Abstract Blue Image

Research

Our Research Strengths

The Cyber Security Research Centre is internationally renowned for interdisciplinary cyber security that places individuals at the heart of security decision-making. For well over a decade, the CSRC has tackled the complexities of cybersecurity research, encompassing both human and technological aspects within socio-technical systems, and the unique blend of inter-disciplinary, systems-centred and resilience-focused research on cyber security has led to a range of innovative research programmes – establishing Lancaster as a leading international centre in cyber security research. A theme-based, rather than a group-based, structure enables us to work together across the themes, with several staff contributing to multiple themes.

Research Themes

  • Cyber Security Behaviours

    Using a combination of psychology and linguistic techniques, we undertake studies of how specific individuals or groups use the Internet.

  • Cyber Security Analytics

    Our research into analytics focuses on the challenge of data synthesis, analysis and intelligence from the range of sources used to support cyber security.

  • Software & Systems Security

    We take a broad software systems perspective (code, middleware, OS) on researching software security to cover design, analysis and assessment.

  • Critical Infrastructure Security

    We perform theoretical and experimental research to increase the resilience, survivability, and dependability of critical infrastructures.

Cyber Security Behaviours

Cyber Security Behaviours

Using a combination of psychology and linguistic techniques, we undertake studies of how specific individuals or groups use the Internet, and, conversely, how we can use Internet behaviour to make inferences about an individual’s actions, both of regular users and adversaries. Examples of this include our research on the detection of insider threats, sophisticated social engineering attacks, noise-aware stylometry and mimicry in online conversations, led by CREST (Centre for Research and Evidence on Security Threats). We have a variety of configurable lab spaces for psychology experiments, monitoring equipment and observational suites to support this activity.

  • CREST

    The Centre for Research and Evidence on Security Threats (CREST) is a national hub for understanding, countering and mitigating security threats. CREST brings together the UK’s foremost expertise in understanding the psychological and social drivers of the threat, the skills and technologies that enable its effective investigation, and the protective security measures that help counter the threat in the first place. It does so within a context of significant stakeholder and international researcher engagement, and with a clear plan for sustained and long-term growth.

  • Why Johnny doesn't write secure software?

    Developing software is no longer the domain of the select few with deep technical skills, training and knowledge. A wide range of people from diverse backgrounds are developing software for smart phones, websites and IoT devices used by millions of people. Johnny is our psuedonymous for such a developer. Currently, little is understood about the security behaviours and decision-making processes of Johnny engaging in software development.

Cyber Security Analytics

Cyber Security Analytics

Data underpins evidence-based decision making however, the sheer volume of data requiring processing has moved well beyond human comprehension. Our research into analytics focuses on the challenge of data synthesis, analysis and intelligence from the range of sources used to support cyber security – such as networked devices and traces of human activity. We are currently developing new statistical approaches to detect anomalous behaviour in network traffic supported by the EPSRC/BT NG-CDI Prosperity Partnership.

  • PACTMAN

    We live in a world in which our ability to capture personal user data far exceeds our understanding of how to manage issues of trust, privacy and consent with potentially far-reaching consequences for both individuals and society. Without independent academic research in this space, we run the risk of privacy and trust being sacrificed in the rush to commercially exploit these new sensing capabilities. In this project, we will conduct pioneering interdisciplinary research to create the world's first comprehensive system for privacy and consent management in future pervasive environments, i.e. environments with a wide range of sensing capabilities.

  • NG-CDI

    An ambitious programme geared to create a radically new architecture for the UK’s internet and telecommunications infrastructure. Its strength lies in its multi-disciplinary and multi-stakeholder approach bringing together a team of internationally renowned scientists and engineers working across top universities and BT to create an agile, resilient network capable of meeting the future needs of our rapidly changing society and ensure that the UK’s digital infrastructure continues to be world leading.

Security of Cyber Physical Systems

Software & Systems Security

Software provides the essential realisation of computing services including the provisioning of their secure operations. We take a broad software systems perspective (code,middleware, OS) on researching software security to cover design, analysis and assessment. Our competencies include specification and analysis of secure code, techniques for the detection, prediction and repair of code defects, analytical and experimental techniques for robustness/security testing, and conducting security risk assessments. We are also exploring empirical software engineering techniques including the use of ML/AI techniques to support both the design and analysis for security. Examples of this work include the EPSRC FIXIE and Innovate UK PINCH projects

  • Fixie

    The Fixie project is an EPSRC funded project lead by Tracy Hall in Lancaster Uni and in collaboration with researchers at Brunel, QMUL and Stirling. The project establishes new techniques to automatically fix predicted defects in software code before testing, utilising machine learning-based defect prediction information to generate automatic fixes using Genetic Improvement.

  • MINDGARD

    Mindgard rapidly uncovers cyber threats against Artificial Intelligence. Our product empowers businesses to securely deploy their mission-critical AI within an ever-changing cyber landscape.

  • TAS-S

    The TAS Security Node’s research is centred around a seamless collaboration between fundamental cross-disciplinary security research and autonomous systems research at Lancaster and Cranfield Universities. To accomplish this vision, TAS-S utilizes interlinked cross disciplinary Research Strands (RS) to address 3 core challenge areas in autonomous system (AS) security, specifically USAGE, OPERATIONS & USERS

Critical Infrastructure Security

Critical Infrastructure Security

We perform theoretical and experimental research to increase the resilience, survivability, and dependability of critical infrastructures. We develop new approaches to systems, communications, and understanding infrastructures unique risks to develop resilient platforms to support the automation of physical processes in domains such as the nuclear industry and factories. Examples of this include the EPSRC/BT NGI-CDI Prosperity Partnership, the EPSRC Programme Grant: TOUCAN: Towards Ultimate Convergence of all Networks and Frazer-Nash: Operational Technology Management Post Cyber Incident. We have specialised in developing scalable security monitoring systems using Software Designed Networks. We have developed the first physically unclonable function based on quantum physics to support privacy and anonymisation (USAF-OSR). Our research within this theme is supported by SDN and NFV testbed facilities, an Industrial Control Systems Lab hosting real equipment found in common process control environments and an IsoLab facility providing an environment to study quantum systems in controlled conditions.

  • Next Generation Converged Digital Infrastructure

    An ambitious programme geared to create a radically new architecture for the UK’s internet and telecommunications infrastructure. Its strength lies in its multi-disciplinary and multi-stakeholder approach bringing together a team of internationally renowned scientists and engineers working across top universities and BT to create an agile, resilient network capable of meeting the future needs of our rapidly changing society and ensure that the UK’s digital infrastructure continues to be world leading.

  • TUDOR

    The TUDOR (Towards Ubiquitous 3D Open Resilient Network) project will research and develop technologies that could be used in a more open, flexible and scalable future mobile network beyond 5G and 6G. The TUDOR team will also focus on how new technologies could be used to enhance telecommunications infrastructure as 5G matures as well as understand how emerging intellectual property could contribute to global standards and skills generation in the UK.