Cyber Security and Resilience for Digital Infrastructures and Technologies
The Glasgow Cyber Defence Group (GCDG) is an international leader in the cyber security and resilience of digital infrastructures and technologies, working closely with a broad range of academic, industrial and government partners. Our research spans across multiple domains and is focused on developing practical methods to address pragmatic security and privacy challenges in networked systems, hardware, software and human factors.
GCDG has a long tradition on cyber security and resilience of Cyber-physical Systems (CPS) primarily on Industrial Control Systems (ICS) serving a number of critical national infrastructure sectors (e.g., energy, defence) and hosts the unique Cyber Defence Laboratory. We have strong contributions in programmable network security for large-scale networked systems, security-by-design in hardware systems (e.g., FPGAs) and IoT devices, usable and human-centred security, privacy engineering and software verification.
Theme Lead: Prof Dimitrios Pezaros
Glasgow Cyber Defence Lab
The Glasgow Cyber Defence Lab (GCDL) is unique in the UK and one of only 3 comparable facilities worldwide that focus on the cyber security of safety-critical cyber-physical systems. Supported by a number of industrial partners we solicit realistic requirements and provide exclusive access to a set of safety-critical network infrastructures including both conventional technologies and domain-specific Cyber-Physical Systems (CPS) with specific setups of Industrial Control Systems (ICS). The lab has supported highly impactful research in securing ICS over the years which has shaped Scottish, UK-wide, European, and UN cyber security policies for the civil energy, nuclear, utilities and aviation industries. More information can be found on the research page here.
Secure & privacy Respecting Ubiquitous Systems (SIRIUS) Lab
The SIRIUS Lab hosts a range of equipment to support world-leading research in user-centric and usable security and privacy of ubiquitous computing systems. Facilities include a Virtual Reality (VR) lab to support our privacy, security and child-safety work in virtual and augmented reality; the usability lab which sup-ports user-centred evaluations of novel security and privacy-enhancing technologies that we develop; and a range of flexibly deployed and mobile research equipment including eye trackers, VR/AR/XR headsets, a 3D-printer, and thermal cameras for the evaluation of spoofing attacks based on thermal footprints of usage patterns on computer peripherals (e.g., keyboards) and devices.
Track record - staff
Prof. Dimitrios Pezaros (lead) - founding director of netlab and director of Glasgow's Cyber Defence Laboratory, Professor Pezaros holds the Royal Academy of Engineering (RAEng) Research Chair in Digital Resilience for Critical National Infrastructure. His research focuses on networked systems resilience through always-on monitoring and adaptive resource provisioning, anomaly and intrusion detection for virtualised, software-defined, and resource-constrained (e.g., industrial and IoT) networked infrastructures.
Prof. Shahid Raza - Chair Professor of Cybersecurity at the University of Glasgow, his research focuses on hardware, data, and network security for IoT, AI/ML-based cybersecurity for IoT, IoT assurance and re-certification.
Prof. Wim Vanderbauwhede - research with a focus on CyberSecurity of IoT and other smart devices, with the aim of making the design of hardware systems (in particular FPGAs) proof against errors and tampering, through the use of advanced type systems.
Dr. Thomas Zacharias - research focuses on the formal modelling, design and analysis of cryptographic algorithms and protocols.His main areas of interest are electronic voting systems, blockchain protocols, privacy-preserving communications, distributed computing, and secure multiparty computation. He currently explores the problem of decentralisation, as an act of distributing trust among protocol participants, in several topics of Cybersecurity (e.g. electronic voting, blockchains, anonymous broadcast, and contact tracing).
Dr. Nguyen Truong - focuses on developing new techniques for personal/health-care data processing and management to cope with stringent requirements of data protection legislation like the GDPR; as well as strengthening the decentralisation and trustworthiness of networking systems by leveraging various state-of-the-art technologies including Blockchain and Distributed Ledger Technology (DLT), advanced cryptosystems, Trusted Execution Environment (TEE), and Federated Learning.
Dr. Dongzhu Liu - research interests include private federated learning and distributed Bayesian learning at the edge. Most IoT devices are connected via wireless links that provide a chance to exploit the randomness in wireless systems as differential privacy mechanisms.
Dr. Jeremy Singer - is primarily focused on research related to secure execution environments and investigates the composition of novel micro-architectural techniques to mitigate runtime exploits and privacy-aware methods distilled by programming language runtime techniques.
Dr. Mohamed Khamis - undertakes research at the intersection of Human-Computer Interaction and Security. His research focuses on understanding threats to user privacy that are caused/facilitated by ubiquitous technologies, such as thermal attacks and shoulder surfing and inventing novel ubiquitous systems for protecting user privacy and security on mobile devices, public displays, and in VR.
Dr. Ornela Dardha - research centred around programming languages and (behaviural) types for correct and safe interaction and communication of software components in concurrent and distributed systems.
Dr. Jose Cano Reyes - works in system and algorithmic-wide properties of adversarial machine learning (ML), secure federated learning and ML-based security on edge devices.
Dr. Michele Sevegnani - research on Digital Twins as dynamic data-driven formal models enabling reasoning about the safety, reliability and predictability of location-aware, event-based, cyber-physical systems, particularly complex systems that are already deployed.
Dr. Emma Li - focuses on cyber security and privacy using behavioral biometrics in human-computer interaction, wearables, and robotic systems. For example, continuous behavioral biometric authentication via keystroke dynamics, touch screen, VR headsets, haptic controllers, etc.
Projects (active in the last 6 years)
Our research has received considerable funding from the EU, the UK Engineering and Physical Science Research Council (EPSRC), the European Network and Information Security Agency (ENISA), GCHQ/NCSC, Innovate UK as well as from industrial partners (e.g., EDF, Facebook, Raytheon, Arm).
- Dstl & CINIF / RAEng Research Chair in Digital Resilience for Critical National Infrastructure (PI: Pezaros; dates: 2023-2028; ca. £1.5m)
- COCOON: COoperative Cyber PrOtectiON for Modern Power Grids - Horizon Europe Innovation Action (PI: Pezaros; dates: 2023 - 2026; ca. £800k)
- Organisational Resilience for the Civil Nuclear Industries - EDF Energy (PI: Pezaros; dates: 2021 - 2024; ca. £100k)
- TruSDEd: Trustworthy, Software-Defined Cyberattack Detection and Mitigation at the Network Edge - PETRAS National Centre of Excellence for IoT Systems Cybersecurity (PI: Pezaros; dates: 2021-2023; ca. £350k)
- PT.HEAT: Preventing Thermal Attacks (funded by PETRAS, £177,075). PI: Mohamed Khamis. Partners: Scottish Business Resilience Centre. From 11/2021 to 04/2023
- PriXR: Protecting XR User and Bystander Privacy (funded by REPHRAIN, £79,997). PI: Mark McGill, Co-I: Mohamed Khamis. From 01/2022 to 11/2022
- AppControl: Enforcing Application Behaviour through Type-Based Constraints (EPSRC EP/V000462/1), Vanderbauwhede, 2020 -2024, £1.48m
- Capable VMs (EPSRC EP/V000349/1), Singer, 2020 2024, £469k
- TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal Imaging (EPSRC EP/V008870/1), Khamis, 2021-2023, £262k
- Emergence of cybersecurity capability across Critical National infrastructure, National Cyber Security Centre (National Cyber Security Centre - NCSC), Khamis, £140k
- Developing Pedagogy that Optimises Forensic Training in Safety Related Industrial Control Systems (National Cyber Security Centre - NCSC), Johnson, 2019 - 2020, £249k
- BehAPI: Behavioural Application Program Interface, (EU H2020), Dardha
-
Multi-Perspective Design of IoT Cybersecurity in Ground and Aerial Vehicles (MAGIC), PETRAS, Sevegnani, 2020-2022
-
Formal methods for Agritech Resilience Modelling (FARM), PETRAS, Sevegnani, 2021-2023
- Understanding and Mitigating the Security Risks of Thermal Imaging, Royal Society of Edinburgh, Khamis, £65k
- Facilitating Parental Insight and Moderation for Safe Social VR, Facebook Reality Labs, Khamis, £56k
- Process Regulation and Compliance (Scottish Enterprise, 309867-01), Omoronyia
- HutZero 6 - Transforming early-stage cyber ideas into businesses, UK Department for Digital, Cultural, Media and Sports (DCMS), Omoronyia
- Privacy Engineering for Software Designers (Innovate UK CyberSecurity Startup Accelerator Programme), Omoronyia, April - July 2019, £21k
- Border Patrol: Improving Hardware Security through Type-Aware Systems Design (EPSRC EP/N028201/1), Vanderbauwhede, February 2017 - January 2022, £638k
- Forecasting and Visualizing Safety and Security Concerns as a Consequence of Systems Changes in Air Traffic Management Networks (US Office of Naval Research), Johnson and Pezaros, September 2015 - September 2018, £192k
- Engaging with Scotland's SMEs to improve security (Royal Academic of Engineering), Renaud, September2015 - August 2016, £30k
- Cloud Security: Government clouds and incident reporting (European Network and Information Security Agency (ENISA)), Johnson, April to December 2013, £31k
- Multisensory information presentation for automotive safety systems (Freescale Semiconductor UK Ltd), Brewster, October 2012 - March 2016, £24k