Các hướng nghiên cứu chính tại Phòng thí nghiệm ATTT – UIT InSec Lab

Khoa MMT&TT chuyển đến các bạn sinh viên thông tin về các hướng nghiên cứu chính tại Phòng thí nghiệm An toàn thông tin UIT.

Các bạn quan tâm đến các hướng nghiên cứu này có thể liên hệ:

Phòng thí nghiệm An toàn Thông tin – UIT InSec Lab

Phòng E8.1, Trường ĐH Công nghệ Thông tin (UIT)

Fanpage: https://www.facebook.com/inseclab/

Email: duypt@uit.edu.vn (thầy Phan Thế Duy)


I. Security and Privacy in Applied Computer Environments

UIT InSec Lab conducts research on system security and privacy. With an emphasis on practical results, we seek to develop technologies to secure current and emerging applications.

The research focus is on applied computer security, mobile, IoT environment with a recent emphasis on:

  • Cryptography: anti-surveillance and anti-censorship supported features to build encrypted instant messaging and voice calling, social media network applications.
  • Web security/privacy
  • Android/iOS application security/privacy
  • Malware analysis

II. Security with Network Virtualization and Software-Defined Networking (SDN)

1. Network Virtualization

Virtualization is the ability to simulate a hardware platform, such as a server, storage device or network resource, in software. All of the functionality is separated from the hardware and simulated as a “virtual instance”, with the ability to operate just like the traditional, hardware solution would.

When applied to a network, virtualization creates a logical software-based view of the hardware and software networking resources (switches, routers, etc.). The physical networking devices are simply responsible for the forwarding of packets, while the virtual network (software) provides an intelligent abstraction that makes it easy to deploy and manage network services and underlying network resources. As a result, NV can align the network to better support virtualized environments.

Network virtualization (NV) is defined by the ability to create logical, virtual networks that are decoupled from the underlying network hardware to ensure the network can better integrate with and support increasingly virtual environments.

NV can be used to create virtual networks within a virtualized infrastructure. This enables NV to support the complex requirements in multi-tenancy environments. NV can deliver a virtual network within a virtual environment that is truly separate from other network resources. In these instances, NV can separate traffic into a zone or container to ensure traffic does not mix with other resources or the transfer of other data.

Consequently, we concentrate on methods and challenges of server/network virtualization.

2. Software-Defined Networking

Software-Defined Networking (SDN) is an emerging architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today’s applications. This architecture decouples the network control and forwarding functions enabling the network control to become directly programmable and the underlying infrastructure to be abstracted for applications and network services. The OpenFlow ® protocol is a foundational element for building SDN solutions.

SDN security challenges become more of a concern, as deployments bring vulnerabilities to the forefront.

The research focus is on:

  • Addressing security challenges in SDN and Cloud: DDoS/DoS Attacks (Flow-decision Requests), Hijacked/Rogue Controller, Malicious Applications, Control-Data Plane Link Attacks, Eavesdropping Attacks, ….
  • Applications of SDN in home, wireless, cellular, enterprise, data-center, and backbone networks.
  • Application of SDN to network management, performance monitoring, security, etc.
  • Virtual appliances (e.g., firewalls, intrusion detection systems, load balancers, etc.) on SDN.
  • Virtualization support in software-defined networks
  • Switch designs for SDN
  • Application Programming Interfaces for SDN
  • Control and management software stack for SDN
  • Performance evaluation of SDN network elements and controllers
  • Experiences deploying SDN technology and applications in operational networks
  • Hybrid SDN approaches (integration with other control planes)
  • Transitioning existing networks to SDN

III. Cyber Intelligence and Forensics

Cyber warfare is unfortunately no longer found only in science fiction stories; it is with us today. Distributed denial-of-service (DDoS) attacks have been launched against many military and government computer systems around the world in recent years. The technological advancements in computers, software, networks and information systems in general have actually made technologically dependent countries more vulnerable to disruption. Physical security is now permanently tied to cyber security. Cyber weapons are a relatively new type of weaponry with various effects on the target.

They are usually basic scripts that have the objective to defend or attack a target. It doesn’t have any limitations of use and can achieve most of the goals set. Most of them are freely available on the internet but some more sophisticated or newer ones are kept privately or are commercial. Securing infrastructure against cyber-attacks has become one of every nation’s highest priorities. To achieve this objective, networks, systems, and the operations teams that support them must be fully trained and aware of possible threats and strongly defend against a variety of threats.

1. Cyber Intelligence

Many research topics in cybersecurity with a concentration in cyber intelligence prepare you to acquire and assess the intentions, capabilities, and activities of potential adversaries and insiders who pose a threat, including attack methods that target people to penetrate systems, sometimes referred to as social engineering.

  • Applying deep learning/machine learning to the world of cybersecurity. Deep learning is a novel adaptation of neural networks, which is inspired by the way the human brain works.
  • Processing a multitude of data sources provides powerful detection, prediction, and prevention abilities of known and unknown cyber threats in order to build powerful IDS/IPS.

2. Cyber Forensics

Main topics:

  • Cybercrime
  • Digital forensics and mobile forensics
  • Penetration testing and vulnerability assessment

Penetration testing and vulnerability assessment skills can be used in finding weaknesses in existing devices and applications and to advise developers or network administrators to secure their application or environment. Your cyber forensics skills can be used to identify, collect, preserve and analyze a wide range of digital evidences and present them in the court of law. You will use your knowledge of programming to analyze different malwares to determine how they work and how countermeasures can be developed. Only a small percentage of cyber security professionals are capable of analyzing advanced persistent threats and are capable of understanding and managing malware campaigns.

Finally, your cyber threat intelligence knowledge and skills will help you to strategically fight against organized cybercrimes, understand and analyze cyber warfare activities and propose appropriate defensive and offensive mechanisms to reduce or eliminate those risks.