Topics

topic

CSSA is conducting joint research internationally to develop an automated analysis platform to discover known and unknown vulnerabilities of software in the form of source code, binary programs and network services.

Carnegie Mellon University, Oxford University, ETH Zürich, which are recognized as one of the world's top 10 universities are working together.


In addition, we are conducting seminars and technical exchange with the world's best hacking team, PPP(Plaid Parliament of Pwning).

Moreover, we seek the involvement of CodeRed and Inc0gnito which is an association of security clubs in 12 major universities in South Korea.


Currently, a remote video conferencing room is operating at Korea University, Anam campus in Seoul in order to facilitate close cooperation and exchange news and ideas among overseas universities, institutions and local research centers.

This remote video conferencing room also aims to develop contact systems that enable the establishment of a practical international joint research infrastructure.

Our center consists of four specialized research teams.

  • 1. Black-box Testing Team
  • Subject : Development of a vulnerability analysis tool based on dynamic black-box testing & automated verification
    Participating team : Carnegie Mellon University and Korea University
  • 2. White-box Testing Team
  • Subject : Development of a vulnerability analysis tool based on static white-box testing & automated verification
    Participating team : Oxford University and Korea University
  • 3. Network Testing Team
  • Subject : Automated detection and conduct analysis of network code vulnerability and network protocol vulnerability-related issues
    Participating team : ETH Zürich and Korea University
  • 4. Platform Team
  • Subject : Development of an integrated platform of analysis modules of black-box, white-box and network vulnerabilities, with the consideration of usable security, as well as validation of the platform through existing vulnerability DB
    Participating team : KISA and Korea University

We hope to contribute the safe future in the full of IoT devices by removing vulnerabilities in advances through joint international efforts.

For more details about research topics, please refer to the introductory information about each team.

blackbox

Black-box Testing Team

✓  Development of a vulnerability analysis tool based on dynamic black-box testing & automated verification
•  Detection of vulnerabilities during file processing over general purpose media processing software (VLC media player, GNOME image viewer, etc.)
•  Development of an automated detection system of vulnerabilities using combinations of well-known technologies
•  Detection of unknown zero-day vulnerability through smart fuzzing and feedback mutation optimization
whitebox

White-box Testing Team

✓  Development of a vulnerability analysis tool based on static white-box testing & automated verification
•  Detection of vulnerabilities and validation during program development processes by identifying unpatched codeclones, equivalent to vulnerability codes in CVE patches
•  Automated detection of vulnerabilities of buffer overflow (Ghost vulnerability, etc.) over IoT embedded open sources
network

Network Testing Team

✓  Automated detection and analysis of network code vulnerabilities
•  Guarantee of security of network protocol and system code such as IP, BGP, and SCION
•  Detection of dangerous code that is likely to generate vulnerabilities in network environments
✓  Research on automated analysis technology for wireless network and protocol vulnerabilities
•  Development of dynamic and automated detection technology of wireless network profile vulnerabilities
✓  Research on automated analysis technology of SSL/TLS network code vulnerabilities
•  Development of automated detection technology of SSL/TLS network code vulnerabilities
platform

Platform Team

✓  Validation of detection results of software vulnerabilities
•  Application of the analysis platform to the IoT testbed operated by KISA
✓  Construction of automated detection platform of IoT-device-related vulnerabilities
•  Implementing automated testing technologies for black-box testing, white-box testing, and network vulnerabilities as well as integration of the above-mentioned technologies
✓  UI/UX design and visualization for vulnerability detection and analysis