Unveiling METALLIC: A Multi-Million Dollar Investment into Cybersecurity
Nov 20, 2024 —
Researchers are receiving more than $4 million from DARPA to develop a new framework to analyze and model sophisticated attacks on software.
A common tactic cybercriminals use is an exploit chain, a series of interconnected steps or vulnerabilities that attackers exploit to breach software systems. Each step leverages the capability achieved in the preceding step, forming a systematic pathway to compromise.
Recognizing the severity of this threat, researchers at the School of Cybersecurity and Privacy (SCP) at Georgia Tech will work with Trusted Science and Technology Inc. to turn Metrology for Assessing the Leverage of and Liability for Compromises (METALLIC) into a working prototype of a security modeling and assessment framework.
“We are developing a foundation framework to analyze and reason about cyber chains of exploits,” said Sukarno Mertoguno, SCP research professor and project lead.
“The structure we will implement in this project enables characterization and evaluation of exploit components, semi-automated repair, and adaptation of the chain to the changes in operating environment.”
The METALLIC project holds significant promise for advancing cybersecurity practices. For instance, METALLIC could help organizations detect and neutralize exploit chains faster, reducing the average time to identify and mitigate a breach from days to hours.
By providing a comprehensive framework for modeling, analyzing, and mitigating exploit chains, METALLIC has the potential to empower security professionals with the tools and knowledge needed to better protect software systems from sophisticated cyberattacks.
This project represents an important step towards a more secure digital future, where individuals and organizations can confidently engage in online activities without fear of compromise.
Researchers and engineers with extensive expertise in various cybersecurity domains will spearhead the METALLIC project.
Mertoguno will lead the Georgia Tech team and be responsible for system security, systems-centric models, and scalable analysis. Wenke Lee, a professor at SCP, is responsible for vulnerability research, especially on mobile devices. Taesoo Kim, a professor at SCP, is responsible for exploit discovery and chaining. Brendan Saltaformaggio, an associate professor at SCP, will focus on root cause analysis.
John Popham
Communications Officer II
School of Cybersecurity and Privacy
Team at Pindrop receives ‘Test of Time’ Award at ACM CCS 2020
Jan 28, 2021 — Atlanta, GA
A Georgia Tech a faculty member and an alumnus are being honored with a Test of Time Award. Mustaque Ahamad and Vijay Balasubramaniyan received the ACM Conference on Computer and Communications Security (CCS) award for their paper on Pindrop.
Ahamad is a professor in the College of Computing and Pindrop co-founder and chief scientist. Along with being a Georgia Tech alumnus, Balasubramaniyan is co-founder and CEO of Pindrop.
The paper, titled PinDr0p: Using Single-Ended Audio Features to Determine Call Provenance, was a team effort supported by Balasubramaniyan, Ahamad, Aamir Poonawalla, Michael T. Hunter, and Patrick Traynor. According to Balasubramaniyan, it has had a significant impact on security research and practice.
“We are so honored to have received this award,” said Balasubramaniyan. “This shows the impact this research has had in a world of instant gratification.”
Published in 2010, the research details the team’s novel approach to identifying and characterizing networks used to make calls in order to create detailed fingerprints for a call’s source. This approach can distinguish between calls made using cellular, internet, or land lines from locations across the world with over 90 percent accuracy, which is the first step in accurately determining the provenance of a call.
Pindrop was inspired by a trip to India and a call from Balasubramaniyan’s bank to verify a charge to one of his credit accounts.
“I received a call to verify a transaction,” said Balasubramaniyan. “They wanted information to verify my identity — social security number and date of birth — however, I wanted to verify that it was truly the bank calling me.”
The idea took off from there and the team now works with eight of the top 10 national banks and continues to expand its research features — now at over 1,300.
"We're building on research that is now established as a Test of Time paper," said Balasubramaniyan. "It's really amazing."
Carly Ralston, Research Communications Program Manager