Carlton Shepherd

About

I research security for smartphones, smart devices, and embedded systems, focusing on the hardware–software boundary that underpins them: trusted execution environments (TEEs), hardware-assisted security mechanisms, side-channel and fault-injection attacks, and the integrity of low-level software and firmware.

I am an Assistant Professor of Cyber Security at Durham University and a Visiting Lecturer at Newcastle University, United Kingdom. I am the author of Trusted Execution Environments (Springer, 2024), the first comprehensive treatment of the field.

Prior to Durham, I was a Lecturer in Computer Science at Newcastle University and a Senior Research Fellow at the Information Security Group (ISG), Royal Holloway, University of London. I have also held applied research roles in industry, including at OneSpan's Innovation Centre in Cambridge and at Atom Bank.

I hold a Ph.D. from Royal Holloway, University of London, and a B.Sc. in Computer Science from Newcastle University. My full record is on Google Scholar and DBLP.

I also serve as an Associate Editor of the Journal of Information Security and Applications, a member of the UKRI/EPSRC Peer Review College, and a programme committee member for several international security conferences (see Service).

Media & Press

I am available to comment for journalists and media organisations on mobile and smart-device security, the Internet of Things, trusted execution and hardware security, payment and NFC security, and the security implications of AI. For timely requests, email is the fastest route — please include your outlet and deadline.

Contact: carlton.g.shepherd@durham.ac.uk

Book

I'm pleased to announce Trusted Execution Environments, published by Springer. We take a holistic view of TEEs — covering OS-level controls, containers, secure elements, the Trusted Platform Module (TPM), and modern technologies including Arm TrustZone, AMD SEV, and Intel SGX and TDX.

★★★★★ 5.0 · 4 reviews on Amazon

• Springer
• Amazon
• Barnes & Noble

News

• New Invited to the Programme Committee of ESORICS 2026.
• New New paper accepted in IEEE Transactions on Dependable and Secure Computing: Malware Patching Strategies in Edge Intelligence IoT Systems: A Differential Games Approach with Spiking Neural Networks.
• New Appointed Associate Editor of the Journal of Information Security and Applications.
• Joined the Editorial Board of Scientific Reports (Nature).
• New paper on control-flow attestation in Computers & Security — the first comprehensive look at using control-flow information for building trust in a target platform. Read the paper.
• New Python package on multi-set hashing: pymsh, implementing schemes by Clarke et al. (Asiacrypt '03).
• Awarded Fellowship (FHEA) from the Higher Education Academy in recognition of high-quality teaching and support for student experience.
• Co-investigator of one of NCSC's Academic Centres of Excellence in Cyber Security Research (ACE-CSR) at Newcastle.
• Our project Chameleon has been funded by EPSRC (~£1m) — developing a security-enhanced CPU platform that binds functional units to the device's environment, in collaboration with Essex and Manchester.
• Firmware-level side-channel attacks on Android published in IEEE TDSC: we show that sensor multiplexing can create covert channels that bypass the Android permissions system entirely.
• Black-box function recognition using hardware performance counters accepted in IEEE Transactions on Computers. We show HPCs can be used for vulnerability detection, TEE interrogation, and high-accuracy function fingerprinting. Paper PDF.
• In January 2026, I joined Durham University as an Assistant Professor of Computer Science.
• In January 2023, I joined Newcastle University as a Lecturer in Computer Science.

Collaboration & Consultancy

Prospective Ph.D. students and collaborators. I welcome enquiries from prospective Ph.D. students and academic and industry collaborators working on trusted execution, mobile and embedded security, hardware security, and side-channel and fault-injection analysis. A short note on your interests and background is the best place to start.

Industry & consultancy. I have previously undertaken consulting work and am open to selective advisory engagements and industry collaborations. Areas of expertise include mobile device security, operating systems, trusted execution environments, and security architecture. Please get in touch to discuss scope.

Grants

• CyberShip: A Portable Cyber Security Training Programme for Underserved Communities in the North East

  PI  ·  Innovate UK / CyberLocal  ·  2025–2026  ·  £45,000

• Chameleon: Dynamic Device-Unique Confidentiality and Fingerprinting

  Co-I  ·  EPSRC (EP/Y030168/1)  ·  2024–2027  ·  £783,319 total (~£250k Newcastle)

  Developing a security-enhanced CPU platform that binds functional units to the device's environment, in collaboration with the University of Essex, University of Manchester, and aerospace and security industry partners.

• Tensorcrypt: Democratising Encrypted Data Analytics

  PI  ·  Innovate UK / UKRI, CyberASAP  ·  Apr 2021–Feb 2022  ·  £73,740

  Proof-of-concept privacy-preserving machine learning platform for collaborative analytics in sensitive domains such as transaction fraud.

Service

Programme Committee member for ESORICS 2026, SecureComm 2026, IFIP SEC 2026, IFIP SEC 2025, IFIP SEC 2024, and ACM TAS 2024.

I am a member of the UKRI/EPSRC Peer Review College and have served as a grant reviewer for several international funding agencies.

I regularly review for many leading journals in security, systems, and related areas, including:

• IEEE Trans. Information Forensics & Security
• IEEE Trans. Dependable & Secure Computing
• IEEE Transactions on Computers
• IEEE Transactions on Cybernetics
• ACM Trans. Intelligent Systems & Technology
• IEEE Internet of Things Journal
• IEEE Systems Journal
• Computers & Security, Elsevier
• Journal of Cryptographic Engineering, Springer
• EURASIP J. Wireless Communications, Springer
• Journal of Systems and Software, Elsevier

Teaching

• Durham University — Blockchain and Cryptocurrencies (2025/2026)
• Module Leader: Newcastle University — Network Security and Ethical Hacking (2023/2024–2025/2026)
• Module Leader: Newcastle University — Web Technologies (2023/2024–2025/2026)
• Co-module Leader & Lecturer: Newcastle University — Advanced Topics in Cyber Security (2023/2024–2025/2026)
• Co-module Leader & Lecturer: Newcastle University — Research Methods Group Project in Cyber Security (2022/2023–2023/2024)
• Lecturer: Newcastle University — UGT System and Network Security (2024/2025–2025/2026)
• Guest Lecturer: Royal Holloway — Smart Cards, RFID and Embedded Systems Security (2019–present)

Contact

Email: carlton.g.shepherd@durham.ac.uk

Find me on X/Twitter (@carltonshep), LinkedIn, Google Scholar, and DBLP.