Find out more about the cyber security research themes we focus on at Imperial along with some examples of our successes:
Research overview
- 1. Software security and the use of formal methods
- 2. Operating systems security
- 3. Security and resilience of cyber-physical systems
- 4. Network analysis, anomaly detection and security operations
- 5. Privacy
This research focuses on formal techniques for characterising and verifying system behaviour at the design stage with some projects receiving support from industry, including Google Chrome Security.
Examples include:
- Development and running of KLEE (github.io), a state-of-the-art, open-source symbolic execution engine for academia and industry users. KLEE has enabled automatic detection of bugs and security vulnerabilities.
- Imperial academics founding the startup, GraphicsFuzz, a software testing platform for graphics shader compilers. GraphicsFuzz was acquired by Google in 2018.
Imperial's cyber security researchers work to improve the security of operating systems, covering traditional, mobile, distributed and web systems across software and hardware interfaces.
We strengthen the security of operating systems by developing security mechanisms for confidential computing, capability-based, mandatory and discretionary access control systems among others.
We develop inference algorithms and model adversarial capabilities which helped us uncover design issues in popular operating systems affecting billions of users.
We research risks to cyber-physical systems and how their integrity and availability can be maintained even when partially compromised.
Projects under this theme include:
- detecting malicious data injections
- security and privacy in IoT and mobile environments
- measuring security
- identifying critical components and optimal portfolios of cyber controls
- investigating the vulnerability of sensor-enabled machine learning algorithms
- mitigating adversarial attacks
One example is the Imperial-led Art Connect/DigiPorts project. This project devised low-cost, secure IoT technology. This ground breaking technology was used in a pilot project with IMDA (Singapore), ICC and C4DTI to test the hypothesis that paper-based documents can be replaced by electronic trade documents, bringing the cost of a transaction down by 75%.
The pilot was successful deeming this “the world’s first quantum-secure cross-border electronic trade document transaction, delivering a verifiable, secure, and legally recognisable solution for future digital trade transactions”. This work takes a “significant step forward in the journey to fully digital international trade will make international trade cheaper, simpler, faster and more sustainable”.
Our research involves developing statistical techniques for building predictive models representing normal and adversarial behaviour. We also develop techniques for continuous risk assessment.
Our work contributed to IoTrim, an open-source solution to IoT security and privacy monitoring on home gateways.
Imperial’s research led to:
- Tier-1 papers in prestigious security and privacy venues including ACM Internet Measurement Conference, Privacy Enhancing Technologies Symposium, IEEE Symposium on Security and Privacy
- Achieved a top 5 spot in the global Telekom Challenge (against 180 other startups)
- Funding from InnovateUK Cyber Security Academic Startup Accelerator Programme (CyberASAP) grant (£75k), EPSRC PETRAS ISPEF Fund, Privacy Preserving IoT Security Management (PRISM, £100K), and EPSRC Impact Acceleration Award (£100K)
We develop better techniques to safely use and share data at scale.
We empirically test the robustness of privacy-preserving mechanisms by developing and carrying out attacks against anonymous systems, protocols, datasets, or machine learning models. These attacks inform the development of future practical and theoretical privacy foundations.
One Imperial research group found perceptual hashing, the algorithm at the heart of client-side scanning solutions from major mobile technology providers, to be easy to by-pass and able to do a lot more than expected.
The researchers demonstrated how the latest deep learning-based methods were equally susceptible to the attack.
In a second line of work, the group then demonstrated how perceptual hashing algorithms can be modified to include a hidden second purpose, for instance performing targeted facial recognition. Consequently, Imperial cyber security researchers have been actively involved in informing the government on the sharp limits of client-side scanning.
Read more in IEEE Xplore and Electronics Weekly.
MSc Security and Resilience: Science and Technology
We've launched a new MSc course training students in the science and technology underpinning national security.
- Open to STEM graduates and Professionals
- Full-time and Part-time study options