The CSSA was established to study vulnerability discovery technologies and build an automated analysis platform for finding known and unknown vulnerabilities.
The use of IoT devices in recent years has increased exponentially, whereas security measures regarding software have not followed pace. This has created numerous problems around the world.
For example, in July 2015, software vulnerabilities were discovered in Chrysler cars and the company was consequently forced to pay 105 Million USD in penalties in addition to recalling over 1.4 million vehicles. In the United States, airplane entertainment systems have been easily hacked and carry the potential to increase engine thrust remotely. These kinds of security threats pose a major threat to people’s lives.
To cope with these software-related security issues, our center is developing a highly advanced automated analysis platform that can be easily operated even by non-experts in the area of security. Our platform can detect and remove vulnerabilities during the development stage, responding to the need for IoT devices to possess greater security.
The research team at our center is comprised of researchers from Korea University, which is the hosting organization, as well as representatives from many prominent overseas universities such as Carnegie Mellon university, Oxford university and ETH Zürich (the Federal Institute of Technology Zürich). In addition, it includes governmental representatives from KISA (Korea Internet & Security Agency).
The outstanding research teams from the aforementioned institutions participate in black-box vulnerability testing, white-box vulnerability testing, network vulnerability testing, and platform development and validation according to their respective specialized research fields. These teams actively exchange ideas in order to achieve the stated objective of developing a working platform for killing zero-day bugs during software development.
Our platform opened for public usage in 2016. We hope it will contribute to the improvement of the infrastructure and security of IoT devices. If you would like to know more about our research or have questions or comments about our software, feel free to contact us at:
Any suggestions for collaboration are always welcome!
Development of a vulnerability analysis tool based on dynamic black-box testing & automated verification
Development of a vulnerability analysis tool based on static white-box testing & automated verification
Development of an automated analysis tool for network code and protocol vulnerabilities
Systematic verification of IoT software vulnerabilities through the integration of automated analysis technologies