray, 2000), ignited visions of the possibility of a ‘Digital Afterlife’ and virtual online personas that could live long after the physical death of their human templates. These presences, formed by the digital remains of a living person, have already been trialled through ‘griefbots’ and avatars. With the motion set for a potential ‘grief tech’ industry through investments in products and services that heavily rely on generative AI, such as ‘Eter9’ and ‘StoryFile’, avatars of the deceased are increasingly likely to be a part of life and death.   

If these products and services were to become mainstream, how should they be governed and regulated, if at all? Within academic circles, concerns regarding human dignity, posthumous privacy, personality rights and ethics have already highlighted gaps within legal and policy frameworks, including issues such as the rights of the deceased, their avatars and the bereaved. These intersect with complex moral and spiritual considerations, including grief, loss and memorialisation. However, there are also technical hurdles to ponder, such as, how far can these virtual resurrections be believed if they are to be used in cases that provide comfort and benefit.  

The impact of these technological innovations remains uncertain and under-researched. Further, history has shown that it repeats itself as previous attempts at governing other technologies have often occurred during long lags between innovation, understanding of its wider impacts and a governance response or often that it is too late as a ‘lock-in’ has occurred (Collingridge, 1980; Lanier, 2011). Nevertheless, if timed well and with a collaborative approach with stakeholders, an anticipatory governance framework could be applied to potentially control the direction of this industry.

To inform the design of such a framework, this thesis follows a flexible design process where later studies are determined by earlier findings (Robson & McCartan, 2016). Thus far, the PhD commenced with a systematic literature review, followed by a governance gap analysis and semi-structured expert interviews with technologists, policymakers and those working in palliative care. The themes emerging from their answers suggest governance is needed but an important stakeholder yet to be engaged with is the users. Therefore, a public engagement would follow which is planned for 2024 before concluding the research with potential guidance on how to govern the phenomenon.

Professor Richard Owen (Bristol)

Professor Andrew Charlesworth (Bristol)

Cassie Lowery

Investigating crowdsourced digital activism and the security threats these actions pose

Technological advances have changed how groups organise and engage with collective action, and activists have often adapted new technologies to assist their changing needs (Sauter, 2013). Whilst new tools and tactics can provide activists with greater opportunities to advance their causes, they also potentially pose new security threats. Already, activists have taken advantage of a wide range of existing technologies, from posting photos on Google reviews to evade censorship restrictions, to launching distributed denial of service (DDoS) attacks. The latter has been made increasingly easy to deploy, even by those with less technical acumen, with the invention of software such as Low Orbit Ion Cannon (LOIC), and easily accessible online tools such as stressors and booters (Brooks et al., 2022; Karami & McCoy; Sauter, 2013). Often these technologically enhanced or enabled actions are enacted via large scale organisation on platforms such as Telegram or Twitter, where groups post open calls to take action, effectively crowdsourcing activism. Such threats impact not only the organisations and governments they target, and the online platforms in which they operate, but also the activists themselves.

This type of crowdsourced digital activism has been understudied by both technical cyber-security research and collective action research in psychology. To address these gaps within the research, an interdisciplinary approach will be adopted, combining the psychological and technological perspectives, to better understand the interplay between the technology, users, and the wider societal context.

This project will establish a thorough understanding of crowdsourced digital activism, the existing vulnerabilities these actions exploit, as well as considering trends and security threats we may face in future. Such work will enable avenues to understand, predict and, when necessary, counter the cybersecurity threats posed.

Dr Laura G.E. Smith (Bath)

Professor Adam Joinson (Bath)

 Constructing a holistic view of cyber incident response using Systems Thinking and re-imaging its future using creative methodologies 

Organisations are required to rapidly adapt to an ever-evolving threat landscape to defend themselves against attacks that are getting more sophisticated (Ahmad et al., 2020). Although a significant amount of work has been put into researching and developing the technical side of cyber security incident response (IR), more research is required into the practice of IR from a sociotechnical perspective to tackle the problems faced by organisations (O'Neil et al., 2021, Steinke et al., 2015). Moreover, in order to design and engineer effective solutions, a broader contextual awareness is key to understanding unbiased approaches to improving IR (Nyre-Yu et al., 2019). A holistic approach that treats IR as a whole system instead of separate parts or components is needed (L, 2022). Design thinking and speculative design practices can be used as innovation tools to explore this dynamic problem space. Therefore, this research is focused on pairing a systems engineering approach to understand the complex system of IR, with design and creative methodologies to provide innovative solutions and ways to reimagine the future of IR. 

Professor Adam Joinson (Bath)

Dr Barney Craggs (Bristol)

Professor Danaë Stanton Fraser (Bath)

Firmware Binary Code Analysis for Vulnerability Detection Towards Cyber Security of IoT

This project aims to improve techniques for the identification of memory misuse in binary executables, examples of which include: the failure to check memory allocation; buffer over/underflow; use-after-free; double-free. These misuses may readily lead, not only to bugs but also to significant security issues. These are often found in the C programming language which is still used widely today and is valued for the freedom and control it offers a skilled developer. In particular, it is frequently used to program stand-alone computing devices such as sensors and control equipment, where resource constraints present unique challenges.Although the C language is often the source of many issues, this project assumes we do not have access to the original source code and instead focus solely on binary programs. This is a common scenario in industry where there is source code available for deployed programs. Furthermore, the project intends to consider binary code for multiple platforms e.g. x86, MIPS, ARM etc.The project intends to extract features from binary code that are suitable for a variety of machine learning techniques. Progress has been made in extracting features from the code representing the flow of data between points of interest, such as memory allocations and subsequent array iterations. These paths will be standardised to form a training set and annotated with known pathologies for supervised learning.

Professor Awais Rashid (Bristol)

Dr Joseph Hallett (Bristol) 

Maria Sameen

Professor Awais Rashid (Bristol)

Dr Ryan McConville (Bristol)

Professor David Galbreath (Bath)

Dr Olivia Brown (Bath)

 Threat Intelligence Pipelines in IT/OT Convergent Networks

Industrial control systems (ICS) were long secluded from the outside world, giving them an inherent layer of security. This layer was shed with the emergence of wide-area networks, inter-connectivity of devices, and the commodification of data. This was the IT/OT convergence, where data regarding the operation of ICS started being transferred from the OT network to the IT for quota and commercial monitoring. ICS devices like PLCs, RTUs, and HMIs lack the developments in security usually found in IT devices and an OT network can often contain devices that are decades old. A growing field of research involves implementing secure designs and protocols into these ICS devices in order to maintain the convergence. One area that has yet to fully translate over is that of Threat Intelligence. The aim of my thesis is to investigate the application of IT threat intelligence practices to modern OT networks. This involves researching reliable threat intel generation, enrichment, and application. There are many features that impact these areas, such as threat actor sophistication, patch cycles, time-to-live of intel, and device obscurity. All of this combined would create a Threat Intelligence pipeline that details recommended steps in the process of securing OT networks.

Dr Joe Gardiner (Bristol)

Dr Matthew Edwards (Bristol)

A Framework to Construct Digital Twins for Dynamic Risk Assessment in Critical Infrastructures

Modern societies rely more than ever on a sophisticated array of critical infrastructures. Due to escalating risks and the prevalence of attacks, there is an increasing need for research to safeguard and sustain the intricate nature of these infrastructures. One research area is dynamic risk assessment which recognizes the evolving nature of critical infrastructures, their interdependencies, and surroundings. The other area is digital twins that can be conceptualized at various levels based on their characteristics.

Understanding how digital twins characteristics, mainly fidelity and synchronization, influence the relationship between dynamic risk assessment and the digital twin is essential. This comprehension aids in identifying the ideal abstraction levels and building blocks of a digital twin specifically crafted for dynamic risk assessment in critical infrastructures.

The objective of this work is to formulate an empirically grounded framework for digital twins in dynamic risk assessment for critical infrastructures. This framework will equip experts with the essential characteristics to construct or refine digital twins and thus enhance their utility for dynamic risk assessment.

Professor Awais Rashid (Bristol)

Dr Alma Oracevic (Bristol)