Staff Profile

I am a Lecturer (~Assistant Professor) in Computer Science based within the Secure and Resilient Systems group. Prior to this, I was a Senior Research Fellow at the Smart Card Centre (SCC) within the Information Security Group (ISG) at Royal Holloway, University of London. Here, I was funded at Royal Holloway through the EU Horizon 2020 EXFILES, unifying European law enforcement agencies, the private sector, and academia to develop novel data extraction and mobile security circumvention techniques. Examples include micro-architectural side-channels and fault injections against TEEs, full-disk encryption, and secure boot sequences on mobile devices.

Before academia, I worked in fintech at Atom Bank, the UK's first mobile bank; and at OneSpan, a NASDAQ-listed cybersecurity vendor, working as a research scientist developing new product offerings and enhancements at their Innovation Centre in Cambridge. I hold a Ph.D. in Information Security from the Information Security Group at Royal Holloway, University of London, and a B.Sc. in Computer Science from Newcastle University.

I am always interested in hearing from potential collaborators in the areas of:

• Mobile and embedded systems security.
• Trusted execution environments.
• Side-channel and fault injection attacks.
• New OS primitives and CPU designs for isolated execution.

Please reach out through my university email address.

For student supervisions, if these topics interest you, and you have a solid knowledge of C, assembly, applied cryptography, and operating systems, then please also get in touch with me.

My expertise lies in mobile and embedded systems security, particularly on issues at the interface of hardware and software. This includes trusted execution environments and hardware-assisted methods for enforcing secure execution; side-channel and fault injection attacks; boot-time security; and smart cards, secure elements (e.g. SIM cards) and their applications. I'm also an active member of the Linux and RISC-V communities.

I am currently co-investigator of the Chameleon project (2023-2025), which is pioneering a new class of environmentally-bound CPU designs with instruction- and data-level encryption using RISC-V as the foundational instruction set architecture. I was previously Principal Investigator of the InnovateUK Tensorcrypt project (2021-2022), which developed a new data sharing platform using trusted execution environments.

For a list of my publications, see my Google Scholar profile: https://scholar.google.co.uk/citations?user=3V6gC5MAAAAJ&hl=en&oi=ao

I am currently teaching on the following modules:

• CSC8213: Advanced Topics in Cyber Security (Co-module leader).
• CSC8215: Network Security and Ethical Hacking (Module leader).
• CSC8208: Research Methods and Group Project in Security and Resilience (Co-module leader).

I also supervise projects in system security from the M.Sc. Computer Science (Conversion Course), M.Sc. Advanced Computer Science, and M.Sc. Cyber Security programmes.

• Articles

  • Shen Y, Shepherd C, Ahmed M, Shen S, Yu S. SGD3QN: Joint Stochastic Games and Dueling Double Deep Q-networks for Defending Malware Propagation in Edge Intelligence-Enabled Internet of Things. IEEE Transactions on Information Forensics and Security 2024, epub ahead of print.
  • Shen Y, Shepherd C, Ahmed CM, Shen S, Wu X, Ke W, Yu S. Game-theoretic analytics for privacy preservation in Internet of Things networks: A survey. Engineering Applications of Artificial Intelligence 2024, 133(Part E), 108449.
  • Shen Y, Shepherd C, Ahmed CM, Yu S, Li T. Comparative DQN-Improved Algorithms for Stochastic Games-Based Automated Edge Intelligence-Enabled IoT Malware Spread-Suppression Strategies. IEEE Internet of Things Journal 2024, ePub ahead of Print.
  • Shepherd C, Kalbantner J, Semal B, Markantonakis K. A Side-channel Analysis of Sensor Multiplexing for Covert Channels and Application Profiling on Mobile Devices. IEEE Transactions on Dependable and Secure Computing 2023, 21(4), 3141-3152.
  • Shepherd C, Semal B, Markantonakis K. Investigating Black-Box Function Recognition Using Hardware Performance Counters. IEEE Transactions on Computers 2022, 72(7), 2065-2079.

• Authored Book

  • Shepherd C, Markantonakis K. Trusted Execution Environments. Berlin: Springer, 2024.

• Conference Proceedings (inc. Abstracts)

  • Kalbantner J, Markantonakis K, Hurley-Smith D, Shepherd C. ZKP Enabled Identity and Reputation Verification in P2P Marketplaces. In: 3rd International Symposium on Security and Privacy in Blockchain (SPB 2024). 2024, Copenhagen, Denmark: IEEE.
  • Rafi A, Shepherd C, Markantonakis K. A First Look at Digital Rights Management Systems for Secure Mobile Content Delivery. In: 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications. 2023, Exeter, UK: IEEE.