Dr. Matthew Bradbury

Matthew Bradbury is a Lecturer conducting research into security, context privacy and trust assessment in resource-constrained and distributed systems.

Talks, Presentations and Events

Generalised Context Privacy

Talk, Manchester University, Manchester, UK

There has been significant effort on addressing data content threats, whether this be to data in motion, data at rest or a private release of data. However, for systems being directly observed by an adversary, risks exist in the form of information revealed by the actions a system takes and the context in which it takes them. Thus, considering the context privacy of a system is important from a holistic viewpoint. Context privacy techniques already exist in a wide range of different domains (e.g., onion routing, location privacy in ad-hoc networks), but we lack the ability to rapidly develop novel techniques when new context privacy threats are identified. To address this, privacy quantification approaches and techniques will be developed for an arbitrary system, which will subsequently be used in translators for specific systems of interest. This presentation sets out the problem and explores initial work on quantification being performed in a recently funded EPSRC project.

Safe as houses

Talk, The Cyber Briefing, Online Podcast

In this podcast I talk about a wide variety of cyber physical systems and possible threats. This includes drones and resource-constrained IoT boards that are being assembled for the Generalised Context Privacy project. In this project the core problem that is being looked at is the amount of information that cyber physical systems convey to an adversary. This podcast highlights the difference between data versus information, especially the information that an adversary gains from observations. A real challenge remains that cyber security fundamentals remain hard for organisations, so challenging threats such as these are rarely considered.

Note that says not to adjust the dials as both setting must remain at number 3, which has been crossed out and replaced with 4.

Threat Modelling Guided Trust-based Task Offloading for Resource-constrained Internet of Things

Talk, ACM Conference on Embedded Networked Sensor Systems (SenSys), Boston, USA

Resource-constrained IoT devices have traditionally been used for basic tasks such as sensing or actuating, but there is increasingly more interest in pushing complex applications closer to where digital systems interact with their environment. This presentation of a journal paper summarised work on trust-based task offloading and potential security issues wheile doing so.

Lancaster Symposium on Systems Security 2022

Event, Lancaster University, Lancaster, UK

The Lancaster Symposium on Systems Security (LS3) is a PhD student-led event (supervised by myself) which aims to bring together researchers from within Lancaster University’s System Security Group to share and explore the latest research on the security and privacy of computer systems and networks. The theme for 2022 was “Novel Challenges in System Security”, focusing on new research within the area of system security.

Lancaster Symposium on Systems Security

Generalised Context Privacy

Talk, Academic Centres of Excellence in Cyber Security Research Conference, Stratford-upon-Avon, UK

The Academic Centres of Excellence in Cyber Security Research aim to recognise the universities in the UK which are conducting world leading cyber security research. At this event members of ACE-CSRs attended and presented current and future work. In this presentation I set out the case for addressing Context Privacy in general in order to deliver the ability to rapidly respond to new Context Privacy Threats.

Matthew Bradbury presenting a slide of the presentation on potential context privacy threats to water treatment plants

Automating Threat Modelling

Talk, Lancashire Cyber Crime Conference, Blackburn, UK

The Lancashire Cyber Crime Conference was hosted by the Lancashire Constabulary and the Lancashire Cyber Foundry to assist businesses in staying safe. The Lancashire Cyber Foundry aims to support small to medium enterprises (SMEs) in the Lancashire area using digital technologies. This includes raising awareness and supporting SMEs with cyber security. In the first half of this talk I introduce SMEs to academia and the ways in which SMEs can engage and collaborate with academic researchers. In the second half of this talk I introduce threat modelling, and briefly discuss some of my past work and how some future work is allowing for greater automation of threat modelling.

Matthew Bradbury presenting the first slide of the presentation with the title Automating Threat Modelling

Wildlife Conservation: Can AI Make Poachers the Poached?

Talk, PETRAS' At The Edge series, Online Podcast

As part of my PhD I investigated approaches to reduce the usefulness of contextual information gained by an adversary monitoring a network that itself is used to monitor wildlife. In this podcast hosted by PETRASJoe Bourne, Grant Miller from ZSL and I discuss a variety of topics around wildlife protection. This included the need to consider context privacy threats in these systems and also additional uses and challenges with techniques such as machine learning.

PETRAS At the Edge Podcast

Next Generation Programmers

Talk, Virtual Event, Kazakhstan

Next Generation Programmers was an event aimed to introduce programming to young adults (14 – 17 years old) in rural Kazakhstan which was organised by Dr. Torgyn Erland. I delivered three 1 hour sessions to introduce the attendees to software development, the interesting problems that can be solved using it, and pertinent cyber security issues that the attendees were likely to encounter.

Presenting at Next Generation Programmers

Trust Trackers for Computation Offloading in Edge Based IoT Networks

Conference Presentation, IEEE INFOCOM, Virtual Event

Wireless Internet of Things (IoT) devices will be deployed to enable applications such as sensing and actuation. These devices are typically resource-constrained and are unable to perform resource-intensive computations. Therefore, these jobs need to be offloaded to resource-rich nodes at the edge of the IoT network for execution. However, the timeliness and correctness of edge nodes may not be trusted (such as during high network load or attack). In this presentation, we look at the applicability of trust for successful offloading. Traditionally, trust is computed at the application level, with suitable mechanisms to adjust for factors such as recency. However, these do not work well in IoT networks due to resource constraints. We propose a novel device called Trust Tracker (denoted by Σ) that provides higher-level applications with up-to-date trust information of the resource-rich nodes. We prove impossibility results regarding computation offloading and show that Σ is necessary and sufficient for correct offloading. We show that, Σ cannot be implemented even in a synchronous network and we compute the probability of offloading to a bad node, which we show to be negligible when a majority of nodes are correct. We perform a small-scale deployment to demonstrate our approach.

First slide of the presentation

Trust Assessment in 32 KiB of RAM: Multi-application Trust-based Task Offloading for Resource-constrained IoT Nodes

Conference Presentation, ACM Symposium of Applied Computing, Virtual Event, South Korea

There is an increasing demand for Internet of Things (IoT) systems comprised of resource-constrained sensor and actuator nodes executing increasingly complex applications, possibly simultaneously. IoT devices will not be able to execute computationally expensive tasks and will require more powerful computing nodes, called edge nodes, for such execution, in a process called computation offloading. When multiple powerful nodes are available, a selection problem arises: which edge node should a task be submitted to? This problem is even more acute when the system is subjected to attacks, such as DoS, or network perturbations such as system overload. In this presentation,a trust model-based system architecture for computation offloading is presented. The system architecture provides confidentiality, authentication and non-repudiation of messages in required scenarios and will operate within the resource constraints of embedded IoT nodes. The viability of the architecture is demonstrated with an example deployment of Beta Reputation System trust model on real hardware.

First slide of the presentation

Towards Security Minded Verification: A Case Study of Cooperative Awareness Messages

Talk, University of Coventry, Coventry, UK

I was invited to give a talk to Coventry University’s Institute for Future Transport and Cities on my work performed for FAIR-SPACE which investigated a formal verification of security properties of the generation of Cooperative Awareness Messages. One of the conclusions of this presentation was the difficulty of verifying non-functional security properties.

Matthew giving the presentation

Orbit RRI Ethical Hackathon on Cyber Security

Talk, Royal Holloway, University of London, Egham, UK

ORBIT’s aim is to promote Responsible Research and Innovation (RRI) to ensure the sustainability, acceptability and desirability of research. As part of this goal in June of 2019 they ran an Ethical Hackathon on Cyber Security of satellite systems. I was invited to give a guest talk on work applying formal verification to prove security properties of space systems being performed in the FAIR-SPACE hub. The summary of the event highlighted the depth understanding participants gained of RRI issues related to cyber security.

Matthew giving the presentation

Competitive Advantage in the Digital Economy (CADE) Forum

Event, University of Warwick in Venice, Venice, Italy

The Competitive Advantage in the Digital Economy (CADE) Forum aims to bring together academics and practitioners to discuss the challenges of the digital economy and present the latest cutting edge research. I was the Program Chair for the 2019 forum and that year the event focused on Smart Service Systems, Personal Data and Cyber Security. There were 28 speakers and 5 keynote speakers who gave presentations on a wide variety of topics. Funding to hold the event was obtained from a variety of sources, including winning funding from Warwick’s Institute of Advanced Study.

CADE Attendees

How To Stop Poachers Stealing Your Pandas

Talk, Shop Front Theatre, Coventry, UK

Pint of Science is an annual event where researchers share their work in a informal context (the pub) with the general public. The aim of these events is to inform in a relaxed environment without the pressures of a formal academic setting. This talk covered research undertaken during my PhD and included a live demonstration of members of the public using a directional antenna to find the location of a small transmitter.

Matthew with a pint in hand and a toy panda in the foreground

Warwick Postgraduate Colloquium in Computer Science

Event, University of Warwick, Coventry, UK

The Warwick Postgraduate Colloquium in Computer Science (WPCCS) is a PhD student-run event which showcases the research performed by PhD students in the Department of Computer Science at the University of Warwick. I was chair of WPCCS 2016 and a member of the programme committee for WPCCS 2017 and WPCCS 2018. Each year we received more presentations and posters submitted to the event as we tried to increase the event’s similarity to conferences PhD students would attend.

The WPCCS 2017 Programme Committee