Singapore Management University, Office of Research – The National Research Foundation (NRF) in Singapore, the United Kingdom (UK) Cabinet Office and the Engineering and Physical Sciences Research Council (EPSRC), jointly announced the launch of the Singapore-UK Joint Research in Cybersecurity to foster closer collaboration in cybersecurity research between the researchers of both countries.
The programme seeks to bring together researchers from both countries to address common challenges in cyber security, and the joint grant call is open to proposals which have the potential to strengthen knowledge and capabilities in cyber security and foster stronger research and network links between both parties.
In particular, both countries welcome projects which address shared challenges in the following areas:
· Intrusion: Malware, exploits, intrusion detection and protection;
· Data analytics: Algorithms, machine learning, privacy, trust, and personal/aggregated data issues (‘Big Data’);
· Human Factors: Usability, behaviours, incentives, and more general economic, social and legal concerns;
· Policy aspects: Issues that directly affect policy, government or business. Includes best-practices (e.g. BYoD), ownership (e.g. copyright, DRM), regulation and compliance;
· Sectors and applications (e.g. Internet of Things (IoT)): Targets the concerns of particular sectors or applications. Includes general areas such as healthcare and cities, to specific issues, e.g. smart cities, and detecting extremist activity.
The Office of Research at Singapore Management Unviersity is pleased to announce that the research proposal from Professor Robert Deng (Principal Investigator) and Associate Professor Li Yingjiu (co-Principal Investigator) was awarded the grant. Below is the summary of the proposal, and we wish them the best in their research!
COMMANDO-HUMANS: COMputational Modelling and Automatic Non-intrusive Detection Of HUMan behaviour based iNSecurity
Duration: 25 months
It has been well known that human factors are a very important aspect of cyber security, as recognised by governments all over the world, for example, in Singapore’s National Cyber Security Masterplan 2018 (2013) and in the UK Cyber Security Strategy (2011). Human related insecurity is often related to insecure human behaviours. To conduct research on human behaviours (in cyber security, psychology and other related fields), researchers normally depend on involvement of real human users via surveys, interviews, simulated scenarios, observations of real cases, interactive games, or other specially designed user studies. Such approaches are often time-consuming and costly, and suffer from other issues like limited and/or biased samples, questionable ecological validity, difficulties in reproducing results, and impossibility of running some studies due to ethical/privacy/legal concerns.
The project aims at developing the first general-purpose computational framework and supporting software tools that will enable automatic detection of human behaviour related insecurity at the Human-Computer Interaction (HCI) level without the need to involve real human users. The framework will be built on computational models of human cognitive processes, HCIs, human behaviour related attacks and (in)security metrics. The framework will be nonintrusive – instead of evaluating the running system itself, it will evaluate an abstract executable model of the system and humans involved. Removing real human users from the process allows faster and more objective inspection of potential insecurity of a given security system. The automated process can still be combined with traditional user studies to make better use of limited resources in automatically detecting potential insecurity problems deserving further manual analysis.
The framework and software tools developed in the project will help security system designers and developers, and security industry to deliver securer systems before they are released and fix more security issues after such systems are released. Policy makers and information security managers will also benefit from our work by having a way to gain more information about human-involved cyber security systems. As a natural by-product, the deliverable will also allow easier evaluation of usability of security and non-security related computer systems with an HCI.