A person trying to log-in to a mobile phone

Strathclyde Security Research GroupAbout us

The Strathclyde Security Group is internationally known for our systems focus that bridges systems security, behavioural and legal aspects of cybersecurity research. Our five permanent members of staff are supported by five postdoctoral research associates and 23 PhD students.

Our research has been funded from a variety of sources including research councils (EPSRC, ESRC, AHRC), the European Commission, and direct investment from security organisations. Since 2006, we've received a total research income of £3.88m from these sources.

We have a dedicated member of staff (Dr William Wallace) to manage our knowledge-exchange programme and extensive links with industry, NGOs and government organisations.

The group has broad aims which cover many significant aspects in the field of computer security. We carry out practical, impact-led, security research in partnership with real-world users. Group strengths include:

  • network security
  • access control
  • verification
  • cloud security
  • analysing attacks
  • security design principles
  • human factors in security
  • privacy, anonymity & security
  • malware & intrusion analysis
  • information flow
  • software-defined networks
  • cyber-physical systems

Our strategy & vision

Four key principles underlie our research ethos that distinguish us from similar groups:

  • we focus on the ubiquitous and transformative nature of cybersecurity research spanning science, engineering, business and the social sciences
  • we draw on leading academics across these faculties, industry (large multinationals, SMEs, and start-ups), and third sector organisations (eg health providers, local government, police and armed forces)
  • the scale of its intended impact based upon around 75 companies who are already part of the Strathclyde Knowledge Exchange ecosystem
  • its focus on delivering end-to-end solutions including a strong focus on the legal, ethical and regulatory frameworks governing the use of cybersecurity

Each of the following aspects are crucial:

  • understanding the ubiquity of cybersecurity research is vital in developing the full spectrum of cybersecurity techniques as opposed to focussing on a limited sample of those techniques as often happens elsewhere
  • intersectorality is vital in ensuring cybersecurity feeds into and is informed by diverse problems so as to gauge which techniques and approaches work best in which domains
  • focussing on impact at scale is vital in ensuring our research can tackle signi cant real world problems

Taking an end-to-end approach ensures we can not only perform core cybersecurity-interventions, but can also better choose which interventions are technically and ethically appropriate, and then translate the ensuing results into bene ts for end-users. Crucially, research in the ethical, legal and regulatory framework will not only mean our results are fit-for-purpose, but also they help society fully embrace the bene fits of cybersecurity. This ubiquitous and end-to-end approach signi cantly broadens the appeal of our vision.

Examples of our recent and ongoing work of this kind include:

  • SDN security
  • malware & botnet detection
  • privacy-preserving computation
  • power networks security
  • massively parallel security defences with GPUs
  • privacy & digital anonymity in online social networks & cloud computing
  • copyright protection (adversarial) in machine-learning, covering both legal & technological approaches
  • regulation of online intermediaries
  • regulation of robots, autonomous vehicles & digital assets
  • extremist content classification
  • cultural aspects of security

Research culture

We carry out research in partnership with other academic partners including Universities of Edinburgh Newcastle, Glasgow, Abertay, Manchester, UCL, Kings College, University of Illinois at Urbana-Champaign (UIUC), Stanford University, UC Berkeley, and Princeton University.

We have hosted numerous speakers and visiting scholars from these universities as well as from Bristol, Cambridge, and Oxford. Recent industrial speakers have included the Scottish Police, NPL, Morgan Stanley, NHS Scotland, Previse, Samsung, VMWare, Juniper, among others.

We regularly conduct workshops, organise monthly reading groups, and a hacking club. Members of the group are regularly invited as visiting professors. Dr Nagaraja is an Adjunct Professor at UIUC and previously a Visiting Professor at EPFL; Dr Weir is an Adjunct Professor at Simon-Fraser University.