Holistic design of security systems to build UK resilience to cyber attacks

Holistic design of security systems to build UK resilience to cyber attacks

Computer scientists from the University of Southampton will guide software design to help curb cyber attacks on UK businesses in a major new research programme announced by Digital Secretary, Oliver Dowden.

Researchers in Electronics and Computer Science (ECS) have been awarded over £1.2M to transform the development of tech infrastructure and digital devices to reduce errors and security vulnerabilities that could have been exploited by hackers.

The Holistic Design of Secure Systems on Capability Hardware (HD-Sec) project, led by Principal Investigator Professor Michael Butler, will receive funding from the Engineering and Physical Sciences Research Council as part of a £10M investment in nine projects by the UK government.

Oliver Dowden, Secretary of State for Culture, Media and Sport, unveiled the ‘Digital Security by Design’ programme today at London Tech Week Connects.

Almost half of businesses (46 per cent) and more than a quarter of charities (26 per cent) have reported experiencing cyber security breaches or attacks in the last 12 months, according to the Cyber Security Breaches Survey 2020.

“Cybersecurity threats are causing damage to business and wider society and, if left unchecked, these threats will continue to grow,” Michael says. “Poorly designed software is a significant source of cyber security vulnerabilities. Even if software has been verified correct, it is likely to be running on hardware that is vulnerable to cyber-attack because of poor memory protection.”

Current software development practice relies heavily on an iterative ‘build-test-fix’ approach to software correctness and, while testing of software is essential, it is very time-consuming and usually incomplete, often resulting in design faults being discovered long after they were introduced in the development lifecycle – making them very expensive to fix once discovered.

“Our vision is the transformation of security system development from an error-prone, iterative build-test-fix approach to a correctness-by-construction approach whereby formal methods guide the design of software in such a way that it satisfies its specification by construction,” Michael explains. “The impact of this will be to reduce overall development costs, while increasing trustworthiness, of security-critical systems.”

The University’s research will be guided and validated by a range of security-critical industrial case studies with support from industrial partners Airbus, Arm, Altran, AWE, Galois, L3Harris, Northrop Grumman and Thales.

The HD-Sec project is supported by ECS’s Professor Vladimiro Sassone, a Professor of Cyber Security who holds a Royal Academy of Engineering Research Chair and is Director of the University’s NCSC/EPSRC Academic Centre of Excellence for Cyber Security Research; Dr Thai Son Hoang, a leading researcher in refinement-based formal methods, including Event-B; Dr Leonardo Aniello, noted for his research on cyber security and distributed systems topics; and Dr Dana Dghaym, who has experience of tool development and verification in railway and maritime autonomous systems.