PhD topics

Suggested PhD topics in Cyber Security, Privacy and Trust.

If you are interested in one of these topics, please read the application guidance first and then contact the named supervisor to discuss.

 

  1. Privacy-preserving interactive technologies. Interactive technologies in smart homes, augmented and virtual reality (AR/VR) automate our daily routines and create an immersive reality. The new experiences, however, accompany unprecedented risks to consumers as these advanced Interactive technologies expose numerous attributes of their users that must be kept private. This project will advance the understanding of user perceptions, operational and regulatory requirements for the privacy of these technologies and develop practical privacy control and enforcement systems for them. Contact: Jingjie Li.

  2. Safety of interactive artificial intelligence (AI) agents. With rapidly developing AI technologies, we live in a world with more embodied and human-like AI agents. These agents are more than our next human-computer interface but companions for productivity, entertainment, and mental support. Given the agents’ capabilities to make decisions and take action, their safety, security, and privacy issues raise increasing concerns. This project will establish a framework to evaluate the safety issues of interactive AI agents and develop mechanisms to address these gaps. Contact: Jingjie Li.

  3. Internet culture of privacy and security. Privacy and security are products of human culture and have become cultural phenomena on the Internet. Online communities, where people exchange massive amounts of information, incubate such cultures of privacy and security. These Internet cultures can influence people’s privacy, security, and even adversarial behaviors. By measuring and understanding online communities, this project will study the interplay between cultural factors and people’s privacy and security behaviors. Contact: Jingjie Li.

  4. Deep Threats in Autonomous Vehicles. From self-driving cars to delivery drones, autonomous vehicles are becoming everyday.  But the blackbox or greybox nature of deep learning potentially undermines the required safety criticality and in the wrong hands could pose severe cyber security threats. Using vehicle perception and navigation as case studies, this project will systematically study threats arising from deep learning to autonomous vehciles and look at effective and generic mitigations. Contact: Chris Xiaoxuan Lu
  5. Internet of Safe Things. With billions of connected devices deployed, Internet of Things (IoT) based cyber-physical systems (CPS) bring unprecedented risks due to the unexpected interaction between systems and the larger number of attack vectors. These arise in medical devices, smart home appliance control, digital twin development or conflicts in policy execution at a societal scale. PhD topics will focus on the security, privacy and safety issues and investigate solutions that integrate hardware and software components, particularly those that have humans in the loop. Contact: Chris Xiaoxuan Lu
  6. Cyber risk analysis and modelling of  uncertainties related to potential data/privacy breaches and the economic costs. Optimal decision models among the costs of managing cyber security, users satisfaction and cyber risks faced by organisations. Contact: Tiejun Ma

  7. Human factors modelling related to cyber risk taking and decision making.  Particularly in relation to fintech applications (e.g. mobile, transactions, fraud and AML).  Contact: Tiejun Ma

  8. Design and analysis of electronic voting protocols. Many countries have or plan to conduct legally binding elections using electronic voting systems. Such systems need to provide security guarantees, e.g., fairness, privacy, and verifiability. These are tricky to establish and can be in conflict with one another. Several proposed electronic voting systems have been found to fail to achieve their intended security goals, demonstrating the need for formally verified electronic voting systems. Contact: Myrto Arapinis

  9. Verification of Security of the mbed OS uVisor (with ARM). The mbed OS uVisor is a core security component for ARM's mbed IoT platform. It creates isolated security domains M7 microcontrollers with a Memory Protection Unit (MPU). On top of these the uVisor provides a flexible compartmentalisation using separate security domains ("Secure Boxes"), configured with ACLs. This project will apply theorem proving methods to help define and then verify correctness and security properties of the uVisor implementation, building on previous work on instruction set models and decompilation techniques. Contact: Ian Stark.

  10. Formal Specifications and Proofs for TrustZone (with ARM). Increasing complexity and connectivity in microcontroller devices motivates new protection mechanisms to improve reliability and security. ARM's TrustZone for ARMv8-M provides a separate "secure world" execution mode to enable features such as secure firmware updates, safe integration of code from multiple suppliers and controlled access to privileged peripherals. This project will study the low-level instruction set design of TrustZone for ARMv8-M, devising formal specifications describing the security properties that hold at the instruction level and proofs that these provide the intended protection against low-level attacks. Contact: Ian Stark

  11. Quantum-enhanced Cloud. The security of the cloud could be obtained through Fully Homomorphic Encryption schemes. However these schemes are potentially breakable in a post-quantum regime and require huge overhead and hence despite intensive efforts from all the major players in the information industry, they remain mainly infeasible. The primary goal of this project is to develop quantum enhanced protocols where both efficiency and security are boosted. Implementations of plug and play solutions for these new protocols will be also pursued in realistic scenarios. Contact: Elham Kashefi.

  12. Mobile Crowdsensing with Location Privacy. Using sensor data from mobile phones for better understanding of users and fine-grained monitoring of the environment is a major current research topic. From point of view of privacy, the challenge is to infer important features from collective data, without compromising location and other sensitive information of any individual. Contact: Rik Sarkar.

  13. Security of Blockchain protocols. Study the underpinnings of blockchain based distributed protocols, including the mechanisms behind Bitcoin, Ethereum and other cryptocurrency systems. Contact: Aggelos Kiayias or Tariq Elahi.

  14. Privacy engineering. Technical building blocks such as cryptography, steganography, and statistical methods like differential privacy are necessary foundations to build secure and private systems. However, privacy threat modelling, privacy-preserving data collection and analysis, and privacy-aware machine learning coupled with autonomous agents can enhance the security and privacy posture of resulting systems. This research theme will develop novel technical tools, AI/ML models, and engineered mechanisms to ensure systems remain within “well-behaved” security and privacy operational envelopes. Contact: Tariq Elahi 
  15. Embedding privacy into communication infrastructure. Privacy is often an afterthought in digital communication networks. Solutions like VPNs, Tor, and mixnets act as proxies to provide privacy of communications. This research theme will bring Tor and mixnet-like functionalities to the network layer of the Internet stack to achieve parity, or more robust, privacy protections for a wide range of distributed systems such as blockchains and distributed ledgers, Internet of Behaviours (IoB), and the wider Internet. Contact: Tariq Elahi 
  16. Anonymous communications, anti-censorship and surveillance resistance. Pervasive tracking and monitoring are an ongoing threat on the Internet from both legal--such as governments and law enforcement--and criminal--such as hackers and organized crime--entities. Anonymous and unlinkable communications are a key protection to safeguard the privacy and safety of our activities online. This research thread will explore technical measures to combat surveillance and censorship on the Internet with a focus on nascent satellite Internet constellations such as Starlink and OneWeb to address challenges to free and open communication on the Internet as well as underserved areas such a distributed ledger (e.g. blockchain) and IoT deployments. Contact: Tariq Elahi 
  17. Privacy in communication systems. Study the concept of privacy in communications and data sharing and design and analyze systems that facilitate it using suitable cryptographic and statistical methods. Contact: Aggelos Kiayias.

  18. Applied and Theoretical Cryptography. Study cryptography from both applied and theoretical angles and apply it to solve problems such as secure channels, identification systems, cloud storage, secure digital content distribution and others. Contact: Aggelos Kiayias, Michele Ciampi or Markulf Kohlweiss.

  19. Secure Remote Authentication via Game Playing. This project investigates a new approach to secure remote authentication which frames the problem as an interactive game between client and server, in which the server has to reason about the complex behaviour of the client based on observed game moves.  Contact: Stefano Albrecht.

  20. Consensus in a world with quantum technologies.  The goal is to explore consensus protocols, such as Blockchain and Byzantine Agreement, in the presence of quantum technologies. Quantum technologies can be used either by adversaries in order to break existing classical protocols, or by honest parties to achieve better performance as far as efficiency or level of security provided.  In this project both directions will be considered. In the first direction (quantum adversaries) full security analysis of classical consensus protocols against quantum adversaries will be carried out, including: (i) ensuring that for all subroutines if hard problems are used to guarantee security, then these problems remain hard when the adversary has a quantum computer (e.g. base security on lattice crypto), (ii) the security definitions and the proof techniques are compatible with quantum adversaries. As far as the second direction is concerned, it is known that (simple) quantum technologies can be used to achieve enhanced Byzantine Agreement protocols.  The investigation will take into account (i) realistic constraints and (ii) proper security analysis that includes hybrid quantum-classical subroutines by addressing the issue of composability of quantum and classical protocols.  Contact: Petros Wallden or Elham Kashefi.

  21. Tactics for Attacks; Safety and Security models.  One idea is to extend of attack trees with ways to reason about, and generate, traces of actual attacks, using "tactics" (a notion from interactive theorem proving).  Another idea is to study combined structural models for capturing safety and security together.   Contact: David Aspinall.

  22. AI for Security or Security for AI.  Attackers continue to find software and hardware vulnerabilities to exploit. AI methods can help discover problems or potential attacks looking at systems or their behaviours; future AI methods may even automatically respond or repair systems during operation.  How can we be sure such systems are effective and not just "AI Snakeoil"?  Conversely, AI systems themselves provide new attack vectors, for example, by poisoning data, stealing models or concealing Trojans.  How can we be sure that black box AI systems are trustworthy?   PhD topics may investigate a particular AI method (program synthesis, critics and abstraction-refinement, reinforcement learning, neural networks).   Useful backgrounds include software security, program analysis, logic and reasoning, AI or data science methods.  Contact: David Aspinall

  23. Economics of Security and Privacy.  Many security and privacy outcomes are driven by the economic incentives surrounding firms and individuals. These problems can be studied with a mixture of economic theory and technical measurement. Potential PhD topics include risk quantification, security control selection, cyber insurance, crisis response, exploit broking and many other topics in security and privacy.   These topics are also open to students without computer science training.  Contact: Daniel Woods.

  24. Foundations for composable security. Study how to formally reason about the composition of cryptographic systems, both on paper and using proof assistants. The focus is on laying foundations, e.g. by finding a category theory based language for cross discipline communication and investigating programming paradigms for modeling protocols as pseudocode.  Contact: Markulf Kohlweiss.
  25. ZKML and ZKAI. Study how to make machine learning and artificial intelligence verifiable in an as trust-less as possible manner. This allows answering questions such as: Was the query result really derived from the claimed model using the claimed prompts? How does the model change over time? Is ChatGPT getting worse? What data is being used to train the model?  Contact: Markulf Kohlweiss.
     

Staff listed here may also be interested in other PhD research proposals on other topics, contact them to discuss.

[ Note for staff: please contact David Aspinall with updates/additions to this list. ]