This project deals with the prevention and mitigation of attacks on digital assets. Digital assets include accounts of financial or functional value and business-critical data elements such as customer, employee and financial data.
Studentship group name
School of Computer Science and Electronic Engineering
The main issue addressed in this project is that the security of a digital asset depends not only on the service provider’s security measures, such as cryptography, security protocols, authentication and authorisation, but also on its connections to the owner’s devices, applications, services and other digital assets which we refer to as a digital ecosystem.
To protect a digital asset we must therefore protect the security and resilience of the asset’s entire ecosystem. In prior work  we developed a methodology to model users’ account ecosystems as directed hypergraphs, visually represented by edge-coloured directed graphs which we called account access graphs. We formally defined schemes to evaluate various security and availability properties and employed them in a user study  to find security weaknesses in our participants’ account ecosystems.
The objectives of this project are to (1) generalise our existing formal model of users’ account ecosystems to include access relations relevant to enterprises and (2) develop algorithms that support the account graph elicitation process, provide bespoke guidance on how to improve the security of an account graph, help recover from security breaches and support the maintenance of account graphs as the modelled ecosystem evolves.
 Sven Hammann, Sasa Radomirovic, Ralf Sasse, David A. Basin: User Account Access Graphs. CCS 2019: 1405-1422
 Sven Hammann, Michael Crabb, Sasa Radomirovic, Ralf Sasse, David A. Basin:
"I'm Surprised So Much Is Connected". CHI 2022: 620:1-620:13
Candidates should ideally have a background in one or more of the following areas: formal modelling, formal verification, graph theory, discrete mathematics.
How to Apply
Applications should be submitted via the Computer Science PhD programme page. In place of a research proposal you should upload a document stating the title of the projects (up to 2) that you wish to apply for and the name(s) of the relevant supervisor. You must upload your full CV and any transcripts of previous academic qualifications. You should enter ’Faculty Funded Competition’ under funding type.
The studentship will provide a stipend at UKRI rates (currently £17,668 for 2022/23) and tuition fees for 3.5 years. An additional bursary of £1700 per annum for the duration of the studentship will be offered to exceptional candidates.