Mobile menu icon
Skip to navigation | Skip to main content | Skip to footer
Mobile menu icon Search iconSearch
Search type

Department of Computer Science

Mobile phone with digital padlock

Systems and software security

Our researchers

We develop state-of-the-art algorithms, methods and protocols to address security and privacy in networked and distributed system environments, and tools to build verifiable, trustworthy software and AI/ML systems.

Our expertise covers many topics, including digital trust, security, and privacy.

The Systems and Software Security (S3) Group members have research interests, which include:

  • Develop algorithms, methods, protocols, and architecture to protect data, processes, and information-based resources to ensure trustworthiness and privacy.
  • Develop the mathematics of software, AI/ML, and system computational behaviour by studying and developing system design, verification, and validation methods.
  • Develop privacy protection mechanisms, deploying techniques such as secure computation (homomorphic encryption and multiparty computation), anonymisation, differential privacy, obfuscation, anonymous credentials, and zero-knowledge proofs.
  • Theoretical and practical aspects of cryptography and its applications, including subversion-resilient cryptography, Blockchain foundations, key-exchange protocols, advanced public-key primitives, cryptography from noisy sources, and secure multi-party computation.

Trustworthy software systems

The S3 Group has a particular strength in automating reasoning to build verifiable, trustworthy software systems formally. Members of the S3 research group have a world-leading reputation in malware and attack technologies, adversarial behaviour, security operations and incident management, cryptography, software, hardware, AI/ML and network security, privacy-enhancing technologies, software quality assurance, and how these are applied to the governance, risk management, and compliance in cyber-security. Other areas of interest include distributed and cyber-physical systems security.

Award-winning software

S3 develops award-winning software verification and testing tools, including ESBMC and JBMC. Over the last ten years, these tools have consistently won international software verification and testing competitions, focusing on security. The group has significantly contributed to software and systems verification and security: theory and implementation techniques.


The S3 Group has tight collaborations with other research groups in the CS department, including the Formal Methods (FM), Information Management (IMG), Machine Learning and Robotics (MLR), and Advanced Processor Technology (APT) groups.

The S3 group is also integral to the Trusted Digital Systems (TDS) cluster of the university-wide cross-disciplinary Centre for Digital Trust and Society (CDTS). The group provides the software security capabilities of the CDTS and the University of Manchester, in general, which has been jointly recognised as an Academic Centres of Excellence in Cyber Security Research (ACE-CSR) by the NCSC and the Engineering and Physical Sciences Research Council (EPSRC). Lastly, S3 has strong links to the industry, including recent collaborations with ARM, AWS, Ethererum, Intel, and Motorola.


Regarding teaching, the S3 group delivers Cyber Security, Cryptography, Software Security, and Systems Governance, some of which contribute to our MSc in Advanced Computer Science - Computer Security, a fully NCSC-certified degree.

Research focus:

Our research is focused on the following specialist areas:

  • cryptographic protocol
  • networked and distributed system security
  • Data and identity privacy
  • systemic view of governance in cyber resilience