Q1. What are some of the projects that your team at the Digital Security Research Centre is working on currently?
The primary goals of the Digital Security Research Centre (DSRC) are improving automation and effectiveness at run-time for software vulnerability discovery, assessment, and mitigation at scale with speed for open-source code and closed-source binary targets across several platforms and architectures. At DSRC, we are developing next-gen autonomous computer security tools. What we aim for is to make the software of the future safe.
DRSC works on multiple research areas in fundamental as well as applied science disciplines. We pride ourselves on discovering, evaluating and repairing software in seconds.
Our core research areas are: Automated Binary Analysis; Automated Vulnerability Evaluation; Automated Self-Healings; and Automated Strategic Decision-Making'
Therefore, our current projects aim to:
- Build an automated, scalable vulnerability analysis platform that allows our researchers and engineers to perform rapid prototyping, run experiments, obtain complete control over the software, and provide live comprehensive benchmark reports.
- Conduct applied research and build robust tooling using emulation to allow introspection, determinism and removing performance bottlenecks during a fuzzing campaign.
- Replace how an engineer requires manual work that takes days to create effective harnesses to aid persistent in-memory fuzzing.
- Improve how corpus minimization is done and measured to reach better execution speeds while not losing valuable inputs that may lead to a bug or crash.
- Enhance and automate binary rewriting to attain source-based speed and fuzzing-enhancing program transformation for closed-source binaries.
- Develop new techniques and methods for the automatic generation of fuzzing grammar from source code.
- Improve robust network and multi-core scaling with different targets, test cases and fuzzers for vulnerability discovery.
- Analyze complex embedded software and firmware dumps from Internet-of-Things (IoT) for security flaws.
- Enhance crash analysis assessment to understand further the root cause's ground truth and the actual severity with context.
Q2. In what areas of software and digital security do you see the biggest opportunities for innovation and change over the next few years?
Enriching the dataset, storage, and computing power, the traditional challenges we face will be less of a challenge in the future, e.g., path explosion, limited test cases, virtual machine reset speed. However, we have to face the volume, the variety, the complexity, and the compatibility of the software increasing significantly. It generates the new challenge of ensuring all software cooperate and work as we expected, even under attack. It pushes our software analysis tools to become more intelligent and efficient. It can react to different contexts and environments. In other words, the software analysis tools are supposed to reason about what to do at a particular moment.
In real life, the landscape is complex, e.g. how to design and build such intelligent software analysis tools will become more of a challenge. Furthermore, it will push us to think about how much we can truncate from such a software analysis tool to meet a lower level of expectation.
Q3. Why is it important for TII to be at Black Hat USA 2021? What do you want security leaders at the event to learn about your organization and the research work that it is doing?
As we all know, Black Hat is a long-time renowned event in the community. As we are new, we are here to introduce ourselves to the cybersecurity industry. In a nutshell, we are the Digital Security Research Centre (DSRC) at the Technology Innovation Institute (TII), the applied research pillar of the Advanced Technology Research Centre (ATRC) which sets the R&D strategy in Abu Dhabi. We are one of seven research centers at TII; the others do research in the areas of quantum, autonomous robotics, cryptography, advanced materials, directed energy, and secure systems.
At DSRC, we conduct groundbreaking research to protect the world from cyber threats by improving how we identify software vulnerabilities and correct software flaws.
Most importantly we are here to offer a home to the world's best binary security researchers, scientists, and engineers. Wherever you come from, we believe we will be able to work together on the same goal.
We hope all the security leaders know who we are and what we are doing and will do.
The Digital Security Research Centre (DSRC) at the Technology Innovation Institute (TII) aims to make a better world by protecting people from cyber threats.
Our multicultural teams operate with an unconventional philosophy of interdisciplinary collaboration. Each DSRC member and our partners are expected to challenge, be challenged, create, and innovate.
Our team brings together computer security experts from academia, industry and the broader security community to solve challenging problems that prevent us from being secure at the binary level.
We conduct breakthrough scientific research and experiments aimed at creating novel approaches and effective methods for improved reasoning over complex compiled binaries. Appreciating that humans cannot scale and make the world's software safer on our own, we spur innovation through technological advances.
We work on a depth and breadth of research areas in both fundamental and applied research. We pride ourselves on discovering, evaluating, and repairing software vulnerabilities in seconds.
We follow our purpose to make the world better.