The 2018 ACE Conference
On June 27th, I had the opportunity and the pleasure of attending the 2018 Academic Centres of Excellence in Cyber Security Research (ACE-CSR) organised by the National Cyber Security Centre (NCSC). The conference is the annual gathering of UK cyber security community, involving people from government officials and academics.
The conference was held in Stratford-upon-Avon, a popular tourist destination renowned for its status as birthplace of English playwright and poet William Shakespeare.
The diversity of attending speakers, posters on exhibition and discussions were impressive, vividly demonstrated the UK national strategies for cyber security research. As the speaker from NCSC said:
in the future, nothing would change, but everything would be different. Cybersecurity nightmare or a safer world, to be or not to be, that’s has been a question in the heart of every participant.
The Conference
The two-day programme extended over cyber security knowledge, policies, research challenges, and potential solutions. The talks were mainly given by NCSC people and researchers from universities across the UK. The main focus of NCSC was the influence and future directions of cyber security research. People from NCSC provided several research challenges from UKRI, SPF, ISCF and GCRF etc., and were looking forward to applications from researchers in academia.
Like the rest of the attendees of the conference, I heard insights into current hot research topics from the following talks given by researchers from other Academic Centres of Excellence in Cyber Security Research:
(1) Cyber Security Body of Knowledge, which codifies foundations and generally recognised knowledge in cyber security, covering aspects of human, cryptography, risk management, architecture, network , law and regulations. Its principles include open and free access, transparency and so on;
(2) Cyber Security Risk Management in Complex systems, especially in the IoT context, which talked about the difficulties of cyber risk management, threat modelling (e.g. STRIED), and risk management strategies (e.g. avoid, reduce, contingency, transfer and accepts etc.), as well as the difference of risk in emerging IoT scenarios compared with traditional systems;
(3) Malicious Data Injections in Wireless Networks given by Imperial College London, talking about the physical tampering of sensors, trivial attack models, detection algorithms, identification of compromised sensors and so on.
(4) Adversarial Machine Learning, illustrating two main types of attack in machine learning algorithms — poisoning attack and evasion attack, and meanwhile specifying the corresponding mitigations strategies for these two kinds of attack through anomaly detection and feature selection, as well as the trade-off between accuracy and security.
(5) Password-Authenticated Searchable Encryption, which discusses the issues in outsourcing and retrieval of data in cloud storage. Searchable encryption enables authorised search over encrypted keywords and hides keywords from the cloud throughout. The speaker presented PAKS, a password-authenticated keyword search scheme, and the general approach to building PAKS, for example, using the combination of two techniques — password-authenticated secret sharing and symmetric searchable encryption.
Soton Cyber Security Group at the Conference
The Soton Cyber Security Group played an active role in the conference. Professor Vladimiro Sassone presented two wonderful talks, respectively on “data anonymisation” and “towards blockchain as a service”.
He blueprinted a splendid picture of current and future research work in soton cyber security group, including blockchain, data privacy, IoT and data provenance etc.
Besides, a serious game for cyber risk management — Riskio, developed by Stephen Hart, Dr. Federica Paci and Professor Vladimiro Sassone, was demonstrated at the conference and received warm participations and good comments.
Following the talks and demonstrations, together with the group we held a nice poster exhibition of research fruits.
To conclude, a couple of more pictures on the city and then venue
