Technology Innovation Institute
By Rocco Calvi, Executive Director — Digital Security Research Centre (DSRC)
The cutting-edge approach to safeguarding our software — identifying security vulnerabilities and hardening software — leaves malicious attackers with no ability to compromise us. In the battle against malicious attacks, the exponential growth of the Internet-of-Things (IoT) and their ease of use is only increasing the opportunities and likelihood of attack.
Additionally, the cost of professionals, manual testing, high rate of false positives from scans, patch latency problem, and current practices that depend on source code availability put us at constant risk and allow the threat actors to win. Technology Innovation Institute (TII), the dedicated ‘applied research' pillar of Abu Dhabi's Advanced Technology Research Council (ATRC), is helping create a better world by developing advanced and transformative technological innovations designed to benefit society. Based at TII's research hub in Abu Dhabi, United Arab Emirates, the Digital Security Research Centre (DSRC) was formed to accelerate advances in the cybersecurity field through ground-breaking research and development. DSRC is achieving this by pioneering new ways to make real-world systems more secure at the binary level, while reducing the need for human expertise. DSRC is one of seven initial dedicated research centres at TII — the other six being quantum, autonomous robotics, cryptography, advanced materials, directed energy, and secure systems. DSRC conducts ground-breaking research during the software development stage and after its release to protect governments, businesses, and individuals against software vulnerabilities. Today, our key objective at DSRC is to make the software of the future safe. Therefore, our objective is to conduct breakthrough scientific research and experiments aimed at creating novel approaches and effective methods for improved reasoning over complex compiled binaries at run-time with scalability and accuracy in mind. The DSRC approach is multi-faceted and is able to automatically analyse software, identify security flaw(s), evaluate security defects, and correct it accordingly. Our use cases are automated security evaluation for third-party products, run in the DevSecOps (Development Security Operations) pipelines for secure development, and protect customers from harm until the affected vendor can deploy a patch. Our team brings together computer security experts from academia, industry, and the broader security community to solve the most sophisticated information security issues and security vulnerabilities. Furthermore, working with top-tier strategic partnerships, we will advance automated program analysis and repair system weaknesses at speed, scale, and with precision. DSRC will be working in partnership with global universities, research institutions, and industry partners to explore projects that range from symbolic execution to game theory. To drive progress in automated computer security, we collaborate with the world's most talented scientists, university professors, and leading software analysts with expertise in areas of binary analysis, guided fuzzing, emulation, compilers, symbolic execution, machine learning, SMT solvers, reverse engineering, binary rewriting, and formal verification. When it comes to transferring knowledge into practice, we publish white papers with source code, file patents driving technological breakthroughs, and create tools/frameworks that leverage our recent discoveries. Our applied research will lead to an advanced automated vulnerability analysis platform that can be used by DevSecOps and computer security teams to test and validate code. This will allow tech companies and governments to conduct rapid deep analysis to find and remediate critical vulnerabilities before adversaries, therefore making end-users safer from today's cyber-attacks.