Southampton to lead major research to curb cyber attacks on UK businesses

cyber security

Cybersecurity researchers from the University of Southampton have been awarded over £1.2M to help the tech infrastructure of UK organisations and digital devices to be more resilient to cyber attacks.

Led by Principal Investigator, Professor Michael Butler, the Holistic Design of Secure Systems on Capability Hardware (HD-Sec) project will receive funding as part of a £10M investment in nine projects by the UK government through its ‘Digital Security by Design’ programme announced by Digital Secretary, Oliver Dowden. The funding is managed by the Engineering and Physical Sciences Research Council (EPSRC).

“We have a top-class cyber security sector and together we are working hard to make sure the UK is the safest place to work, connect and live online,” said Oliver Dowden. “With government support these projects will build cutting-edge, secure technologies that will give people and businesses further confidence in our digital services and help weaken the threat of cyber attackers.”

Almost half of businesses (46 per cent) and more than a quarter of charities (26 per cent) have reported experiencing cyber security breaches or attacks in the last 12 months, according to the Cyber Security Breaches Survey 2020. The report estimates the average cost of a cyber attack on a medium or large-sized business has increased to £5,220.

Southampton’s HD-Sec solution aims to create formal methods to guide software design which will speed up the process and reduce errors and security vulnerabilities that could have been exploited by hackers. The University’s research will be guided and validated by a range of security-critical industrial case studies with support from industrial partners Airbus, Arm, Altran, AWE, Galois, L3Harris, Northrop Grumman and Thales.

“Cybersecurity threats are causing damage to business and wider society and, if left unchecked, these threats will continue to grow,” Professor Butler emphasises. “Poorly designed software is a significant source of cyber security vulnerabilities.

“Even if software has been verified correct, it is likely to be running on hardware that is vulnerable to cyber-attack because of poor memory protection,” Professor Butler continues. “Today’s open connected computing platforms allow hardware vulnerabilities to be exploited at scale and capability hardware has been proposed as an approach to reducing hardware vulnerabilities.”

Current software development practice relies heavily on an iterative ‘build-test-fix’ approach to software correctness and, while testing of software is essential, it is very time-consuming and usually incomplete, often resulting in design faults being discovered long after they were introduced in the development lifecycle – making them very expensive to fix once discovered.

“Our vision is the transformation of security system development from an error-prone, iterative build-test-fix approach to a correctness-by-construction approach whereby formal methods guide the design of software in such a way that it satisfies its specification by construction,” Professor Butler explains. “The impact of this will be to reduce overall development costs, while increasing trustworthiness, of security-critical systems.”

Prof Butler is a world-leader in the development and industrial deployment of formal engineering methods for assurance of safety and security. He is joined on the HD-Sec project by Southampton colleagues Professor Vladimiro Sassone a Professor of Cyber Security who holds a Royal Academy of Engineering Research Chair and is Director of the University’s NCSC/EPSRC Academic Centre of Excellence for Cyber Security Research; Dr Thai Son Hoang, a leading researcher in refinement-based formal methods, including Event-B; Dr Leonardo Aniello noted for his research on cyber security and distributed systems topics; and Dr Dana Dghaym who has experience of tool development and verification in railway and maritime autonomous systems.

/Public Release. The material in this public release comes from the originating organization and may be of a point-in-time nature, edited for clarity, style and length. View in full here.