[riscs-proj1] FW: Collaboration Proposal

Zlateva, Tanya zlateva at bu.edu
Mon Oct 12 09:58:29 EDT 2009

I hope you are enjoying the glorious fall weather and some free time. 

Below is the reply from U Warwick on collaboration on the grant. As a
background U Warwick is ranked 6th among UK universities by the Times
(http://extras.timesonline.co.uk/tol_gug/gooduniversityguide.php ) and
short bios about Sadie Creese, Michael Goldsmith, and Paul Hopkins are
at http://digital.warwick.ac.uk/E-Security/People/ 


-----Original Message-----
From: Paul Hopkins [mailto:P.D.Hopkins at warwick.ac.uk] 
Sent: Monday, October 12, 2009 5:06 AM
To: Zlateva, Tanya
Cc: 'Sadie Creese'; Michael Goldsmith
Subject: RE: Collaboration Proposal
Importance: High

Hi Tanya,

Many apologies for the delayed reaction! 

We are very interested and we've put together some initial thoughts
below where we may collaborate, I'm sure we can develop them further if
they seem interesting and aligned?

a. Warwick are particularly interested in device forensics and formal
modelling techniques aimed at developing an understanding of the
potential attack surface on a Softphone. We are currently undertaking
some practical work and modelling research into both device forensics
and malware propagation in (*device) P2P environments. This has recently
started but we could feed this into the programme as and when it
delivers. The latter is currently being conducted in collaboration with
the complexity science institute within Warwick. 

b. Warwick are particularly interested in building on their existing
expertise in development of formal protocols for establishing secure
(*device) P2P communications without the need to depend upon TTP or PKI
services - a spontaneous form of security based on additional
out-of-band communications. 

c. Warwick are particularly interested in developing a metrics for
comparatively measuring the relative degrees of tolerance to malicious
intrusion offered by existing continuing services mechanisms, and those
designed by Boston in the course of this research. This would involve
the development of a threat model, using our professional pen-test
background, which the tolerance mechanisms would need to operate within
(where changing threat models would impact performance and relative
benefits of heterogeneous techniques).

d. Warwick are particularly interested in developing a testing and
analysis methodology aimed at validating the design of both preventative
and detective measures - based on a formal analysis at the design stage,
and a practical test at prototype (combining our high integrity and
pen-test expertise).

We have a few observations about the summary you sent us - which we
would be happy to share with you, but particularly thought that the
(TPM) Trusted Platform Modules might offer some additional opportunities
and mechanisms for security research (as many of them are now being
shipped with mobile devices). 

My last set of comments are a little more pragmatic (given the deadline
is fast approaching!) I was a little unsure of the following practical

- timeline (deadline, decision, likely start date, duration)
- budget/contracting - we were a little unclear whether this is an
opportunity for us to bid with you into the NSF or alternatively more an
intention to collaborate, with Warwick seeking its funding from UK/EU
based sources? 
- level of collaboration (are we looking to move Research Fellows
around, perhaps spending a few months at each location, joint research
meetings, or something more deeper/lighter?)
- IP rights and arrangements - who owns what - does NSF claim it all?

Again apologies for the late response - I hope its not too late.


More information about the riscs-proj1 mailing list