- Homepage
- Key Information
- Students
- Staff
- PGR
- Health and Safety
- Computer Support
- National Student Survey (NSS)
- Intranet Help
- Profile
- Publications
Prof Achim D. Brucker
Chair in Cybersecurity and Trustworthy Systems
Location: Innovation Centre Phase 1 A1c
Telephone: 01392 724569
Extension: (Streatham) 4569
Group Website | Blog | Mastodon | X/Twitter | LinkedIn | Google Scholar | DBLP | ORCID
Book a Meeting:
Short Bio
Achim is a full Professor in Computer Science (Chair in Cybersecurity) and Head of the Cybersecurity Group at the University of Exeter, UK, and a leading expert in secure software engineering, cybersecurity, and formal methods. He is the head of the Cybersecurity Group at Exeter and leads the Software Assurance & Security Research Team. From December 2015 to May 2019, he was a Senior Lecturer and Consultant at the Computer Science Department of The University of Sheffield, UK.
Until December 2015, Achim was a Research Expert (Architect), Security Testing Strategist, and Project Lead in the Global Security Team of SAP SE, where, among others, he defined the risk-based security testing strategy of SAP. This strategy combines static, dynamic, and interactive security testing methods and integrates them deeply into SAP’s Secure Software Development Life Cycle. He was involved in rolling out static and dynamic application security testing tools to the world-wide development organization of SAP. Moreover, he represented SAP in OCL standardization process of the OMG.
Want to Work with Me
Industry and Academic CollaborationsI am always excited to connect with new collaborators in areas of my research (e.g., cybersecurity, information security, high-integrity systems, formal methods, software development/engineering, etc.). Collaboration can range from informal collaborations to consultancy or adivisory roles, to contracted research, to publicly (co-)funded project to direct industry engagements. Please email me to discuss details, or book a short meeting. Within the umbrella of the university, usually short term consultancy work (a few days) or long-term project (at least three, preferably six months) or co-funded PhD studentships seem to work best. But other collaboration models can also work. Do not hesitate to contact me!
Prospective PhD StudentsPlease see the section on PhD Supervision.
Advisory Roles
- Member of the Advisory Board of Anzen Technology Systems Limited (Technology and Security Adviser).
Professional Activities and Achievements
- Expert at the European Commission (EU).
- Member of the EPSRC Peer Review College.
- Member of the EPSRC Future Leadership Peer Review College.
- Member of the Tests and Proofs (TAP) conference steering committee.
- Speaker on professional security conferences such as OWASP AppSecEU.
Qualifications
- Diplom (MSc) Computer Science (Major) & Microsystems Engineering (Minor), University of Freiburg, Germany
- Dr. sc. ETH (PhD), ETH Zurich, Switzerland
- Senior Fellow (SFHEA), AdvanceHE, UK
- Full Member (MCIIS) of the Chartered Institute of Information Technology (CIISEC)
- ACM Senior Member
Academic Management and Administrative Roles
- Academic Lead Cyber Security
- QUEX Theme Lead Digital Worlds and Disruptive Technologies
- Member of the Cyber Security Assurance Working Group at the University of Exeter
- Programme Lead for the MSc in Cyber Security Analytics
Research
Achim’s research interests include cybersecurity, formal methods, security/safety engineering, and software engineering. His aim is to build secure, reliable, resilient software (and hardware systems). He works on using formal methods, verification, static analysis, and testing techniques both on the source and binary level as well as on the level of specifications and abstract models.
Examples of his work include the Isabelle/HOL-based tools HOL-OCL (a formal specification environment and theorem prover for UML/OCL specifications) and HOL-TestGen (a theorem prover-based testing environment), model-driven engineering tools (e.g., in the context of SecureUML and SecureBPMN), security testing, work in access control, mobile security and browser security, verification of security protocols, or the security of business-process-driven systems. More recently, he started to work on applying formal methods to the safety and security of deep learning systems. For a more complete overview of his research achievements, please visit his personal web page and the software assurance & security research page.
PhD Supervision
I always welcome applications from self-funded PhD students in all areas of security, safety, trustworthiness, or reliability. This includes, but is not limited to, topics in one or more of the following ares: formal methods, information security, software security, security engineering (both, software and hardware), verification, testing, and combinations thereof.
For more information about pursuing a PhD in Computer Science at the University of Exeter, please visit the postgraduate research page of the department. Each year there are also a number of studentships available, e.g., offered by the UK Research Council, the China Scholarship Council (CSC), or by the Commonwealth Scholarships Programme.
If you want to be supervised by me, please contact me at least four weeks before you apply (and before the deadline). This allows us to discuss (and maybe adapt) your research proposal. In your email (cover letter), please provide a short explanation why you want to be supervised by me, e.g.,
- For topics proposed by me: provide a brief explanation why you are interested in my proposal and what prior-knowledge of the area you have. Areas I am currently particularly interested in include (but are not limited to):
- Cyber-physical Systems for safety- or security-critical applications.
- Formal approaches to web browser security.
- Security testing or reverse engineering.
- Program analysis or fuzzing for improving the security, safety, correctness of software applications.
- Open source security and secure software supply chains.
- Theorem prover-based testing.
- Verification or testing of security or correctness properties for non-standard computing architectures (e.g., quantum computing, FPGA, GPGPU).
- Integrating Formal and Semi-Formal Aspects of System Development for Certification Processes
- Formal approaches to security and privacy.
- Trustworthy ML/AI for high-assurance Systems.
- For topics proposed by you: provide a brief explanation why I am the right person to supervise you, i.e., how does your proposal fit in my research (and where is my expertise beneficial). I also strongly recommend having a look on my publications and research. This should give you a good idea of the type of research I am interested in.
Ongoing PhD Projects
- Supervisor
- Teddy Cameron-Burke, University of Exeter, UK.
- Amy Stell, University of Exeter, UK.
- Mustafa Albalushi, University of Exeter, UK.
- Co-Supervisor / 2nd Supervisor
- Siqi Sun, University of Liverpool, UK.
- Billy Thornton, University of Exeter, UK.
- Yangjun Ma, University of Exeter, UK
Completed PhD Projects
- Supervisor
- Michael Herzberg, Formal Foundations for Provably Safe Web Components. University of Sheffield, UK, 2019.
Michael is now a Senior Security Engineer at Clearbank, UK. - Sakine Yalman. Improving Confidentiality in Inter-Organizational Collaborations. University of Exeter, UK, 2023.
- Michael Herzberg, Formal Foundations for Provably Safe Web Components. University of Sheffield, UK, 2019.
- Co-Supervisor
- Helmut Petritsch. Break-glass Access Control Policies. University of Regensburg, Germany, 2014.
Helmut is now a Software Architect at iteratec GmbH in Vienna, Austria. - Michael Foster. Reverse Engineering Systems to Identify Flaws and Understand Behaviour. University of Sheffield, UK. 2020.
Michael is now a post-doctoral research assistant at The University of Sheffield, UK.
- Helmut Petritsch. Break-glass Access Control Policies. University of Regensburg, Germany, 2014.