The proposed lab will provide fundamental advances in cyber defence to limit the ability of adversaries to compromise networks, improve security planning, vulnerability management, and outlining incident response activities. To this end, we specifically target three application domains:
In the situational awareness application domain, lab plans to 1) build a measurement infrastructure to study the threat landscape of Pakistan, and 2) derive actionable security intelligence from analysing hundreds of millions of log records and network data collected from distributed vantage points.
In this part, lab will develop an automated toolchain for application debloating using 1) application configuration in a particular deployment, 2) specifications of the required functionality, and 3) application’s needs from libraries, other applications, peripheral devices and networks, and even the operating system kernel.
In the infrastructure security application domain, our lab will build outside-the-VM defences including 1) classifying malware and abuse using VM performance counters, and 2) building a provenance manager that enables a live audit (for immediate attribution) and root-cause analysis (for determining how this was done). This would enable an immediate and online response that can selectively rollback only those operations that are identified as performed by the attacker.
Our core members and researchers are academics, developers, administrators and MS/PhD students. Our industrial partners are public and private cyber security organizations that advise us on the design, implementation and commercialization of the R&D work originating from our Lab.