short bio

Cyber Security Research Excellence Course

Tallinn University of Technology, The University of Adelaide, Hochschule Ravensburg-Weingarten & HITSA

The Objective

To strengthen Estonia's position on international cyber security research excellence.

The main purpose of this course to give students a concrete experience in academic research, academic writing and presenting their work to an international audience.

Estonia is a leader in many areas — e-governance/e-residency, with an active start-up scene etc., but is lacking in research excellence. In the world rankings, the best Estonian university (University of Tartu) was ranked at 347 and Tallinn University of Technology obtained a 600+ ranking. In order to strengthen the cyber security research profile, Estonia needs long-term collaboration with strong research-intensive universities around the globe.

This course is designed to build the basis for the brightest cyber security students to establish long-term collaborations on an international-level. The starting point for this will be solving some concrete problems in an international collaborative way.

The course is targeted at Cyber Security PhD students. However, we will also admit a few Cyber Security MSc students, who have a strong interest in pursuing an academic career, conducting research, and publishing papers. Courses like this are intended to develop towards the flagship courses of the academic side of the university's program and invite brighter minds to come to Estonia. Furthermore, by allowing MSc students to participate in this course we encourage them to understand the more academic perspective early on and then join our PhD program and thereby strengthens Estonia's Cyber Security research.

It is expected from the students that they will actively "drive" the course, set their own milestones and be responsible for their progress. Throughout the course the students will be constantly mentored on a one-to-one basis. Furthermore, the students can get help from mentors participating in this collaboration, which currently includes academics working at Adelaide University, Tallinn University of Technology, and Hochschule Ravensburg-Weingarten.

Format of the course

We will start the collaborative research with a two-week face-to-face meeting in January 2017 in Adelaide, Australia (hosted by University of Adelaide). During that time small international teams of students, with common research interests, will form. The purpose of those small groups is to have someone to actively discuss the research problem with — besides the mentors. After the workshop the participating students return home, but continue to work together on their chosen research topics using Skype, e-mail, etc. In July 2017 the students meet again face-to-face, this time in Estonia. During that meeting there is time to discuss initial research results at an Interdisciplinary Cyber Research (ICR) workshop, and sit down together to work on the problems. At the end of the year it's expected that the research efforts have lead to an academic paper draft.

For students from Tallinn University of Technology, the course will give 12 ECTS which counts towards their specialty, but the work for this should not be underestimated. For example, a 30 ECTS MSc-thesis later will look "easy" after this. ;-)

Why are face-to-face meetings required?
Bootstrapping a collaborative research process is extremely difficult when working with complete strangers. Working remotely together is already challenging enough, but some face-to-face meetings are essential in order to make people talk to each-other.

Why is the initial meeting at the University of Adelaide?
The University of Adelaide is an internationally well-known university (ranked #125 world-wide). It has a strong track-record in fundamental sciences, such as mathematics and computer science. Furthermore, there has already been ongoing collaborations and the group has been supportive for several years. For example, Matt Sorell and Nick Falkner have mentored students at the C3S summer school every year. Also the efforts of their Australian students have significantly contributed to the success of ICR in Estonia. In addition, Australia is located in the southern hemisphere, which makes January a nice period in the year.

Why is the mid-term meeting at Tallinn University of Technology in Estonia?
Estonia is a country that focuses on IT-innovation. With a fully digital government, numerous start-ups it is leading the field in many aspects. The July meeting will also include an introduction to "e-Estonia".

Time-line for 2017 course

October '16 Students decide if they want to sign-up for the course or not.
December '16 Students have selected the topic area and started literature review. This includes preparing for the research workshop in Australia.
16-27 January '17 Research-intensive bootcamp at Adelaide University in Adelaide, Australia
Spring 2017

ITC 9010 (6 ECTS)
This course consist of a weekly seminar-style meeting, where the research group discusses progress and questions arising from the work. This also includes discussions on topics such as 'how to conduct a literature review', 'research methodology', 'how to select a conference or journal', etc. It is also expected that the teams regularly catch-up with their remote colleagues over skype/hangout/etc.

March '17 Written detailed project description and also a completed literature review.
May '17 Submit a 1,000 word research abstract and initial findings to ICR.
3-7 July '17

Face-to-face project research workshop in Estonia. During that week we will also have a chance to visit Skype, e-Estonia Showroom, Mektory, NATO CCD COE, and other organizations.

8 July '17 Attending ICR & (if accepted) a presentation of ongoing research at the workshop.
10-14 July '17 C3S on Social Engineering CTF
Autumn 2017

ITC 9020 (6 ECTS)
This course again has weekly seminar-style research group meetings. In the second half we will more focus on analyzing data, writing-up a paper using latex, etc.

October '17 Poster presenting research methodology, and results.
January '18 Research paper draft ready to submit to journal or conference.

Topic Areas (DRAFT)

All students are expected to select a topic before Christmas and come well-prepared to the workshop in Adelaide. Below is a list of topics to chose from. Regarding details talk to your local supervisor.
This is currently an early draft of ideas and needs to be revised. The idea is to have a few topics, on which to create a "critical mass". Below is a list of various interests, but the list will be reduced.

  • Red-teaming & digital forensics & malware analysis
    • Analyzing malware using sandbox.pikker.ee
    • Create a methodology to analyze website links and e-mails automatically
    • Exploiting IPv6 & data exfiltration
    • passive DNS
    • Security in forensic toolkits
    • Multimedia forensics
    • Counter forensics
  • Cyber-Physical Systems & IoT
    • Securing Cyber-Physical Devices
    • Identifying potential security implications of networked cyber-physical systems
    • Security requirements in cyber physical devices
    • Forensics in cyber-physical and embedded systems
    • Topological Vulnerability Analysis
    • IoT Testbed (a "Underwriter's Lab-UL" for connectivity)
  • Competency and skill management
    • stenmap
    • learning aspects and team-dynamics at cyber security exercises.
    • pedagogical aspects of Cyber Security education and trainings.
  • Situational awareness & modelling
    • Monitoring (buzzwords here include: pcaps, syslog, Kibana/Elasticsearch, Suricata, BRO, netflow, Moloch etc)
    • Analyzing and modelling (including big data analytics, etc)
    • Data visualization (how to best perceive the data to gain situational awareness)
    This uses data from NATO CCDCOE exercises, such as LockedShields and others cyber defense exercises. Students on such topics must be "approved" by the NATO CCD COE — often this means: be a holder of a NATO-member state passport.
  • "Digital Norms on an International Stage" & privay & data protection
    • Critial Infrastructure Protection & EU-Directive 2016/1148
    • How do we modify to international treaties/agreements to reflect the digital age (e.g. Law of Armed Conflict, Geneva Convention, The Hague Accord, etc.)
    • Privacy versus security
    • Data Provinence
    • Privacy in network enabled cyber-physical systems
    • Privacy preserving digital forensic processes
  • Social-cybersecurity interaction
    • E-Governance
    • e-identity/e-residency
    • virtual embassy
    • personal data market

Expected project outcomes

  • Research abstract publication at ICR (workshop in July, abstracts due May)
  • Poster showing research results (Oct 2017)
  • Academic Research Paper draft (ready to be submitted not later than January 2018)
    Potential conferences include, but are not limited to:
  • Establishing strong international research cooperation among the participants and the participating universities on all levels
  • Establishing an international network of academic security researchers

Draft program for bootcamp workshop in Adelaide

A draft program for the two weeks in Adelaide can be found here. Note this is subject to change at any time.

Participants Webpages

Personal pages of academic mentors

Tobias Eggendorfer (Hochschule Ravensburg-Weingarten)
Nick Falkner(University of Adelaide)
Olaf Maennel (Tallinn University of Technology)
Matthew Roughan (University of Adelaide)
Matt Sorell (University of Adelaide)
Yuval Yarom (University of Adelaide)

Personal pages of supporting mentors

Kristi Ainen (HITSA)
Toomas Lepik
Heiki Pikker

Personal pages of 2017 participating students

Sten Mäses
Kaur Kullman
Mohamed Nasif
Belgin Tastan
Kadri Cahani
Kristjan Kikerpill

Olaf Maennel | skype: olaf_maennel | e-mail: om@maennel.net | 20 Oct 2016