Contact Dr Vinh Ta
- Email: Vinh.Ta@cranfield.ac.uk
- ORCID
Areas of expertise
- Digital Forensics for Security
- Safety, Resilience, Risk & Reliability
Background
Dr. Vinh Ta is a Senior Lecturer (~Associate Professor) in Cyber Security at Cranfield University. Growing up in Europe, he holds an MSc (2008) and PhD (2014) in IT security from the Budapest University of Technology and Economics, in the CrySyS Lab, which is famous for discovering and analysing several high profile malware. He completed a postdoc at the French National Institute for Research in Digital Science and Technology (INRIA) in data privacy, and later held academic positions at University of Lancashire (2015–21) and Edge Hill University (2021–25), where he led the BSc Cyber Security, BSc Computer Science (Network, Security, and Forensic pathway), as well as MSc Cyber Security courses. He also led the MSc Cyber Security course at Edge Hill University to successfully obtain the NCSC certification in 2024. He co-led the Security and Forensic Research Lab (SAFeR) at UCLan (2019-2021), and led the Cyber Security Research Group at Edge Hill University (2021-2025). He has supervised 7+ PhD students and is a BCS member and FHEA fellow. He is research active and has been involved in more than seven EU and UK funded projects. Many of his publications appear in reputable international journals and conferences in the field, including Vehicular Communications, Computers and Security, IEEE Access, Privacy Enhancing Technologies (PETS/PoPETs). His article about England’s new contact tracing app in 2020 attracted readers accross the globe, and was featured in news websites including Yahoo News UK and Australian Times. In addition, he is the author of several security products and prototypes related to his R&D projects including DataProVe, INspiRE, ChildDataVerif, TTPCRI. Besides publishing, he has been invited to be program a committee member and reviewer of international conferences and journals, as well as member of organiser teams of conferences/workshops. His R&D interests include malware detection, cyber resilience, incident response, zero trust, AI security and security and safety for AI, data privacy and online safety. (Profile Website: https://profiles.cranfield.ac.uk/3586-vinh-ta/)
Research opportunities
I am open to collaborating with academic and industry partners on R&D and KTP projects, consultancy related strategic security/privacy by design and investment planning, as well as to supervising research students on the following areas:
- AI applications on threat intelligence and threat modelling
- Cyber resilience metrics
- Data-driven incident response strategies
- Online safety (children and young people) and Online Safety Act
- Privacy by design and GDPR
- Zero trust applications
- AI-augmented security and defence education and training
- Security, privacy and trust issues related to Internet of Things (IoT)
- Explanable and provable AI
Selected Recent Research, Projects and Tools
1. DataProVe - A prototype for verifying data protection policies and architectures is now available online on its official website (https://sites.google.com/view/dataprove/) and GitHub (https://github.com/Dataprove/Dataprovetool/). (It can be used for privacy policy design, system design, or educational purposes.)
2. ChildDataVerif - A tool that extracts features and functionalities from Android APK files and automatically creates an explainable online safety risk tree based on this. The goal is to verify safety weaknesses in online services and apps. The research behind it can be found here (https://arxiv.org/abs/2401.14713).
3. INspIRE - An Incident Response Training, Simulation and Optimisation tool (based on a collaborative research project with Lancaster University (Management Science) and SMEs, GitHub page (https://github.com/inspiretool/INspIRE)).
4. TTPCRI - A platform based on machine learning and mathematical modelling to assess real-time resilience of a computer network against recent attack campaigns. The cyber resilience monitor is similar to a "stock market index" monitor. This is a collaborative work with researchers at Volvo Group and Gartner (Demo video (https://drive.google.com/file/d/1vWLZzNQUCWlGne4z6hUgQzDBrIm-3NR_/view?usp=sharing)).
5. ProveSecAI Cyber Threat Graph Explorer - A repository of over 2000 cyber attack TTP procedures based on MITRE ATT&CK Enterprise Matrix. Website to browse the AI-generated and human-validated attack procedures (https://provesecai.github.io/TTP-Procedures/). (with thanks to Matteo Pertica, cybersecurity student). The TTP procedure graphs can be visualised for educational purposes and serve as inputs for an automatic cyber resilience assessment tool, such as TTPCRI (and potentially other threat intelligence/risk assessment tools).
Active areas:
1.
1. Security of smart vehicular systems, and smart traffic control systems.
-
- paper1, paper2, paper3, report, paper 4 (SeVeCom EU project)
2. Privacy by design: automated and formal modeling and verification of data protection policies and architectures.
-
- paper1, paper2, paper3, report1, report2, software tool (DataProVe).
3. Children-related data privacy and online safety
-
- paper1,
- a funded project called ChildDataVerif
- report1, report2
4. Zero-trust architecture-based security solutions.
-
- paper1, paper2, paper3
5. Air quality measurement based on participatory sensing.
-
- AirSenSei Porject: Air Quality Sensor Network at School for Education Purposes (Funded by the DigitalLife Centre)
6. Near optimal cybersecurity investment solutions for businesses.
-
- paper 1, toolkit (CyberOP/INspIRE)
7. Blockchain-based privacy and GDPR auditing framework.
- paper 1, verification engine code
8. TTP-based cyber resilient index.
- report 1, tool (TTPCRI)
In the past:
- Automated verification of security API . Hardware Security Modules (HSM) are indispensable in many applications, such as ATM networks, public key infrastructures, electronic ticketing in public transportation, electronic payment systems, and electronic commerce, in general. A HSM is a hardware device (including the firmware and software components) which has some tamper resistance properties, and it is used to store cryptographic keys and to perform various security-critical cryptographic operations. Besides physical tampering and side channel attacks, HSMs can also be attacked through their APIs by exploiting some design weaknesses in the API's logic. Being fully software based, this kind of attacks is much less expensive than physical and side-channel attacks, and depending on the weaknesses that are exploited, it may have devastating effects. One promising approach of API analysis is to apply some formal verification method such as those used in software engineering. We follow this approach, and propose an API verification method based on the applied pi-calculus that seems to be extremely well-suited for the formal modeling of security APIs, the precise definition of the security requirements, and the rigorous analysis of the provided security properties. We demonstrate our approach through the analysis of the SeVeCom HSM API.
- Automated security verification of firewalls. Firewalls are routinely used today to protect internal networks from attacks originating from the Internet. However, firewalls are often misconfigured leaving security holes in the defense system. As firewalls can be stateful and firewall rule sets may contain a very large number of rules, such misconfigurations are hard to discover by informal analysis. We are investigating how formal verification techniques can be used to alleviate this problem.
- Formal and Automatic security verification of secure routing protocols. Ad-hoc networks are not based on pre-defined topology, thus, before each data exchange a route discovery is accomplished. The route discovery procedures are defined by routing protocols. Numerous attacks against routing protocols have been published, in which the attacker can achieve that the honest nodes attempt to exchange data through the route that does not exist. This type of attacks is critical because they can lead to futile energy consumption and degrade the efficiency of the network.
- Query Auditing in Statistical Databases. In remote patient monitoring applications, sensor readings are collected on personal mobile device, such as a mobile phone. Third parties can then access these database sending queries to the mobile device. In order to preserve the privacy of users, the mobile device should enforce some access control policy that prevents statistical disclosure of private information. A technique to achieve this is auditing the queries and denying to respond if the response can be used to compute private information, such as the health status of the patients. The goal of the research project is to design and implement such a query auditing algorithm on a mobile platform.
- Formal and Automated Security Verification of Transport Protocols. We address the problem of formal and automated security verification of WSN transport protocols that may perform cryptographic operations. The verification of this class of protocols is difficult because they typically consist of complex behavioural characteristics, such as real-time, probabilistic, and cryptographic operations. To solve this problem, we propose a probabilistic timed calculus for cryptographic protocols along with an automatic verification method, and demonstrate how to use them for proving security or vulnerability of protocols.
Currently
- TTPCRI (ongoing, co-PI): With researchers at Volvo Group, we are working on an efficient yet comprehensive approach to quantitatively measure the effectiveness of an organisation's cyber resilience against cyber attack campaigns.
- CYBEROP (ongoing, co-PI): CyberOP is a software tool based on underpinning research that combines cyber security and optimisation, operation research areas to help businesses decide on optimal cyber security investment plans given their current infrastructure, future needs, and budget.
- ChildDataVerif (ongoing, PI): The project is related to the DataProVe project and focuses on automated compliance verification of Android applications against UK and EU regulations related to children and online safeguarding principles.
In the Past
1. AirSenSei Porject: Air Quality Sensor Network at School for Education Purposes (Funded by the DigitalLife Centre), (co-PI)
2. Digital First - ERDF (European Regional Development Fund) project (participant)
Working with SMEs (Small Medium Enterprises) in Lancashire, UK, we provide R&D services in different cyber security related areas such as web security, penetration testing, malware analysis.
1. SeVeCom: Secure Vehicular Communications EU (027795). (participant)
2. WSAN4CIP: Wireless Sensor and Actuator Networks for Critical Infrastructure Protection (EU FP7 STREP). (participant)
3. CHIRON: CYCLIC AND PERSON-CENTRIC HEALTH MANAGEMENT (EU ARTEMIS IP). (participant)
4. PARIS: PrivAcy pReserving Infrastructure for Surveillance, (EU FP7). (participant)
5. CAPPRIS - Inria Project Lab on Privacy. (participant)
Research Publications
Please check my Google Scholar Profile
Current activities
External Examiner Roles
- External examiner for MSc Computer Science (Computer Networks and Security), Staffordshire University. (2022-25)
- PhD external examiner at the University of Brighton, UK, 2023
- PhD external examiner at the University of Southampton, UK, 2021
- PhD external examiner at Teesside, UK, 2018
Conferences (part of the organizing team, event co-organiser, track chair)
- The 3rd International Conference on Decision and Game Theory for Security, GameSec 2012, Budapest, Hungary.
- The 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2013, Budapest, Hungary.
- The 8th International Conference on Computers, Privacy & Data Protection (CPDP) 2015, Brussels, Belgium.
- The 5th European Symposium on Computer and Communications, Workshop, 2023, Manchester, UK.
- The 13th International Symposium On Information And Communication Technology (SOICT, track chair of Advances in Cyber Security), 2024, Danang, Vietnam.
Journal Editorship
- Co-editor of MDIP Sensors - Special Issue "Blockchain for Security, Privacy and Trust in 6G Communication Networks", 2023.
Reviewer/Examiner Activities
- Sensors (2022)
- IET Smart Cities (2021)
- Computers and Security, Elsevier (2021)
- IEEE Access (2020).
- International Conference on Computer Science, Applied Mathematics and Applications, ICCSAMA 2016.
- AAMAS-16 workshop on Security and Multi-Agent Systems, SeMAS 2016.
- International Conference on Computer Science, Applied Mathematics and Applications, ICCSAMA 2015.
- The IEEE International Conference on Communications, ICC 2015.
- International Conference on Computer Science, Applied Mathematics and Applications, ICCSAMA 2014.
- The 23rd IEEE WETICE Conference, WETICE 2014.
- The 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2013.
- The IEEE International Conference on Communications, ICC 2013.
- Computers & Security Journal, Elsevier, COSE 2013.
- The IEEE International Conference on Communications, ICC 2012.
- The 10th International Conference on Applied Cryptography and Network Security, ACNS 2012.
- The 18th Annual Network & Distributed System Security Conference, NDSS 2011.
- Computer Communications Journal, Elsevier, COM-COM 2011.
- The IEEE Conference on Computer Communications, INFOCOM 2010.
- Journal of Communications (JCM), Academic Publisher, 2009.
- The IEEE Conference on Computer Communications, INFOCOM 2009.
- The 4th ACM International Workshop on Vehicular Ad Hoc Networks, VANET 2007.
Memberships
- British Computer Society (BCS).
- Fellow Higher Education Academy (FHEA).
Clients
- Ministry of Defence
Publications
Articles In Journals
- Jeremiah D, Rafiq H, Ta VT, Usman M, Raza M, .... (2025). NIOM-DGA: Nature-inspired optimised ML-based model for DGA detection. Computers & Security, 157
- Khan MD, Ta V-T, Rafiq H & Nnamoko N. (2025). Context-aware intrusion detection in vehicular communication networks: enhanced attack modeling and dataset. Applied Artificial Intelligence, 39(1)
- Hashem Eiza M, Thong Ta V, Shi Q & Cao Y. (2024). Secure semi‐automated GDPR compliance service with restrictive fine‐grained access control. SECURITY AND PRIVACY, 7(6)
- Alevizos L, Ta VT & Eiza MH. (2023). A Novel Efficient Dynamic Throttling Strategy for Blockchain-Based Intrusion Detection Systems in 6G-Enabled VSNs. Sensors, 23(18)
- Ta VT & Eiza MH. (2022). DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures. Proceedings on Privacy Enhancing Technologies, 2022(1)
- Alevizos L, Eiza MH, Ta VT, Shi Q & Read J. (2022). Blockchain-Enabled Intrusion Detection and Prevention System of APTs Within Zero Trust Architecture. IEEE Access, 10
- Dempsey J, Sim G, Cassidy B & Ta V-T. (2022). Children designing privacy warnings: Informing a set of design guidelines. International Journal of Child-Computer Interaction, 31
- Ta V-T & Dvir A. (2020). A secure road traffic congestion detection and notification concept based on V2I communications. Vehicular Communications, 25
- Eiza M, Okeke RI, Dempsey J & Ta V-T. Keep Calm and Carry on with Cybersecurity @Home: A Framework for Securing Homeworking IT Environment. International Journal on Cyber Situational Awareness, 5(1)
Conference Papers
Books
- Udeze S, Rafiq H, Jeremiah D, Ta V-T & Usman M. (2025). Image-Based Android Malware Detection Using Deep Learning In Advanced Sciences and Technologies for Security Applications (Part F414). Springer Nature Switzerland.
- Ta V-T, Butin D & Le Métayer D. (2016). Formal Accountability for Biometric Surveillance: A Case Study In Lecture Notes in Computer Science (9484). Springer International Publishing.
- Ta V-T & Antignac T. (2015). Privacy by Design: On the Conformance Between Protocols and Architectures In Lecture Notes in Computer Science (8930). Springer International Publishing.
- Ta V-T, Dvir A & Buttyán L. (2014). Formal Security Verification of Transport Protocols for Wireless Sensor Networks In Advances in Intelligent Systems and Computing (282). Springer International Publishing.