Areas of Expertise (8)
IT Systems Protection
Professor Awais Rashid is based in the Department of Computer Science, where his research concerns the computer security of large connected infrastructures such as power supply systems, large scale manufacturing plants and water treatment systems. He also leads a national programme of research on protecting citizens online from privacy threats and online harms arising from cyber criminals. He studies why our critical infrastructure systems become vulnerable and the deception techniques used by cyber criminals. He has studied security of software and hardware systems deployed in critical services such as water supply, smart buildings and manufacturing. He has also explored different types of online crime, such as mass marketing fraud, insurance scams, fake online romances, and online grooming.
Professor Rashid is currently heading a centre training the next generation of doctoral researchers in cyber security of large-scale infrastructures. He is also directing the National Research Centre on Privacy, Harm Reduction and Adversarial Influence Online. He is heading, as editor-in-chief, an international initiative called the Cyber Security Body of Knowledge, designed to embed stronger foundations for cyber security. He is also a Fellow of the Alan Turing Institute, chairs the Scientific Advisory Board of the EPSRC-NCSC Research Institute on Science of Cyber Security and is a member of the EPSRC Digital Economy Programme Advisory Board and the Scientific Advisory Board, National Research Center for Applied Cybersecurity (ATHENE), Germany.
Media Appearances (3)
Twitter: hackers got a few accounts’ DMs. French policy toward Huawei hardens. Crooks against British sport. You and your boss should talk more.
Twitter updates the news of last week’s incident: the attackers seem to have accessed some direct messages. France’s partial permission for Huawei to operate in that country now looks like a ban with a 2028 deadline. A quiet cryptominer. The cyber threat to British sport. Awais Rashid from the University of Bristol on cyber security and remote working. John Ford from IronNet Cybersecurity with updated 2020 predictions and cyber priorities. And bosses and employees see things differently, cyberwise.
Watch: Is TikTok spying on me and should I be worried?
The Telegraph online
The video-sharing app has been downloaded more than 2 billion times but now it's under fire for the data it collects from users.
Himalayas-Born Cyber Tycoon Climbs Into World's Richest Club
“The world runs on large-scale networks and data systems that are inherently complex and highly connected," said Awais Rashid, professor of cybersecurity at the University of Bristol in England. “If we can’t protect them or be confident in their integrity, it leads to serious problems for society at large."
"So if Mr Blue Head here clicks the link...": Risk thinking in cyber security decision makingJournal ACM Transactions on Privacy and Security
Ben Shreeve, Joseph Hallett, Matthew Edwards, Pauline Anthonysamy, Sylvain Frey, Awais Rashid
Cyber security decision making is inherently complicated, with nearly every decision having knock-on consequences for an organisation’s vulnerability and exposure. This is further compounded by the fact that decision-making actors are rarely security experts, and may have an incomplete understanding of the security that the organisation currently has in place. We study the risk thinking strategies employed by teams of participants in an existing data set derived from a tabletop cyber-physical systems security game.
Automatically dismantling online dating fraudIEEE Transactions on Information Forensics and Security
Guillermo Suarez-Tangil, Matthew Edwards, Claudia Peersman, Gianluca Stringhini, Awais Rashid, Monica Whitty
Online romance scams are a prevalent form of mass-marketing fraud in the West, and yet few studies have presented data-driven responses to this problem. In this type of scam, fraudsters craft fake profiles and manually interact with their victims. Because of the characteristics of this type of fraud and of how dating sites operate, traditional detection methods (e.g., those used in spam filtering) are ineffective. In this paper, we investigate the archetype of online dating profiles used in this form of fraud, including their use of demographics, profile descriptions, and images, shedding light on both the strategies deployed by scammers to appeal to victims and the traits of victims themselves.
Skip, Skip, Skip, Accept!!! A Study on the Usability of Smartphone Manufacturer Provided Default Features and User PrivacyProceedings on Privacy Enhancing Technologies
Marvin Ramokapane, Anthony C Mazeli, Awais Rashid
Smartphone manufacturer provided default features (e.g., default location services, iCloud, Google Assistant, ad tracking) enhance the usability and extend the functionality of these devices. Prior studies have highlighted smartphone vulnerabilities and how users’ data can be harvested without their knowledge. However, little is known about manufacturer provided default features in this regard - their usability concerning configuring them during usage, and how users perceive them with regards to privacy. To bridge this gap, we conducted a task-based study with 27 Android and iOS smart- phone users in order to learn about their perceptions, concerns and practices, and to understand the usability of these features with regards to privacy.
The Good, the Bad and the Ugly: A Study of Security Decisions in a Cyber-Physical Systems GameIEEE Transactions on Software Engineering
Sylvain Frey, Awais Rashid*, Pauline Anthonysamy, Maria Pinto-Albuquerque, Syed Asad Naqvi
Stakeholders' security decisions play a fundamental role in determining security requirements, yet, little is currently understood about how different stakeholder groups within an organisation approach security and the drivers and tacit biases underpinning their decisions. We studied and contrasted the security decisions of three demographics-security experts, computer scientists and managers-when playing a tabletop game that we designed and developed.
Scoping the Cyber Security Body of KnowledgeIEEE Security and Privacy
Awais Rashid, George Danezis, Howard Chivers, Emil Lupu, Andrew Martin, Makayla Lewis, Claudia Peersman
Cybersecurity is becoming an important element in curricula at all education levels. However, the foundational knowledge on which the field of cybersecurity is being developed is fragmented, and as a result, it can be difficult for both students and educators to map coherent paths of progression through the subject. The Cyber Security Body of Knowledge (CyBOK) project (www.cybok.org) aims to codify the foundational and generally recognized knowledge on cybersecurity.