Studentship group name
Digital Resilience
Department/School
School of Computer Science and Electrical Engineering
Project Description
Attack graphs (AGs) constitute a fundamental security tool intended to depict the many ways in which an attacker may compromise assets in a computer network [1]. In particular, AGs are focused on modelling how multi-stage attacks can be carried out through a network towards the attacker’s objective. Attack graphs have been successfully used in cyber networks (i.e. IT systems) for almost two decades. However, their use in Operational Technology (OT) and Critical Infrastructure Systems requires new approaches able to properly model and analyse Cyber-Physical Systems (CPS).
CPS are characterised by a deep integration between cyber elements (e.g. network devices, algorithms, data), physical components (e.g. actuators) and processes [2]. As such, CPS environments usually expose complex networks of dependencies among cyber and physical components designed to deliver a particular task. In this project, we call Cyber-Physical Attack Graphs (CPAGs) to the class of attack graphs that are able to cover both cyber and physical aspects [3].
Objective
The objective of this research project is to investigate and address some of the challenges involved in the modelling, generation, analysis, and practical use of CPAGs for complex CPS. To do so, this project aims at leveraging previous contributions and further exploring the concept of CPAGs to cover cyber-physical attacks, analyse how an attacker can move within the network, and understand the impact that these actions may have on a cyber-physical system. This research will also provide support to further security mechanisms such as risk analysis, criticality analysis, network hardening, and security metrics for complex CPS environments and critical infrastructure systems.
Candidate profile
Candidates with a good background on security, networking, graph-theory, and/or probabilistic graphical models, will probably feel more comfortable with this project. Programming skills and/or experience with network and security tools are highly welcome.
How to apply
Open to UK and International students starting in October 2023.
Applications should be submitted via the Computer Science PhD programme page. In place of a research proposal you should upload a document stating the title of the projects (up to 2) that you wish to apply for and the name(s) of the relevant supervisor. You must upload your full CV and any transcripts of previous academic qualifications. You should enter ’Faculty Funded Competition’ under funding type.
Funding
The studentship will provide a stipend at UKRI rates (currently £17,668 for 2022/23) and tuition fees for 3.5 years. An additional bursary of £1700 per annum for the duration of the studentship will be offered to exceptional candidates.