Alyah Al Fageh 

Strategic Trade-offs in Cybersecurity and Operational Efficiency for B2B MaaS Ecosystems

This research examines the strategic and technical trade-offs between cybersecurity, operational performance, and data monetization in Business-to-Business (B2B) Mobility-as-a-Service (MaaS) environments. As MaaS platforms evolve from consumer-based models to enterprise logistics, government fleets, and corporate mobility providers, emerging challenges include privacy, system performance, and regulatory compliance.

The project develops an ontology-driven model to classify and examine key decision drivers on security architecture, efficiency boundaries, and monetization strategies. So-called emerging technologies such as federated learning, homomorphic encryption, and blockchain are evaluated based on their ability to enhance security with minimal trade-off to operational performance as well as business model scalability.

Through the synthesis of concepts from cybersecurity, mobility systems, and economic modeling, the research aims to offer a decision-support tool that helps B2B MaaS stakeholders reconcile investment in cybersecurity and profitability and efficiency in services. This is in the interest of evidence-informed policymaking and sound digital infrastructure planning for future-generation mobility systems.

Professor Theo Tryfonas (Bristol)

Dr Nikolaos Stylos (Bristol)

Endhy Aziz

Adversary Emulation for Improving Cyber Situational Awareness

My research project is aimed to improve situational awareness in cyber security through adversary emulation exercises. Whilst adversary emulation empowers organizations by combining offensive and defensive assessment approaches, it also generates detailed, contextual data - including security telemetry, real-world adversary tactics and detailed procedures, and evaluations of existing security control effectiveness. Transforming these data into the right metrics, along with other valuable attributes, will not only improve results of emulation exercises, but also provide a foundation for enhancing cyber situational awareness.

This research empirically investigates the metrics and attributes of effective adversary emulation, and explore how these data-driven insights can be integrated into security operations to improve overall cyber situational awareness. Additionally, the research seeks to develop mechanisms for projecting future states of cyber security (e.g. potential threat scenarios, attack impact, or incident) based on adversary emulation data, combined analytical models, and threat intelligence.

The research takes ideas and concepts developed within the cybersecurity practices (e.g. adversary-centric security assessment), where proactive security are important to protect critical services, and timely awareness about the situation or potential threats contributes to reducing the likelihood of attacks on critical infrastructures.

Dr Joe Gardiner (Bristol)

Dr George Oikonomou (Bristol)

Dr Joseph Hallett (Bristol)

Professor David Ellis (Bath)

Dr Katie Maras (Bath)

Professor David Ellis (Bath)

A Stronger Loving World: Trusted Research, Neo-Mercantilism, and the Mechanics of Securitization

None of us innovate in a vacuum! The way that states approach research—academic or industrial—is changing. Securing and territorializing research is no longer just a matter of prosperity, but one of national security and sovereign capacity. Because of the need to ally with friendly private actors and move against unfriendly ones, constructing this security encourages a heavily neo-mercantilist economic turn, facilitated by a process of informal alignment with researchers and research institutions. As a result, this construction process has complex political, economic, organisational, and normative components, and so is very difficult to properly analyse without a substantively interdisciplinary approach - which I hope to provide here.
This project focuses on a single case study: Trusted Research & Innovation, a UKRI programme designed to “protect the UK’s intellectual property, sensitive research, people, and infrastructure from potential theft, manipulation and exploitation.” An ambitious goal—but how achievable is it? I intend to conduct a detailed analysis of the implementation, reception, and effectiveness of Trusted Research & Innovation with the following two goals in mind:

• Primary Objective: to assess how states use partnerships with private and semi-private institutions to develop, shape and consolidate national cyber security research in academic settings, and what gives these partnerships force and binding power.

• Secondary Objective: to assess the wider impact of this partnership process, both on academic researchers and the state that is directly involved, and on wider social and economic stakeholders who might be indirectly affected.

By answering these questions through a series of interview studies, I hope to draw wider conclusions about the international currents affecting research, the uneasy construction of cybersecurity as an extension of national security, and how we as apparently apolitical researchers are connected to the aims and limitations of states. Are Trusted Research and similar initiatives working? If so, at what cost? More importantly, how should we as researchers respond to initiatives like these, and to the political pressures that provoke them?

Professor Richard Owen (Bristol)

Professor Adam Joinson (Bath)

Dr Marvin Ramokapane (Bristol)

Dr François Dupressoir (Bristol)

Privacy Threat Modelling for Marginalized and Vulnerable Populations

The marginalized and vulnerable populations are facing serious privacy threats that are impacting their lives terribly and causing the worst possible harm. These threats are primarily posed by different technologies, software applications, and social media platforms that these communities use, or interact with during their daily lives. The primary reason for this is the failure to proactively analyze these threats during the system engineering process, due to a lack of adequate privacy threat modeling techniques that can address these unique privacy threat vectors. To make privacy by design inclusive, a dedicated threat model is required that can address the privacy requirements of these user groups. It will eventually help in identifying these unique threats and help in making an informed decision for selecting the appropriate privacy-enhancing technologies for the system or technology.

Professor Awais Rashid (Bristol)

Professor Richard Owen (Bristol)

Implementing Differential Privacy: An evaluation from Developers’ Standpoint

We want to help developers to get Differential Privacy (DP) right.
Balancing privacy and utility has been an area of research when developing Privacy Enhancing Technologies (PETs) to extract valuable information from datasets while preserving privacy controllably. DP is one way to guarantee privacy and mitigate the amount of information disclosed. Existing tools for DP have usability gaps that reduce their adoption by developers. By making DP more usable, we can help drive adoption of the technique.

This PhD aims to:
1. Simplify DP concepts for developers to drive adoption.
2. Understand how DP fits with privacy and regulatory guidelines, and whether it is supported by current implementations.
3. Work out how to fit DP techniques into existing data analysis and machine learning pipelines.

Dr Joseph Hallett (Bristol) 

Dr François Dupressoir (Bristol)

Protecting older adults from online scams

Older adults are among the most overlooked and underserved groups in the field of cybersecurity. Often stereotyped as less knowledgeable about safe technology practices, they are perceived as especially susceptible to online scams and, as a result, frequently targeted by scammers. Despite this, little is understood about how older adults engage with scam attempts and how their interactions compare to those of other age groups.
This research aims to identify the factors that contribute to susceptibility to scams and how these factors are influenced by age. It examines how scams unfold and how individuals navigate them using a mixed methodology approach, including experimental designs. The findings aim to challenge prevailing assumptions, clarify differences between age groups and inform cybersecurity practices.

Professor David Ellis (Bath)

Dr Matthew Edwards (Bristol)

Digital Investigations: Strategies to Disrupt Cyber Crime as a Service

My research concentrates around Cyber Crime as a Service, specifically the strategies and techniques that law enforcement uses to bring down CaaS and the strategies and techniques criminals use to protect their operations. By examining different criminal service providers and law enforcement takedowns of these providers, a catalogue of different high level strategies and specific techniques can be formulated, and a comprehensive mapping of the CaaS ecosystem can be created. Outputs of this research include a paper on this mapping and the catalogue, a systematic literature review paper, and potential collaboration with law enforcement.

Dr Matthew Edwards (Bristol)

Dr Erik van de Sandt (Bristol)

Exploring the Impact of Hybrid-Remote Working Practices on Security Behaviours and Organisational Culture

The rapid shift towards hybrid-remote working, accelerated by the COVID-19 Pandemic, has fundamentally reshaped organisational working practices and security landscapes. Organisations now face the formidable task of re-establishing robust security measures in a decentralised organisational structure. Where employees are dispersed across infinite locations outside the traditional boundaries of system control, this decentralised, dispersed network creates a dynamic where both physical and digital aspects of the work environment intermingle, presenting new security challenges and reshaping security behaviours and culture.
Given these challenges, there is a critical need to investigate and understand the impact of hybrid and remote working on organisational cybersecurity culture and behaviours. Understanding how these changes influence security practices, employee behaviour, and the effectiveness of existing security policies is essential for developing new research capable of understanding and managing the complex nature of security and privacy in a hybrid-remote environment.

While substantial research exists in this field, these studies fail to account for the inseparable relationship between security practices and material technologies (e.g., network infrastructures), the effects of stringent controls impeding employee productivity, and the cascading impact on security behaviours and organisational cultures. This research addresses these critical gaps by offering theoretical and practical contributions to the fields of security studies, digital behaviours and organisational theories.

Professor Adam Joinson (Bath)