CDT in Cyber Security for the Everyday Showcase-April 20th 2023: Professor Keith Martin

 The EPSRC Centre for Doctoral Training (CDT) in Cyber Security for the Everyday was delighted to host the return of our annual Showcase as an in-person event at Cumberland Lodge in Great Windsor Park. The CDT funds around ten PhD research studentships each year, with each cohort of researchers undertaking an immersive year of training in cyber security, followed by three years of research. The Showcase welcomed members of the CDT, colleagues at Royal Holloway, and external partners, to learn about some of the fascinating work being undertaken by researchers across the CDT cohorts, and across the many disciplines that relate to cyber security.

The opening session featured presentations by several students who have already commenced their studies. Nicola Bates discussed her use of `systems thinking’ to improve the accessibility of knowledge in the cyber domain for key organisational decision makers. Giuseppe Raffa then presented his work on evaluating the effectiveness (sometimes ineffectiveness due to significant delays in reaction times) of various anti-virus software packages for Linux. Rebecca Hartley introduced her research on how place-based digitalisation projects such as smart and connected cities are conceptualised, examining sometimes hidden issues, such as considering whose security concerns are really being represented by the narratives underpinning these initiatives. Finally, Taylor Robinson set out her plans to investigate how digital technology impacts the security of the many (35%) `female-headed’ households in Thailand, who are often marginalised through social stigmatisation, and represent a large, but previously unstudied, online community.

We then heard from the newly-formed Digital Security in Latin America (DSLA) Group, established by three CDT researchers (Jamie Barr, Sofia Liemann Escobar, Jessica McClearn) who have, co-incidentally, based their projects around different aspects of cyber security in Latin America. The DSLA aims to bring together researchers across the world who have interests in aspects of digital security of societies throughout Latin America. Beyond knowledge sharing, the DSLA aims to establish a network of interest in this area, and has already held an inaugural workshop which brought together over 30 researchers from Latin America and elsewhere who discussed regional cyber security policy and the impacts of political change in the region. The DSLA also aims to conduct short studies that traverse individual interests of its members, and has investigated and reported on the activities of the Guacamaya hacktivist group, as well as cyber security issues arising from recent elections being held in countries within the region.

The last session before lunch featured five-minute lightning talks by thirteen new CDT students in the first training year, who had recently completed six-week mini-projects on topics of their choice. These provided an excellent overview of the breadth of work being done by the CDT and included work on cryptographic support for anonymous networks, the imbalance between perceptions of risk by designers and users of secure messaging protocols, reasons behind the failure of the UK track-and-trace technology, how to strengthen the security of Automated Identification Systems in shipping, improvements in cyber-criminal profiling, cryptographic proofs based on functional encryption, identifying gaps in research on cyber economic espionage, speeding up homomorphic encryption, benefits and risks of using gamification in cyber security, limitations of current evaluations of trusted execution environments, measuring effectiveness of cyber security strategies, and vulnerabilities arising from dependencies in software development.

Wow! It was definitely time for lunch, especially as this was held in the sunny courtyard behind the main building while Red Kites soared overhead…

The afternoon began with a poster session, providing an opportunity for guests to discuss research projects directly with those undertaking them. It was hard to bring the room to order for the next set of presentations, so the posters evidently went down well!

The first afternoon presentation was another testament to cohort building within the CDT, as three first-year researchers presented their joint work on exploring security attitudes amongst software developers. Their research seeks to determine to what extent software developers are concerned with security, how they engage with automated toolkits, and what sources they trust when confronted with security issues. The work represents a collaboration between two computer scientists (Cameron Jones and Sam Smith) and one social scientist (Mikaela Brough), with the latter providing guidance on research methodology, particularly on interview design and data analysis.

Next up was Marcos Tileria, bravely presenting the (at the time unfinished) story of his PhD journey on the day before his PhD viva! Marcos’ thesis concerns security and privacy in app-based ecosystems, and he gave a short overview of the main findings. Marcos developed novel frameworks for information flow analysis in new platforms such as Android Wear and Android TV. His frameworks have helped uncover new issues in both platforms, including very worrying privacy practices in the apps being developed for the Android TV platform. He has also developed new benchmarks to help other researchers evaluate their proposals for similar flow analysis for these devices. He then went on to discuss his personal experience of undertaking a PhD during the pandemic. He framed this as the good: the `best experience of my life’ in going through the intellectual and personal challenge of a PhD, with special thanks reserved for his supervisory support; the bad: the awkward process of `divorcing’ from his initial supervisor, and how this process taught him to always communicate with others when difficulties present themselves; and the ugly: the mental stress and loss of opportunities experienced during the height of the pandemic. We are very pleased to postscript Marcos’ story with the news that he passed his viva with flying colours.

The last presentation was by CDT graduate Amy Ertan, who titled her talk `The CDT and Me’. Amy overviewed her thesis work on exploring the security implications of artificial intelligence in military contexts. She also discussed her current role as a policy officer in NATO Headquarters in Brussels, where she is tasked with providing a strategic view of the cyber threat landscape and considering what NATO can do to defend against potential threats. She reflected on how motivational her experience on the Cyber 9/12 Policy competition event was in determining her future career. Her advice to current researchers was to embrace every opportunity to experience different environments (whether on CDT visits, internships, or fellowships) and to practice presenting in different ways, since it is these experiences that best prepared her for life beyond the thesis. However she cautioned that while facts and arguments can deliver an excellent PhD thesis, in the workplace an ability to influence others is also necessary, otherwise the best facts and arguments can so often be lost in the wider debates. This is something we have noted for possible future CDT training.

At the close of another fascinating day, everyone was left to reflect on the breadth of work being undertaken in the CDT, having revelled in the opportunity to discuss it in person rather than through a maze of shifting squares on a digital screen. Located in the magnificent former residence of the Rangers of the Great Park, we were also humbly reminded of the march of history and how today’s research speculations and formulations will soon become the target of reflections on past work by future scholars.
Please look out for details of next year’s event – do get in touch if you wish to be added to our invitation list (CyberSecurityCDT@rhul.ac.uk)