We are living in a time of a paradigm shift towards cyber security attacks on targets such as critical infrastructure, governments and sensitive data. It is more important than ever to remember that cyber security is not only about technology but about a holistic process that includes business decisions, human beings, technologies and adversaries. From a high-level perspective, securing an organization involves four distinct paradigms:
- Prevention: Protect as much as possible your environment at the perimeter as well as inside your network (firewall, access control, encryption, etc.)
- Resilience: Be able to detect when these protections have failed and have a fallback plan in place (intrusion detection, quarantine, backup, degraded modes of operation)
- Continuous Improvement: Have the capacity to continuously remove newly discovered vulnerabilities, no matter where in your network (compliance testing, patch management, etc.)
- Assessment: Be in a position to assess in real-time the security posture your environment is in with respect to a well-defined security policy (asset identification, policy definition, penetration testing, security assessment, etc.).
We have decided to focus on the areas of cyber security that are the most important to Qatar and on segments of cyber security where existing expertise in related technologies can be leveraged and readily applied.
These priorities include:
QCRI’s Cyber Security department's objective is to become a center of excellence in the application of real time data analytics for the detection of cyber attacks, forensics and remediation of a cyber event and to anticipate and ultimately defeat cyber attacks on Qatar’s cyber infrastructure.
We collaborate with stakeholders and institutions including the University of Michigan, the University of Illinois at Urbana-Champaign, Texas A&M Qatar and Qatar University.
Projects that illustrate the diversity of activities within the Cyber Security department include:
MADA: A system for identifying malicious domains using a real-life "guilt by association" principle. It detects malicious domains by analysing the movements and previous associations of a domain address. It can analyse 50 million domains in six minutes.
Cryptolytics: A platform that provides usage analytics for cryptography - the practice of securing data communication and storage against adversaries - for Android applications. It identifies how cryptography is misused, what kinds of data are encrypted and where data is generated, transferred and stored. The platform allows Android developers to automatically assess their apps before they are publicly-released, and identify vulnerabilities that could result in serious data breaches. The platform has been developed in collaboration with the University of British Columbia and has been used to evaluate more than 120,000 Android applications. It has already helped a major Qatari stakeholder to identify and solve multiple vulnerabilities in their Android app.
PRIDSA: PRIDSA is a suite of techniques to facilitate data collection and analysis of sensitive data from individuals with strong privacy protection. It significantly improves the state-of-the-art techniques developed by Google in terms of accuracy as well as the variety of supported data analysis tasks.