Dr. Matthew Bradbury

Matthew Bradbury is a Lecturer conducting research into security, context privacy and trust assessment in resource-constrained and distributed systems.

Generalised Context Privacy

Connectivity and automation are increasingly being introduced to physical systems that previously lacked them. This introduces new threats to these systems, including by revealing sensitive information to an adversary making observations on the system and the context in which the system takes actions. Many domains (e.g., wireless sensor networks, vehicles) have independently had context privacy preserving techniques developed for these threats (e.g., onion routing, change in identity, change in behaviour).

Different privacy threats at different stages conveying information to an adversary. Context privacy threat via direct observations. Content privacy threats to data.
Example privacy threats at various stages of an arbitrary system performing actions.

Importance

Developing context privacy preserving techniques is a lengthy process and does not allow for rapid responses to novel context privacy threats. This poses a danger to users of systems which operate without suitable context privacy controls and potentially leads to sensitive operational information being revealed. This project will work towards providing a capability to “prevent and resist cyber attacks more effectively”, which was highlighted in the UK’s National Cyber Strategy 2022.

Aims

This project will:

  1. develop a suite of context privacy controls for an arbitrary system,
  2. demonstrate their efficacy via suitable quantification, and then
  3. using example systems, develop domain-specific translators such that the general context privacy techniques can applied to real-world systems.

By doing so, when novel context privacy threats are identified, only domain-specific translators need to be developed. This allows for faster and more agile responses to novel context privacy threats, thus minimising information conveyed by system actions to an adversary — protecting both the system and its users.

Using domain specific translators to apply generalised context privacy controls for various applications.
Using context privacy solutions for the general model and applying them to specific applications.

Research Questions

This research project will address how controls should be introduced on actions taken by an arbitrary system to reduce the information revealed to an adversary observing that system. This can be divided into three focused research questions:

  1. What controls are required to reduce the information an arbitrary system reveals during its operation?
  2. How should context privacy the system and the cost of providing it be quantified?
  3. How should techniques for providing context privacy on an arbitrary system be translated to a real-world system?

Information

Role: Principle Investigator

Funder: Engineering and Physical Sciences Research Council [EP/X040038/1]

Duration: January 2024 – December 2026

Links:

Talks