Topics

topic

CSSA is conducting joint research internationally to develop an automated analysis platform to discover known and unknown vulnerabilities of software in the form of source code, binary programs and network services.

Carnegie Mellon University, Oxford University, and ETH Züric, which are each recognized at one of the world’s top 10 Universities, are working alongside Korea University to develop the platform.


In addition, we are conducting seminars and exchanging knowledge with the world’s best hacking team, PPP(Plaid Parliament of Pwning).

We are currently collaborating with CodeRed and Inc0gnito. Most members of CodeRed are working as external members of IoTcube, and Inc0gnito is an association of security clubs at 12 major universities in South Korea.


We operate a video conferencing room at the Korea University Anam campus in Seoul to discuss ideas and news amongst overseas universities, institutions and local research centers. Through our collaboration, we are working to establish effective ways of facilitating international joint research and communication.

Our center consists of four specialized research teams.

  • 1. Black-box Testing Team
  • Subject : Development of a vulnerability analysis tool based on dynamic black-box testing & automated verification
    Participating team : Carnegie Mellon University and Korea University
  • 2. White-box Testing Team
  • Subject : Development of a vulnerability analysis tool based on static white-box testing & automated verification
    Participating team : Oxford University and Korea University
  • 3. Network Testing Team
  • Subject: Automated detection and analysis of network code vulnerability and network protocol vulnerability-related issues
    Participating team : ETH Zürich and Korea University
  • 4. Platform Team
  • Subject: Integrating the black-box, white-box, and network vulnerability modules with the consideration of ease-of-use as well as validation of platform effectiveness through a vulnerability database.
    Participating team : KISA and Korea University

We hope to contribute the safe future in the full of IoT devices by removing vulnerabilities in advances through joint international efforts.

A more detailed description of each team’s role is available below.

blackbox

Black-box Testing Team

✓  Development of wireless protocols testing tool based on smart and stateful fuzzing
•  Automated generation of test cases and discovery of crash packets by traversing protocol state machines described in their specification
•  Management of crash packet and its synchronization among users to improve performance of testing
✓  Development of a vulnerability analysis tool based on dynamic black-box testing & automated verification
•  Detection of vulnerabilities during file processing over general purpose media processing software (VLC media player, GNOME image viewer, etc.)
•  Development of an automated detection system of vulnerabilities using combinations of well-known technologies
whitebox

White-box Testing Team

✓  Development of a vulnerability analysis tool based on static white-box testing & automated verification
•  Detection of vulnerabilities and validation during program development processes by identifying unpatched codeclones, equivalent to vulnerability codes in CVE patches
•  Automated detection of vulnerabilities of buffer overflow (Ghost vulnerability, etc.) over IoT embedded open sources
network

Network Testing Team

✓  Automated detection and analysis of network code vulnerabilities
•  Verification of security of network protocols and system code such as IP, BGP, and SCION
•  Detection of dangerous code that is likely to generate vulnerabilities in network environments
✓  Research on automated analysis technology for wireless network and protocol vulnerabilities
•  Development of dynamic and automated detection technology of wireless network profile vulnerabilities
✓  Research on automated analysis technology of SSL/TLS network code vulnerabilities
•  Development of automated detection technology of SSL/TLS network code vulnerabilities
platform

Platform Team

✓  Validation of detection results of software vulnerabilities
•  Application of the analysis platform to the IoT testbed operated by KISA
✓  Construction of automated detection platform of IoT-device-related vulnerabilities
•  Implementing automated testing technologies for black-box testing, white-box testing, and network vulnerabilities as well as integration of the above-mentioned technologies
✓  UI/UX design and visualization for vulnerability detection and analysis