CSSA is established to study vulnerability discovery technologies and to build an automated analysis platform for finding known and unknown vulnerabilities.
The use of IoT devices in recent years has increased exponentially, whereas security measures regarding software have not followed pace, which has created numerous problems around the world.
For example, software vulnerabilities in Chrysler cars were discovered in July 2015 and, consequently, the company not only was forced to pay USD 105 million in penalties, but had to recall more than 1.4 million vehicles. As another example, in-flight entertainment systems in airplanes in the United States were shown to be exploitable in order to increase airplane engine thrust. This can create a major threat to passenger lives.
To cope with these software-related security issues, our center is developing a highly advanced automated analysis platform that can be easily operated even by non-experts in the area of security. Our platform can detect and remove vulnerabilities during the development stage, responding to the social demand that requires IoT devices to possess greater security.
The research team at our center is comprised of researchers from Korea University, which is the hosting organization, as well as representatives from many prominent overseas universities such as Carnegie Mellon university, Oxford university and ETH Zürich (the Federal Institute of Technology Zürich). In addition, it includes governmental representatives from KISA (Korea Internet & Security Agency).
The outstanding research teams from the aforementioned institutions participate in black-box vulnerability testing, white-box vulnerability testing, network vulnerability testing, and platform development and validation according to their respective specialized research fields. These teams actively exchange ideas in order to achieve the stated objective of developing a working platform for killing zero-day bugs during software development.
We expect that the platform can be open for public services in 2016. In addition, we hope it will contribute to improve safety in IoT-based social infrastructures. We encourage you to cultivate and express interest in the research being conducted at our center at any time.
Any suggestion for collaboration is always welcome!
Please contact and send opinion to cssakorea.ac.kr.
Development of a vulnerability analysis tool based on dynamic black-box testing & automated verification
Development of a vulnerability analysis tool based on static white-box testing & automated verification
Development of an automated analysis tool for network code and protocol vulnerabilities
Systematic verification of IoT software vulnerabilities through the integration of automated analysis technologies