Threat Modelling of IoT Devices to Model and Risk-Assess IoT Security Consistently

Applications are invited for a PhD studentship on threat modelling of IoT devices starting in October 2018. The studentship includes a stipend of approximately £ 16,777.00 plus fees (including allowance) per year for three years and half. The focus of the PhD studentship is on threat modelling of Internet of Things (IoT) devices.

Topics Internet of Things, Cyber-Security, Threat Modelling.

Research Area This PhD studentship advocates the use of formal threat modelling techniques to analyse the security of IoT devices and systems. These techniques would allow IoT manufactures to model and risk-assess IoT security in a consistent and comprehensive way. To this end, this PhD studentship is aimed, firstly, at formally describing the security state of each IoT component, and their interaction with other components and users. Secondly, it aims to formally provide a description of attackers’ capabilities, in particular their privileges and their access proximity, to model the impact of their actions on IoT devices more rigorously. Finally, it intends to exploit these threat models to perform risk analysis of IoT devices and networks using two complementary strategies: statically, to compute the likelihood of attacks based on attacker’s privileges, and dynamically, by guiding the penetration assessment to analyse the attack surface uncovered with the use of the formal threat models.

How to Apply Informal enquiries about the research project and funds should be directed to Dr Daniele Sgandurra at [Email Address Removed]. To apply please also send through your CV, covering letter and transcripts to [Email Address Removed].

Where This post is based in Egham, Surrey, where Royal Holloway, University of London is situated in a beautiful, leafy campus near to Windsor Great Park and within commuting distance from London. Royal Holloway, University of London is one of the fourteen Higher Education Institutions (HEIs) in the UK recognised by the UK National Security Centre (NCSC) as a Centre of Academic Excellence in Cyber Security Research, and only one of the two HEIs awarded with a Centre for Doctoral Training in Cyber Security.