Report an accessibility problem
ASU home My ASU Colleges and schools

Center for Cybersecurity and Trusted Foundations

We work closely with industry and government to produce high-impact and practical solutions to real-world cybersecurity challenges. The Center for Cybersecurity and Trusted Foundations (CTF) has partnered with leading technology companies including PayPal, Samsung, Google, Microsoft, and IBM, and has a broad portfolio of government-sponsored research from the Defense Advanced Research Projects Agency, the National Science Foundation, the Office of Naval Research, and the Army Research Office. CTF’s team of researchers includes faculty from across ASU, software engineers, and a robust lab of graduate student researchers.

Scholarship application form

Faced with evolving threats and adaptive attackers, the center is keeping the future in mind and training the next generation of cybersecurity professionals. CTF is designated a National Center of Academic Excellence in cyber defense and research by a joint National Security Agency and U.S. Department of Homeland Security program. The center takes a hands-on approach to education, which includes a high school research internship hosted on campus, free cybersecurity curriculum for middle school teachers, encouraging students to participate in capture-the-flag competitions, collegiate cyber challenges, and industry-sponsored events to sharpen their skills. CTF focuses on the cybersecurity pipeline, providing opportunities for learners across ages and skill levels.

Capabilities

capabilities
  • Binary exploitation
  • Reverse engineering
  • Machine learning
  • Web/mobile security
  • Dark web market behaviors
  • Competitive hacking
  • Workforce development
  • Cyber education

Featured projects

Research Collaboration with PayPal Aims to Improve Online Consumer Security

The Center for Cybersecurity and Trusted Foundations, alongside PayPal, leads pioneering research that significantly improves the consumer security ecosystem. These efforts have identified critical vulnerabilities in anti-phishing tools and worked with additional companies, such as Google, Microsoft and Mozilla, to address the problems they found, improving the safety of online payments. This research continues to explore security properties of 2.1M apps on the Google Play store. Additionally, this collaboration explored the full life-cycle of phishing attacks. From the launch of a phishing campaign, to an account being compromised, researchers tracked nearly 4.8 million victims over a one year period. This groundbreaking research captured valuable data about the success rates of phishing, and helped develop a framework for measuring victim traffic and protecting accounts. Recognizing the impact of these findings, this research was awarded second place in Facebook’s Internet Defense Prize Competition and was granted the “Distinguished Paper Award” at the 26th USENIX Security Symposium.

Department of Defense Research in Cybersecurity

CDF researchers are developing the next generation of cyber reasoning systems that can automatically find vulnerabilities, synthesize exploits, and create patches of real-world software. With multiple contracts from the Defense Advanced Research Projects Agency, CDF is developing systems to effectively and quickly address cybersecurity risks by integrating human knowledge with automated cyber reasoning systems. The Center was recently awarded a four-year contract to contribute research and development efforts to the Assured Micropatching (AMP) program. The goal of AMP is to develop a system that can rapidly repair mission-critical software in a targeted manner while minimizing potential side effects without original source code. CDF researchers are developing new automated methods for “understanding” the machine-readable form of software, reversing the translation process, and generating human-readable source code. They can then repair small segments of code, retranslate the repaired segments, and integrate them back into the deployed software. This will allow the address of security issues in deployed mission-critical software in a timely, cost-effective, and scalable manner.