/ research

Getting to work on Australia's security problems

One of the most valuable aspects of the SECedu partnership is the connectedness it provides between academia and the real-world security problems faced by Australian organisations.

Commonwealth Bank's security team employs a team called 'Cyber Outreach', which focuses on providing cyber security advice and resources to organisations across Australia. Conversations they routinely hold with senior business and technology leaders at governments, businesses and NGOs provides the program a broad range of insights into some of the unanswered problems in security.

UNSW's School of Computer Science and Engineering (CSE), meanwhile, is developing the next generation of security professionals and seeks to differentiate itself by providing real-world problems for its students and staff to consider.

The SECedu partnership offers scholarships at both Honours and PhD level, as well as opportunities for students to tackle security problems in teams as summer projects for which credit points can be earned towards their degree.

In recent weeks, we've collectively been mulling over some of the more intriguing security problems for students to tackle. Here's a few to consider:

  • HOW DO WE MAKE ENCRYPTED COMMUNICATIONS MORE USABLE? What are the defining design features of encryption services that are well-utilised, versus those that users find too complex? How can we design future encryption services that offer both ease-of-use and a rich set of features?

  • MEASURING RISK: What are the strengths and limitations of current approaches to measuring cyber security risk, and how do these metrics translate into security budgets at most organisations? Which metrics or risk management processes lead to the most efficient prioritisation of security programs?

  • SECURING REMOTE ACCESS TO PHYSICAL SYSTEMS: What are the most appropriate means of securing remote access to Building Management Systems for ongoing management?

  • PAYMENTS INTEGRITY: How would you re-architect payment authorisation processes for an organisation in such a way that they could assume compromise of email or accounting systems and still be protected from fraud loss?

  • PRIVACY-PRESERVING EXCHANGE OF DATA: How can organisations share data with third parties for analysis, but do so in such a way that the third party cannot access individual records?

  • WEB OF TRUST: What is the best means by which a web browser can indicate to a user that a given URL is trustworthy or not? How do we overcome the current limitation of relying on certificate authorities? Why have existing efforts to build a 'web of trust' failed to gain traction?

  • SYNCING OF PASSWORD WALLETS: How do users safely share password wallets across multiple heterogeneous devices without simply storing them in a public cloud service?

  • A TURING TEST FOR TWITTER BOTS: How do social networks determine (and mark) whether a Twitter user is a real person or a bot? (Suggested by https://twitter.com/raoulendres)

  • OVERHAULING AUTHENTICATION: A robust, distributed, usable authentication without resorting to passwords or password-like solutions. (Suggested by https://twitter.com/VS_)

Do you have more ideas to share? Send them along to SECedu [at] unsw [dot] edu [dot] au