Research
Mission and goals
CTF researchers are advancing the field of cybersecurity by developing the next generation of cyber reasoning systems capable of automatically identifying vulnerabilities, synthesizing exploits, and generating patches for real-world software. Through partnerships with government organizations and leading technology companies, CTF integrates human expertise with automated cyber reasoning systems to efficiently address emerging cybersecurity risks.
The Center bridges research and education by hosting a large research lab on ASU’s Tempe campus and supporting affiliate labs in collaboration with the School of Computing and Augmented Intelligence. Frequently recognized in top-tier national conferences, their work highlights the role of Arizona State University in driving cybersecurity innovation.
Research Labs
SEFCOM: Laboratory of Security Engineering for Future Computing
Co-Directors: Dr. Gail-Joon Ahn, Tiffany Bao, Adam Doupé, Yan Shoshitaishvili, and Fish Wang
Website: SEFCOM
The Laboratory of Security Engineering for Future Computing (SEFCOM) at Arizona State University focuses on creating a significant societal impact through innovative research, secure development practices, and hands-on training programs. SEFCOM’s dedication to advancing cyberspace security and defense drives its mission to address current and future challenges in the cybersecurity landscape.
Research Areas:
- Program analysis and vulnerability detection/exploitation/mitigation
- Identity management and access control
- Formal models for computer security
- Network and distributed systems security, including mobile and cloud computing
- Cybercrime analysis and vulnerability/risk assessment
Happy Lab: Human Aspects in cyber Protection and PrivacY
Directors: Dr. Jaron Mink
Website: Happy Lab
The Happy Lab explores the intersection of human behavior, security, and privacy to develop systems that better protect users. By understanding how people interact with software, the lab aims to safeguard against the misuse of machine learning (ML) while leveraging ML for enhanced security systems. The lab’s work addresses the rapidly evolving challenges in human-centered cybersecurity.
Research Areas:
- Human factors in security and privacy
- Defense against ML-enabled abuse
- Harnessing ML for trustworthy security solutions
RISE Lab@ASU: Reliable, Intelligent, Secure, and Efficient Software and Systems
Directors: Dr. Xusheng Xiao
Website: RISE Lab
The RISE Lab focuses on enhancing software reliability and security through cutting-edge AI-enhanced analysis approaches. By combining software engineering with artificial intelligence, the lab seeks to improve the dependability of software and systems in critical applications. The lab’s research aims to address the challenges of modern software systems in an increasingly interconnected world.
Research Areas:
- Large Language Model (LLM)-enhanced software analysis
- Mobile application security and analysis
- Cyber threat detection and investigation
- Blockchain and smart contract security
- Software testing and debugging
Capabilities
011011
110011
Binary exploitation
Machine learning
Reverse
engineering
Web/mobile security
Dark web market behaviors
Workforce development
Cyber education
Competitive hacking
Featured projects
Developing Rapid Cybersecurity Tools for Critical Systems
Awarded by DARPA, a team of researchers at Arizona State University is tasked with developing SENPAI (Strategic Exploration, Navigation and Patching of Abstracted Integrations), a suite of tools designed to rapidly reverse engineer and secure cyber-physical systems such as drones and smart devices.
The goal is to enable security experts to identify, exploit, and patch vulnerabilities within 30 days, significantly reducing the current time frame of months or years. This initiative addresses the pressing need to protect existing equipment that was not originally designed with cybersecurity in mind, thereby enhancing national security.
Human-assisted Cyber Reasoning System (HaCRS)
With support from the Department of Defense, CTF is developing a re-imagined Human-assisted Cyber Reasoning System, capable of autonomously analyzing real-world software and, when it runs into difficulties caused by fundamental limitations, asking for non-expert human assistance in a scalable and resilient manner.
The completion of this project will result in a new paradigm of automation-centered, but Human-assisted, Cyber Reasoning Systems, greatly improving the effectiveness of existing cyber-operatives and the development of future operational capability of recruit-level cyber-operatives for software vulnerability detection. Pwn.college is also powered through these efforts, creating a symbiotic connection among research, education, and workforce development.
What Phishing Looks Like, Start-to-Finish
In collaboration with PayPal, CDF led pioneering research that explored the full life cycle of phishing attacks. From the launch of a phishing campaign to an account being compromised, researchers tracked nearly 4.8 million victims over a one year period.
This groundbreaking research captured valuable data about the success rates of phishing, and helped develop a framework for measuring victim traffic and protecting accounts.