Open PhD topics

Apart from the topics listed below, also refer to this page for other open positions in the Cyber Security group.

Hardware security anchors: analysis and designs (2 positions)

A hardware security anchor in a computing device is a hardware feature intended to make the platform more secure than can be achieved by software alone. Examples include: TPM, Intel SGX, ARM TrustZone, and platform security processors like the Google Titan chip. We have two PhD studentships associated with an EPSRC research project on hardware security anchors. The objectives of the project are:

  • To perform thorough security evaluations on a variety of hardware security anchors or enclaves being developed and marketed for user devices such as laptops and smartphones.
  • To enhance those security mechanisms for user-centric applications. In particular, we address the challenges of user authentication in a device-rich IoT world.
  • To directly contribute to the security of tomorrow's COTS devices.
  • To provide convincing demonstrators of our mechanisms and use cases.

The project is led by Mark Ryan, Flavio Garcia and David Oswald. Our project partners HP Labs are also devoting time to the project, and the PhD students and postdocs working on the project will have the opportunity to spend time with them.

Studentship: The studentships cover a stipend for each student, and their tuition fees based on UK/EU fees. One studentship is funded by the School of Computer Science. The other one is part-funded by HP Labs and part-funded by the School of Computer Science. The project will additionally cover a laptop, equipment, software and travel to attend conferences and summer schools.

Eligibility: Candidates from most countries are welcome to apply. However, the studentship does not cover the full tuition fees for non-UK/EU students. Candidates should have a good background in computer science. One of the studentships will focus on evaluating the security of hardware anchors; suitable candidates will have a strong background in low-level hardware and programming. The other studentship will focus on authentication applications; good candidates will have a background in applied crypto, protocol design and analysis.

How to apply: There is no deadline for applying. The PhD candidate is expected to start in September or October 2019. We will process applications as they arrive until a suitable candidate is found, therefore we advise you to apply as soon as possible. To apply, please send your CV, a transcript with a list of courses and grades, and a description of your research interests to Mark Ryan, Flavio Garcia and David Oswald.

Usable Security for Medical Devices

Modern healthcare relies on a large number of intelligent, interconnected medical devices, for example pacemakers, insulin pumps, blood glucose meters, EEG monitors, etc. While these devices are specifically designed and tested to provide operational safety, the cyber security (against a malicious attacker) has been largely disregarded in the past, leading to exploits that can put a patient’s live in danger (see e.g. this paper).

In addition, even though there are countermeasures available against such attacks, implementing those is often infeasible in practice since they complicate the use of devices in practice or may affect the safety requirements. For example, in an emergency situation, a doctor needs immediate access to a patient's pacemaker and does not have time to enter a cryptographic key or password. Similarly, fail-safe mechanisms can open new attack vectors: a device may have to always accept the "emergency off" command, even if a cryptographic check fails.

The goal of the MedSec PhD project is to address the issues in securing medical devices both from a cyber security as well as a safety and usability perspective. The project will consist of three major milestones:

  1. Survey and analyse the security of real-world medical devices in order to design and prototype countermeasures against those attacks
  2. Evaluate and improve the safety and usability of the devised countermeasures for the use in real-world medical practice
  3. Develop a systematic and open framework with appropriate security mechanisms for different application scenarios, considering security, usability and safety requirements

Supervisors: The PhD is jointly supervised by Dr Oswald (UoB) and Prof Kostakos (UoM). Dr Oswald has ten years of experience in the security analysis of embedded devices and has discovered many high-impact vulnerabilities. Prof Kostakos leads the Smart Hospital Living Lab (SHLL) and will contribute his extensive experience in human-centred design in particular for medical application. The SHLL provides an ideal environment to test the devised security mechanisms under realistic conditions.

Studentship: A fully-funded studentship, which includes tax-free Doctoral Stipend of £15,009 (subject to inflationary variation) per annum, is available for Home/EU and Overseas students on this Joint PhD programme between the University of Birmingham and the University of Melbourne for October 2019 start. For students who are to be hosted by the University of Melbourne, the scholarship rate will be $AUD30,000 per annum. and will include provision for a return trip to Birmingham.

Eligibility: Candidates from most countries are welcome to apply. The studentship does cover the full tuition fees for non-UK/EU students. Candidates should have a very strong background in computer science or electrical engineering. Ideally, candidates should have prior experience in cyber security, for example penetration testing, program analysis, embedded security, or applied crypto.

How to apply: Use the PhD application page to apply for EPS/University of Melbourne Joint PhD 3.5 Years Computer Science. Note that the deadline for applications is Sunday, April 07, 2019. This is a competition funded PhD project, i.e. there are multiple other PhD projects that compete for this funding. The final selection which projects are funded will be made after applications have been received, for example based on the quality of the applicants and the match to topic and supervisors. Further information can also be found here.