The Singapore’s National Research Foundation (NRF), the UK’s Cabinet Office (CO) and the UK's Engineering and Physical Sciences Research Council (EPSRC) (from here on ‘the Agencies’) are encouraging joint research activities in cyber security.
Through a single, shared process which is managed by EPSRC on behalf of the Agencies, we target to support up to three collaborations, each of which involves
leading academic researchers in the partner countries. While funding for researchers in Singapore and the UK will ultimately be provided by their respective Governments, the key to success in the call will be the identification of a programme of work which is of high scientific quality and truly collaborative.
Proposals for new projects in any area relevant to cyber security, from new or established partnerships, are welcome. We fund a balanced programme of research in which the individual projects can work together to maximise mutual benefit.
Collaborating parties will need to prepare a single, unified, proposal which describes a full programme of work in both countries. This will be submitted to the EPSRC by the UK lead organisation on behalf of the research partners in the UK and Singapore. Projects should last between 25 and 36 months, to start in Spring 2016 and end by December 2018.
Building on previous initiatives intended to foster stronger research links between Singapore and the UK, the Agencies would like to strengthen collaboration between our nations’ best cyber security researchers.
The challenges of cyber security are global and do not respect national boundaries. Solutions to the problems with which we are faced will need to be developed and implemented in a shared way to reflect this fact.
This call is open to proposals, in any area of research, which have real potential to enhance our understanding of cyber security and strengthen relationships between researchers in Singapore and the UK. In particular we welcome projects which address shared challenges in:
Intrusion: Malware, exploits, intrusion detection and protection
Data Analytics: Algorithms, machine learning, privacy, trust, and personal/aggregated data issues (‘Big Data’)
Human Factors: Usability, behaviours, incentives, and more general economic, social and legal concerns
Policy Aspects: Issues that directly affect policy, government or business. Includes best-practices (e.g. BYoD), ownership (e.g. copyright, DRM), regulation and compliance
Sectors and applications (e.g. Internet of Things (IoT)): Targets the concerns of particular sectors or applications. Includes general areas such as healthcare and cities, to specific issues, e.g. smart cities, and detecting extremist activity.
The inaugural Singapore-UK Joint Grant Call for Cybersecurity Research was launched in May 2015, and will focus on strengthening knowledge and capabilities in cyber security, as well as fostering closer collaboration in cybersecurity research between researchers from Singapore and UK. A total of 22 proposals were received when it closed in July 2015.
The proposals were evaluated jointly by cybersecurity experts of both countries, before the final six projects were selected. These are:
1. Security and Privacy in Smart Grid Systems: Countermeasure and Formal Verification
Data privacy is an issue, especially when it comes to two mutually-distrusting parties. This project aims to allow users to be signed up with a Trustworthy Remote Entity, and have a high degree of confidence that their data is not going to get in the hands of someone who might use it against them.
The project aims to analyse and enhance the security and privacy in smart grid systems, which refers to electrical grids that manages electricity demand in a more sustainable and economic manner.
In smart grid systems, data has to be privacy-sensitive as personal information can be inferred from energy usage traces. For instance, consumers might not want their energy providers to be able to infer when their house is unoccupied, based on amount of energy being used at any point in time.
The project will focus on the interactive strategies and systems in smart grid. It aims to design and implement a high-assurance, security and privacy enhancing communication architecture from the field of trusted computing technologies. Trusted computing technology sees a computer consistently behaving in expected ways, through enforcement by loading the hardware with a unique encryption key that cannot be accessed by the rest of the system.
The University of Oxford and the National University of Singapore will collaborate on this research.
2. Vulnerability Discovery using Abduction and Interpolation
A security engineer can easily find out whether or not there is a vulnerability point in the program with an algorithm. However, as source is often unavailable to a security engineer, it is necessary to answer these problems by examining the binary.
This project is about performing analysis over machine code, as opposed to human-written programs, to find vulnerabilities in the code that leaves it open to security attacks. This is done through generating a mathematical formulation of the problem, which can be implemented in practical ways.
This project seeks to develop theoretical foundations as well as practical techniques for providing security engineers with automatic tools, which will help to detect security vulnerabilities in binary code.
Techniques from Artificial Intelligence and Theorem-Proving, called Abduction and Interpolation, will be used. This involves deducing general properties from a given mathematical formula that entails certain properties. These formulas describe bit vector strings, as they provide the underlying description of machine code. The properties of interests are those that indicate that an attack is possible.
The university of Kent and National University of Singapore will work together on this project.
3. Computational Modelling and Automatic Non-Intrusive Detection of Human Behaviour-based Insecurity
This project aims to prove that human behaviour related insecurities in cyber security can be detected automatically, by applying human cognitive models. The project will apply human understanding and thought process in order to model and simulate humans involved in security systems. This will then support automated detection by developing general-purpose computational framework, with supporting software tools.
It will focus on human user authentication systems, and produce new knowledge on the role of human behaviours in such systems and security systems in general.
Software framework and new knowledge of human behaviours can also help address other challenges, such as detection of intruders or extremists which requires knowledge of how they behave. The project will demonstrate the usefulness of the proposed framework. The framework will be applied to selected human user authentication systems to automatically discover or rediscover known and unknown human behaviour related attacks.
This will be worked on by the University of Surrey and Singapore Management University.
4. Machine Learning, Robust Optimisation and Verification: Creating Synergistic Capabilities in Cybersecurity Research
Organisations are faced with ever-growing number of malware and integrated malware attack tools, attempted attacks on infrastructure and services as well as insider attacks and advanced persistent threats for high-priced assets. As there are too many potential vulnerabilities in a system, cyber security decision-makers cannot address every vulnerability.
This project, bringing together research leaders in machine learning, robust optimisation, verification and cybersecurity, aims to provide the decision makers with a way to represent the systems and services in a principled manner, so as to facilitate making good operational or strategic decisions to ensure cyber security.
The project will investigate new approaches for modelling and optimisation by which cybersecurity of systems, processes, and infrastructures can be more robustly assessed, monitored, and controlled in the face of unpredictable and strict uncertainty. Strict uncertainty relates to threats which little or no historical information is available, making it impossible to estimate probability.
The project will also focus on the areas of privacy as new forms of privacy-preserving data analytics will be created and new approaches to decision support that respect privacy considerations are being developed.
This project is a collaboration between Imperial College and the National University of Singapore.
5. Security by Design for Interconnected Critical Infrastructures
Computers are often connected to each other through the use of wired or wireless communications. This connectivity has been accelerated by the need for remote maintenance capability, regular system upgrades, and integrated monitoring of complex systems including critical infrastructure. Such connectivity has led to a significant increase in the interdependence of critical infrastructures, such as power, water, and transport, especially from the cyber security point of view. Thus, a cyber attack on one infrastructure might lead to cascading effects that may cause abnormal behaviour of connected infrastructure. For instance, when the SACDA system in one infrastructure is attacked, its impact might propagate beyond this infrastructure to other connected infrastructures. Such propagation might be via the communications network or by loss of some utility, e.g., power, provided by the attacked infrastructure.
The research project aims to advance the state of the art in the design of secure interconnected public infrastructures through the concept of Security-by-Design. This collaboration aims at creating and evaluating new methods and prototype tools that would bring cyber security to the design stage of public infrastructures. The new design methodology so developed will examine infrastructure connectivity at the design stage of a system rather than after a system is built. With the help of power and water testbeds available at SUTD, this collaborative research will study the impact and response across interconnected infrastructures to improve system resilience to cyber-attacks.
This is a collaboration between Imperial College and Singapore University of Technology and Design.
6. Cyber Security Solutions for Smart Traffic Control Systems
Traffic systems are among the key national strategic infrastructures that have to be protected at the highest security levels, as they are essential to daily lives. For instance, criminals can potentially infect the traffic system with malicious software that can cause heavy traffic on roads, in order to block law enforcement and providing an escape route. Terrorists can also hack into the traffic system to create chaos in traffic during acts of terror, thus amplifying the number of victims.
The project aims to develop a solution framework that can efficiently tackle the various cyber security vulnerabilities of smart traffic control systems. The project’s solution will provide real-time suggestions about how to manage traffic controlling system and allocating security resources by understanding attackers’ strategies in real-time.
This is a research project between the University of Southampton and Nanyang Technological University.
Read press release