Carlton Shepherd

About

I am an Assistant Professor of Computer Science at Durham University, United Kingdom. My research focuses on the security of mobile and embedded systems, with particular emphasis on trusted execution environments (TEEs), hardware-assisted security mechanisms, side-channel and fault injection attacks, and the integrity of low-level software and firmware. I am the author of Trusted Execution Environments (Springer, 2024), the first comprehensive treatment of the field.

Prior to Durham, I was a Lecturer in Computer Science at Newcastle University and a Senior Research Fellow at the Information Security Group (ISG), Royal Holloway, University of London. I have also held applied research roles in industry, including at OneSpan's Innovation Centre in Cambridge and at Atom Bank.

I hold a Ph.D. from Royal Holloway, University of London, and a B.Sc. in Computer Science from Newcastle University. I welcome enquiries from prospective Ph.D. students and research collaborators, and from journalists or media organisations seeking comment on mobile security, IoT security, and related topics — please write to carlton.g.shepherd@durham.ac.uk.

Book

I'm pleased to announce Trusted Execution Environments, published by Springer. We take a holistic view of TEEs — covering OS-level controls, containers, secure elements, the Trusted Platform Module (TPM), and modern technologies including Arm TrustZone, AMD SEV, and Intel SGX and TDX.

• Springer
• Amazon
• Barnes & Noble

News

• New Invited to the Programme Committee of ESORICS 2026.
• New New paper accepted in IEEE Transactions on Dependable and Secure Computing: Malware Patching Strategies in Edge Intelligence IoT Systems: A Differential Games Approach with Spiking Neural Networks.
• New Appointed Associate Editor of the Journal of Information Security and Applications.
• Joined the Editorial Board of Scientific Reports (Nature).
• New paper on control-flow attestation in Computers & Security — the first comprehensive look at using control-flow information for building trust in a target platform. Read the paper.
• New Python package on multi-set hashing: pymsh, implementing schemes by Clarke et al. (Asiacrypt '03).
• Awarded Fellowship (FHEA) from the Higher Education Academy in recognition of high-quality teaching and support for student experience.
• Co-investigator of one of NCSC's Academic Centres of Excellence in Cyber Security Research (ACE-CSR) at Newcastle.
• Our project Chameleon has been funded by EPSRC (~£1m) — developing a security-enhanced CPU platform that binds functional units to the device's environment, in collaboration with Essex and Manchester.
• Firmware-level side-channel attacks on Android published in IEEE TDSC: we show that sensor multiplexing can create covert channels that bypass the Android permissions system entirely.
• Black-box function recognition using hardware performance counters accepted in IEEE Transactions on Computers. We show HPCs can be used for vulnerability detection, TEE interrogation, and high-accuracy function fingerprinting. Paper PDF.
• In January 2026, I joined Durham University as an Assistant Professor of Computer Science.
• In January 2023, I joined Newcastle University as a Lecturer in Computer Science.

Grants

• CyberShip: A Portable Cyber Security Training Programme for Underserved Communities in the North East

  PI  ·  Innovate UK / CyberLocal  ·  2025–2026  ·  £45,000

• Chameleon: Dynamic Device-Unique Confidentiality and Fingerprinting

  Co-I  ·  EPSRC (EP/Y030168/1)  ·  2024–2027  ·  £783,319 total (~£250k Newcastle)

  Developing a security-enhanced CPU platform that binds functional units to the device's environment, in collaboration with the University of Essex, University of Manchester, and aerospace and security industry partners.

• Tensorcrypt: Democratising Encrypted Data Analytics

  PI  ·  Innovate UK / UKRI, CyberASAP  ·  Apr 2021–Feb 2022  ·  £73,740

  Proof-of-concept privacy-preserving machine learning platform for collaborative analytics in sensitive domains such as transaction fraud.

Service

Programme Committee member for ESORICS 2026, SecureComm 2026, IFIP SEC 2026, IFIP SEC 2025, IFIP SEC 2024, and ACM TAS 2024.

I regularly review for many leading journals in security, systems, and related areas, including:

• IEEE Trans. Information Forensics & Security
• IEEE Trans. Dependable & Secure Computing
• IEEE Transactions on Computers
• IEEE Transactions on Cybernetics
• ACM Trans. Intelligent Systems & Technology
• IEEE Internet of Things Journal
• IEEE Systems Journal
• Computers & Security, Elsevier
• Journal of Cryptographic Engineering, Springer
• EURASIP J. Wireless Communications, Springer
• Journal of Systems and Software, Elsevier

Teaching

• Durham University — Blockchain and Cryptocurrencies (2025/2026)
• Module Leader: Newcastle University — Network Security and Ethical Hacking (2023/2024–2025/2026)
• Module Leader: Newcastle University — Web Technologies (2023/2024–2025/2026)
• Co-module Leader & Lecturer: Newcastle University — Advanced Topics in Cyber Security (2023/2024–2025/2026)
• Co-module Leader & Lecturer: Newcastle University — Research Methods Group Project in Cyber Security (2022/2023–2023/2024)
• Lecturer: Newcastle University — UGT System and Network Security (2024/2025–2025/2026)
• Guest Lecturer: Royal Holloway — Smart Cards, RFID and Embedded Systems Security (2019–present)

Contact

Email: carlton.g.shepherd@durham.ac.uk

Find me on X/Twitter (@carltonshep) and LinkedIn.