The University of Southampton
×
Electronics and Computer Science

Changing the rules of the game

Computer scientist Dr Toby Wilkinson’s research involves assessing the risk posed by cyberattacks. “There are two components to this – the probability of an attack happening and the impact that the attack could have – in terms of the damage it could cause,” says Toby. "This is where safety differs from security. In a safety-critical system, say an aircraft, faults tend to be random and hopefully of low probability, but attacks by humans on systems are much more targeted and intelligent: someone is actively looking for defects and how to exploit them."

This becomes a ‘game’ between the defenders and attackers of a system. “But it’s an asymmetric game: the attacker only needs to find one defect for them to get in, but the defenders need to identify all the defects to keep them out, so you need to change the rules,” says Toby. "My research involves developing ways to design the bugs out and using mathematical proofs to show that the software is correct – rather than relying on a human to do this, as the systems we are building now are too complex and people can make mistakes."

Funded by Dstl, Toby is working on a project with a manufacturer of unmanned aerial vehicles (UAVs) to validate UAV routes and prevent collisions.

"With UAVs becoming ever more widely used, it's vital that we ensure they are safe and not open to cyberattack,” says Toby. “We are developing software to monitor the decisions made by artificial intelligence to identify unsafe decisions and block them. This monitoring software will come with a mathematical proof that it is correct, giving greater confidence that the system is safe. This approach of monitoring system behaviour and blocking bad actions has an obvious application to security too."

Multidisciplinary ethos

Cyber security is a multidisciplinary issue, which requires expertise from law, psychology, education and business risk management, as well as mathematics and technology. Southampton is one of the few multidisciplinary Academic Centres of Excellence in Cyber Security Research in the country, sponsored by the UK government, and we have experts in all of these areas.

“Multidicisplinarity is a great strength of our research here at Southampton,” says Gary. “From producing our own software and hardware, through to improving the understanding of how people make decisions about risks, to the legal aspects of cyberattacks, our research is beginning to influence policy on cyber security nationally. It is my hope that through this research, we can start to regain people’s trust in the digital economy so that individuals and companies can be confident of making transactions online that are safe from cyberattack.”