Cybersecurity and Trusted Foundations

We work closely with industry and government to produce high-impact and practical solutions to real- world cybersecurity challenges.

The Center for Cybersecurity and Trusted Foundations (CTF) has partnered with leading technology companies including PayPal, Samsung, Google, Microsoft, and IBM, and has a broad portfolio of government-sponsored research from the Defense Advanced Research Projects Agency, the National Science Foundation, the Office of Naval Research, and the Army Research Office. CTF’s team of researchers includes faculty from across ASU, software engineers, and a robust lab of graduate student researchers.

Faced with evolving threats and adaptive attackers, the center is keeping the future in mind and training the next generation of cybersecurity professionals.

CTF is designated a National Center of Academic Excellence in cyber defense and research by a joint National Security Agency and U.S. Department of Homeland Security program. The center takes a hands-on approach to education, which includes a high school research internship hosted on campus, free cybersecurity curriculum for middle school teachers, encouraging students to participate in capture-the-flag competitions, collegiate cyber challenges, and industry-sponsored events to sharpen their skills. CTF focuses on the cybersecurity pipeline, providing opportunities for learners across ages and skill levels.


  • Binary exploitation.
  • Reverse engineering.
  • Machine learning.
  • Web/mobile security.
  • Dark web market behaviors.
  • Competitive hacking.
  • Workforce development.
  • Cyber education.

Featured projects


Research Collaboration with PayPal Aims to Improve Online Consumer Security

The Center for Cybersecurity and Trusted Foundations, alongside PayPal, leads pioneering research that significantly improves the consumer security ecosystem. These efforts have identified critical vulnerabilities in anti-phishing tools and worked with additional companies, such as Google, Microsoft and Mozilla, to address the problems they found, improving the safety of online payments. This research continues to explore security properties of 2.1M apps on the Google Play store. Additionally, this collaboration explored the full life-cycle of phishing attacks. From the launch of a phishing campaign, to an account being compromised, researchers tracked nearly 4.8 million victims over a one year period. This groundbreaking research captured valuable data about the success rates of phishing, and helped develop a framework for measuring victim traffic and protecting accounts. Recognizing the impact of these findings, this research was awarded second place in Facebook’s Internet Defense Prize Competition and was granted the “Distinguished Paper Award” at the 26th USENIX Security Symposium.


Department of Defense Research in Cybersecurity

CTF researchers are developing the next generation of cyber reasoning systems that can automatically find vulnerabilities, synthesize exploits, and create patches of real-world software. With multiple contracts from the Defense Advanced Research Projects Agency, CTF is developing systems to effectively and quickly address cybersecurity risks by integrating human knowledge with automated cyber reasoning systems. The Center was recently awarded a four-year contract to contribute research and development efforts to the Assured Micropatching (AMP) program. The goal of AMP is to develop a system that can rapidly repair mission-critical software in a targeted manner while minimizing potential side effects without original source code. CTF researchers are developing new automated methods for “understanding” the machine-readable form of software, reversing the translation process, and generating human-readable source code. They can then repair small segments of code, retranslate the repaired segments, and integrate them back into the deployed software. This will allow the address of security issues in deployed mission-critical software in a timely, cost-effective, and scalable manner.

Know the pulse of cyber at ASU

CTF is the entry point for all things Cybersecurity at Arizona State University