Seminars & Workshops

Miranda Mowbray - July 2018

Machine learning for Cyber Security

Dr Miranda Mowbray is a Lecturer in Computer Science at the University of Bristol, and joins us for our July Seminar Series, talking about some of the difficulties with using machine learning for detecting cyber security attacks on enterprise networks.

 

 

Date: 26th July 2018

Time: 13.00pm - 14.30pm

Location: InfoLab 21, D55

Followed by Tea, Coffee & Biscuits. ‌

 

Miranda's talk will talk about some of the difficulties with using machine learning for detecting cyber security attacks on enterprise networks, and ways to address them. The seminar will also talk about a successful application of machine learning for cyber security, using both supervised and unsupervised learning to detect some previously-unknown malware.

Mini-bio: Miranda Mowbray is a lecturer in Computer Science at the University of Bristol, where her research interests include cyber security and big data ethics. Most of her career has been in industrial research, at HP. Her PhD is in Mathematics, from London University. She is a Fellow of the British Computer Society.

The Seminar Series is open to all, so please feel free to drop-in on the day, or register your interest by contacting Paul Bennett for more details. 

Cath Goulding - May 2018

DNS - what's in a name?

Cath Goulding, Head of Cyber Security for Nominet UK, the company best known for running the .uk domain name registry, joins our Seminar Series to talk about how DNS works, and the cyber threats it faces.

Date: 17th May 2018
Time: 13.00pm - 14.30pm
Location: InfoLab 21, D55

Followed by Tea, Coffee & Biscuits. ‌

Cath Goulding is Head of Cyber Security for Nominet UK, the company best known for running the .uk domain name registry.

Since 1996, Nominet has managed and run domain names that end in .uk and are now one of the worlds largest country code registries. With over 3m businesses, and millions more customers who rely on their domain registry services, Nominet is the UK’s official country-code domain. The Domain Name System (DNS) is critical to the operations of the Internet and this talk will outline how DNS works and the cyber threats it faces. Cath will also give insight into her career and outline some of the lessons she has learnt along the way.

Bio:

Cath Goulding

Head of Cyber Security, Nominet UK and Board member of the Women’s Security Society

Cath has 18 years’ experience in the cyber security profession having worked for both UK Government and the private sector. A thought leader in her field, she frequently speaks at security and internet conferences and has provided articles and comments for multiple publications. Her career was profiled in the Financial Times and she has appeared on the BBC promoting women into the IT profession.

Cath currently works as Head of Cyber Security for Nominet UK, the internet company best known for running the ‘dot.uk’ registry and therefore critical to internet operations in the UK. Prior to joining Nominet, Cath worked at GCHQ holding a variety of posts in the field of cyber security. Cath has a BSc in Mathematics, an MSc in Human Computer Interaction and is CISSP qualified. She was awarded Security Champion at the Women in IT awards 2015 and sits on the board of the Women’s Security Society..

Phil Warren - April 2018

Shipping containers, Russian criminals, American Spooks and Nuclear Weapons’: an intelligence-led case study of a cyber breach.

Phil Warren, Deputy Chief Information Security Officer at the Bank of England talks about the NotPetya cyber breach, the impact of these attacks and what we can learn.

Date: 26th April 2018
Time: 13.00pm - 14.30pm
Location: InfoLab 21, D55

Followed by Tea, Coffee & Biscuits. ‌

The NotPetya cyber breach destroyed thousands of servers, PCs and applications and cost businesses hundreds of millions of pounds. The impact of these attacks can be deconstructed and traced through a murky world of criminality and hostile state-sponsored activities. However, what can we learn from this episode?

  • Why there will be more of this activity to come
  • How attackers lost control
  • The challenge of attributing cyber-attacks and what we ‘don’t know’,
  • What we can do about it       

 

Bio:

Phil Warren is the Deputy Chief Information Security Officer at the Bank of England. Phil deputies for and runs many of the operations on behalf of the CISO against the broad portfolio of the Bank’s cyber mission: intelligence, investigations, policy, governance, risk, compliance, education and innovation. Phil is currently involved in a number of specific pieces of work aimed at developing cyber maturity in the Bank and sector: including the Bank’s internal enterprise-wide mitigation strategy, the renewal of RTGS and Project STRIDER, which aims to increase collaboration across the sector for cyber incident response. Phil is also part of the Bank’s privacy work – supporting the implementation of changes to meet GDPR compliance in May 2018. Prior to joining the Bank in 2014, Phil spent 10 years in government supporting national security requirements including cyber defence.

The Seminar Series is open to all, so please feel free to drop-in on the day, or register your interest by contacting Paul Bennett for more details.

Dr Adrian Venables - March 2018

The Importance of good process in Maritime Cyber Security

Dr Adrian Venables is a Commander in the Royal Naval Reserve, independent cyber security consultant and honorary researcher at Lancaster University, he has worked for both government and industry clients advising on computer security, including a part time role at the UK’s Defence Cyber School

Date: 22st March 2018
Time: 13.00pm - 14.00pm
Location: FASS Meeting Room 2

Followed by Tea, Coffee & Biscuits. ‌

The use of the cyber security triad of confidentially, integrity, and availability is well established in describing the necessary attributes to ensure that information is safeguarded. To achieve each of these elements, another trio of factors is often considered comprising people, process and technology. Although advocates of this triptych of capabilities have previously acknowledged the equal status of each one, increasing importance is now being placed on the technology and people components and less on the process aspect. This has been demonstrated by some cybersecurity practitioners who have emphasised that security technology is at the heart of the enterprise and in the increasing focus of training and upskilling people who have been largely regarded as the greatest single vulnerability in any organisation.

This has resulted in the role of process attracting less interest in terms of resources and emphasis, which is now at risk of becoming the significant weakness within an overall security posture. This paper seeks to address this shortcoming by considering how the role of the process element of cybersecurity can be emphasised by highlighting its importance and, in using the maritime sector as a case study, what factors should be considered by policy makers to produce effective and efficient processes to align the technological and people elements as part of a comprehensive cyber security strategy.

Bio: 

Dr Adrian Venables, served in the Royal Navy for 24 years as a Communications, Warfare, and Intelligence officer and was responsible for the provision and security of a range of Information Systems worldwide, including the management of specialist teams deployed to operational theatres.

Since leaving the Service, he has published a series of journal articles and research papers on the cyber threat landscape and its use by state and non-state actors for espionage, sabotage, and subversion within the maritime environment. A Certified Information System Security Professional and Certified Information System Manager, he holds seven computing and cyber security based degrees and is a Chartered Information Technology Professional Fellow of the British Computing Society, Chartered Engineer Member of the Institution of Engineering Technology and Fellow of the Chartered Management Institute.

More about the Defence Cyber School can be found here:

The Seminar Series is open to all, so please feel free to drop-in on the day, or register your interest by contacting Paul Bennett for more details.

If you missed the seminar, and would like more information, you can download a copy of Adrian's presentation here:

Dr Budi Arief - January 2018

Earworms Make Bad Password: An Analysis of the Noke Smart Lock Manual Override.

Budi Arief, Senior Lecturer in the School of Computing at the University of Kent, presents a security analysis of the manual override feature of the Noke smart lock. 

Date: 25th January 2018
Time: 13.00pm - 14.00pm
Location: Infolab21, C60b/c

Followed by Tea, Coffee & Biscuits. ‌

The Internet of Things (IoT) has the potential to make lives more comfortable and effortless, through various assistive products and services built using small, wireless devices; for example, to enable personalised services (in which the user gets their environment configured and presented to their preference) or multi-factor effortless and continuous authentication (where the user does not need to remember burdensome passwords but uses instead biometrics and other wearable tokens). However, these devices could also pose new large-scale privacy and security risks that are not properly understood yet, and constitute an ongoing research challenge.

This talk presents a security analysis of the manual override feature of the Noke smart lock. The Noke smart lock allows its user to operate, monitor and even share his smart lock with others through a smartphone. To counter the risk of being unable to open the lock when the smartphone is unavailable, it provides an override mechanism. Noke implements this override feature using a quick-click scheme, whereby its user can choose a sequence of eight to sixteen short and long shackle presses (similar to a Morse code).

Bio:

Budi Arief is a Senior Lecturer in the School of Computing at the University of Kent. His research interests are in cybercrime, the security and dependability of computer-based systems, cyber security education, and the Internet of Things, with a strong overarching element of interdisciplinary research. His current work focuses on the socio-technical aspects of ransomware, as part of the EPSRC EMPHASIS (EconoMical, PsycHologicAl and Societal Impact of RanSomware) project. He obtained his B.Sc. in Computing Science (First Class) and Ph.D. in Computing Science, both from Newcastle University. Prior to joining the University of Kent, Budi was a Senior Research Associate in the School of Computing Science at Newcastle University.

More about Budi Arief can be found here:

The Seminar Series is open to all, so please feel free to drop-in on the day, or register your interest by contacting Paul Bennett for more details.

 

 

Professor Aggelos Kiayias - November 2017

Proof of Stake Blockchain Protocols

Join us as Professor Kiayias presents recent results in the design and analysis of stake blockchain protocols. The talk covers the design strategy behind Ouroboros and Ouroboros Praos, as well as analyzing the concept of forkable strings & string divergence which is at the core of the security analysis. 

Date: 30th November 2017
Time: 14.00pm - 15.00pm
Location: InfoLab21, D55.

Followed by Tea, Coffee & Biscuits. ‌

We present recent results in the design and analysis of proof of stake blockchain protocols. The talk will cover the design strategy behind Ouroboros and Ouroboros Praos, as well as we will introduce and analyse the concept of forkable strings as well as string divergence which is at the core of the security analysis. The security analysis covers both the synchronous and partial synchronous model as well as static, delayed and fully adaptive corruptions.

Bio:

Aggelos Kiayias is chair in Cyber Security and Privacy and director of the Blockchain Technology Laboratory at the University of Edinburgh.

He is also the Chief Scientist at blockchain technology company IOHK. His research interests are in computer security, information security, applied cryptography and foundations of cryptography with a particular emphasis in blockchain technologies and distributed systems, e-voting and secure multiparty protocols as well as privacy and identity management. 

His research has been funded by the Horizon 2020 programme (EU), the European Research Council (EU), the Engineering and Physical Sciences Research Council (UK), the Secretariat of Research and Technology (Greece), the National Science Foundation (USA), the Department of Homeland Security (USA), and the National Institute of Standards and Technology (USA).

He has received an ERC Starting Grant, a Marie Curie fellowship, an NSF Career Award, and a Fulbright Fellowship. He holds a Ph.D. from the City University of New York and he is a graduate of the Mathematics department of the University of Athens. He has over 100 publications in journals and conference proceedings in the area. He currently serves as the program chair of the Financial Cryptography and Data Security conference 2017. 

Find out more here:

The Seminar Series is open to all, so please feel free to drop-in on the day, or register your interest by contacting Paul Bennett for more details. 

Dr Pete Burnap - October 2017

Real Time Prediction of Drive By Download Attacks on Twitter.

Join Dr Pete Burnap from Cardiff University as he delivers his seminar on "the Real Time Prediction of Drive By Download Attacks on Twitter", where he explores his research of online social networks (ONS) and propagation of malicious or potentially dangerous content, leading to the risk of drive-by-downloads.

Date: 26th October 2017
Time: 14.00pm - 15.00pm
Location: Infolab21, C60b/c

Followed by Tea, Coffee & Biscuits. 

Our previous research has studied online social networks (ONSs) and propagation of malicious or potentially dangerous content (e.g. hate speech, suicidal ideation). People use online social media to find information about events in real-time (619k tweets per minute during FIFA world cup final) and cyber criminals take advantage of this to launch surreptitious attacks by posting links to malicious Web sites, leading to the risk of drive-by-downloads - URLs pointing to malicious servers but hidden in attractive content 

Bio:

I am a Reader (Associate Professor) in Data Science & Cyber Analytics at Cardiff University. I lead the Social Computing research priority area in the School of Computer Science & Informatics’ Complex Systems research group. I have developed a reputation for data-driven, innovative, and interdisciplinary research that broadly contributes to the growing field of Data Science, working closely with the Cardiff School of Social Sciences and School of Engineering. I am an applied computer scientist with a principal focus on data and computational methods to improve understanding, operations and decision making outside of academia, while contributing to the academic fields of Social ComputingWeb Science and Cybersecurity.

These three fields are integrated within my research through the  analysis and understanding of Web-enabled human and software behaviour, with a particular interest in emerging and future risks posed to civil society, business (economies) and governments. I achieve this using computational methods such as machine learning and statistical data modelling, and interaction and behaviour mining, opinion mining and sentiment analysis to derive key features of interest.

My research outcomes, which include more than 60 academic articles – stemming from funded research projects worth over £10 million, are organised and disseminated via two research units:

The Social Data Science Lab, within which I am a director and the computational lead. The Lab’s core funding comes from a £450k ESRC grant and it forms part of the £64m ‘Big Data Network’. Core funding runs between 2017 and 2020, during which time the Lab will host 3 post-doctoral researchers and 9 PhD students, all studying topics related to Risk, Safety & Human/Cybersecurity.

The Airbus Centre of Excellence in Cyber Security Analytics, within which I am the director. The centre works across industry, academia and government to provide a focus for cyber security analytics in the UK. Cyber security is a priority research area at Cardiff University, supported with strategic investment. Since 2012 we have established an interdisciplinary research team of technical and social researchers. Our collaborative projects have received more than £5m in funding from UK Research Councils (EPSRC, ESRC), Welsh Government (Endeavr Wales) and Industry (Airbus).