At ASU's Security Engineering for Future Computing lab, researchers study computer vulnerabilities and cyberattacks and develop safe computing methods.
The lab is part of a collaboration between the School of Computing and Augmented Intelligence and the Cybersecurity and Trusted Foundations, a group of labs dedicated to cybersecurity research. Setting itself apart from other labs in CTF, SEFCOM focuses on the future computing aspect of cybersecurity, meaning it anticipates potential risks and fixes them.
"We have to come up with the better approach to address cybersecurity challenges and risks, instead of building just a regular lab," Gail-Joon Ahn, Founding Director of SEFCOM and professor in the SCAI, said. "Let's think about the future."
The lab frequently works with automation of computing and was involved in AI research before the technology became mainstream. Ahn said that AI will continue to play a major role in how the cybersecurity industry functions, as well as in addressing potential future risks.
Ahn said SEFCOM researchers study risk and vulnerability detection, which comes with the changing landscape of AI usage, adding that the researchers aim to be among the first to adapt and test new technologies.
The lab is also researching cybercrimes, including phishing and fraudulent websites. Adam Doupé, director of CTF and a professor at the SCAI, said the organization has been investigating fake shopping websites that appear authentic, but either never send the ordered goods or a provide a knock-off version.
"They're not pretending to impersonate a trusted entity like phishing, so this is a different type of attack," Doupé said. "Turns out these are very profitable for the attackers."
The lab also aims to make cybersecurity more accessible. Doupé said cybersecurity knowledge is typically only found in professionals, and a "driving force" for their goal is to create automatic systems to debug cybersecurity flaws and return the fixed code to developers.
Following such ideas, one of the major components of the lab is automated program analysis. Specifically, SEFCOM focuses on fuzzing, which is a major aspect of the field.
"The idea of fuzz testing or fuzzing is we feed randomly generated inputs to a program and observe if there is some unexpected behavior, like, say, a program crashes," said Arvind S Raj, a researcher at SEFCOM and doctoral student studying computer science.
Raj said the lab works to find reproducible solutions to the computer crashers or bugs and then reports its findings to developers so they can fix the issues on their own.
The lab's members have contributed to numerous real-world developments, including pwn.college, which computer science students may be familiar with for coursework. Initially developed by Yan Shoshitaishvili, a professor in the SCAI, the site was created to help students further their knowledge of cybersecurity.
Although a majority of research is conducted by Ph.D. students, graduate and undergraduate students can find opportunities within the lab. Doupé said the directors want to see a passion for cybersecurity in students considered for the lab, and undergraduates can increase their chances by performing well in required cybersecurity courses.
"We have limited bandwidth and a big lab, so we can't take everyone," Doupé said. "But it's one of those things that we really enjoy working with students because they bring so many fresh ideas and energy to the research."
Correction: The spelling of a name was updated at 11:24 a.m. on Dec. 3 at the request of the source.
Edited by Kate Gore, George Headley and Pippa Fung.
Reach the reporter at myerrag1@asu.edu.
Like The State Press on Facebook and follow @statepress on X.
Meghana Yerragovula is a reporter for the state press. She is on her second semester writing as a reporter.
