Cohort 2024 Projects

Security, Privacy, and Consent in FemTech Apps

My research focuses on security, privacy, and consent in Female Technology (FemTech) systems, such as period or menopause tracking apps like Flo. FemTech aims to empower women through personalised health insights, but it often collects large amounts of sensitive data, such as information about reproductive health, sexual activity, and mood. These data are sometimes shared with third parties in opaque ways, creating complex data networks where users have little control or understanding. This can lead to privacy risks as well as emotional, social, or even physical safety concerns, especially in sensitive legal or domestic situations.

My research explores why consent mechanisms in FemTech often fail to protect users. I study the technical, design, and transparency barriers that make it hard for users to give meaningful consent. The goal is to expose the gap between what users expect and what actually happens to their data, and to help build safer and more trustworthy digital health systems.

Dr Marvin Ramokapane (Bristol)

From Privacy Poverty to Privacy Justice: A Framework for Sex Work and Beyond

I will draw from Amartya Sen’s capability approach to construct a framework to measure privacy poverty among sex-workers. This will allow systematic formulation of a list of minimum privacy provisions that sex-workers must possess to live a dignified life. This will be the first evidence base to mandate PETs policies for sex-workers, like accessibility guidelines for buildings. The framework will be presented at an appropriate abstraction to allow its adaption for other marginalised groups.

Dr Partha Das Chowdhury (Bristol)

Dr Joanna Syrda (Bath)

Mapping the Intersection of Offender Psychology and Platform Design: How Digital Affordances Facilitate Online Child Grooming

The ubiquitous integration of platforms like Roblox and Discord into children's social lives has amplified the risk of online sexual exploitation. Despite platform safety claims, repeated cases of grooming and exploitation highlight substantial gaps, revealing how offenders strategically exploit technological features. This PhD research addresses the critical nexus between offender psychology, manipulative tactics, and platform digital affordances (e.g., anonymity, persistent communication, immersive interaction).
The study aims to move beyond viewing platforms as mere hosts for exploitation, focusing instead on how their design features are actively co-opted. A mixed-methods approach will analyze legal records, academic case data, and online environment dynamics to establish offender typologies and map their interactions with specific affordances.

Dr Catherine Hamilton-Giachritsis (Bath)

Dr Olivia Brown (Bath)

Community Resilience to Attacks from Multi-Agent AI

Research into the deployment of AI agents into online communities is increasing, with rising investment supporting their autonomous deployment across industry. This alongside progress enabling agents to collaborate through conversation, suggests the likely formation of networks where AI and humans interact. Yet, the potential social harms of these multi-agent systems remain understudied.

This research aims to understand the risks and vulnerabilities that can arise in networks of humans and LLMs. This may include LLMs colluding or competing with one another at the expense of humans, or humans changing their group behaviours and trust networks. The work aims to inform the 'evidence dilemma' in policy-making, where harms of new technology are not evidenced quickly enough before the technologies are deployed. The research also seeks to test interventions and mitigations for any harms that may emerge.

Dr Matthew Edwards (Bristol)

Dr Janina Hoffmann (Bath)

Strategies for the secure and efficient implementation of a changing cryptographic landscape

Cryptographic engineering bridges the gap between the theory and the practice of cryptography. It sits at the boundary of two transitioning fields; increasingly complex mathematical constructions need mapping onto a fragmentary array of available hardware. Fortunately, there are commonalities across the various mathematical constructions - basic building blocks, called primitives, that are shared amongst several schemes - and, similarly, across the implementation techniques employed. This PhD aims to investigate and improve the strategies employed to securely and efficiently implement cryptography in software.

Dr François Dupressoir (Bristol)

Ms Wrenna Robson (Bristol)

Dr Daniel Page (Bristol)

Achieving Cyber-Resilience Through Cross-Boundary Inter-SIEM Integration

The recent past has experienced a proliferation of information systems aimed at automating processes and increasing output. However, this expansion has not only provided malicious attackers with a larger attack surface to exploit, but the threats extend to component failures, and acts of nature. As such, there’s a growing need to make these systems cyber-resilient, and preparing for all eventualities allows the world to better embrace uncertainty, and resilience enables the governance of that uncertainty.

Considering the sea of cybersecurity tools that exist, Security Information and Event Management System (SIEMs) became of particular interest as it offers single-pane-of-glass monitoring which involves consolidating data and information from various sources and providing a comprehensive view of an organisation’s infrastructure. However, for cyber resilience to be truly effective, SIEMs must be integrated across organizational and infrastructural boundaries. This presents a conundrum that this research seeks to address.

Professor Awais Rashid (Bristol)

Secure Post-Quantum Era for Everyone: Migration to Post-Quantum Cryptography in Small and Medium Enterprises

The quantum computing industry is expected to produce sufficiently powerful machines to threaten most of the widely deployed cryptosystems in the proximate future. While predictions on whether and when this will happen are probabilistic and non-unanimous, governments mandating transition to new, supposedly quantum-resistant, cryptographic algorithms have turned what could seem an anticipatory caution against an hypothetical threat into a tangible compliance requirement.

In particular, the UK National Cyber Security Centre (NCSC) expects all enterprises to develop a detailed migration plan by 2028 and fully transition their high-priority assets by 2031. It is not a matter of 'if', nor 'when': it is a matter of 'how'.

While some transitions will happen straightforwardly, others will not - requiring a massive holistic effort: technical, economical, and organizational.

A suite of Assured Cyber Security Consultancy (ACSC) companies will assist UK enterprises in this migration endeavour, but the accessibility limitations for some organizations caused by the cost of these high-profile services and the non-exhaustiveness of use-cases of current standardized protocols, requires ongoing case-based research.

This research project, aware of the limitations of the "pipeline approach" of cryptographic design patterns - which falsely assume that cryptographic artifacts will naturally trickle down to satisfy every needs - commences where the migration effort is supposed to terminate: with small and medium enterprises. In particular, the technical cryptographic research of protocol design is subordinated and instructed upon a socially-driven elicitation and study of concrete barriers to migration.

Dr Chloe Martindale (Bristol)

Sofia Celi (Honorary Industrial Fellow in Cryptography for Privacy at Bristol)

Dr Ola Michalec (Bristol)

Dr Sana Belguith (Bristol)

Dr Stanislav Abaimov (Bristol)

Dr Joanne Hinds (Bath)

Dr James Fletcher (Bath)

Professor Adam Joinson (Bath)