Project name: Laboratory of testing the vulnerabilities in stationary and portable IT devices as well as in algorithms and software (LaVa)
Source of funding: National Center for Research and Development
Project goal: The purpose of the project is to build a Laboratory dedicated to vulnerability testing, equipped with:
- experimental laboratory stand for hardware and software vulnerability testing;
- tools using innovative methods developed during the project. dedicated to vulnerability scanning in IT systems;
- tools for static application analysis and behavioral analysis.
Project Description:
As part of the project, it is planned to develop a coherent methodology for conducting security research of selected IT technologies. In particular it is planned to develop innovative methods allowing to detect vulnerabilities in hardware and software as well as develop related algorithms based on AI. The tools and software (including proprietary ones, being the result of the of the project) for testing the vulnerabilities in mobile and stationary IT devices, backbone components of new generation teleinformatic networks (in particular 5G) and mobile applications are going to be designed. The common effort of public research institute, an academic center and a commercial company will allow to create products having a significant impact on improvement of cybersecurity in Poland, being in line with article 26 of the Act on the National Cybersecurity System.
Project Results:
1. Development of methods and tools for testing the vulnerabilities in mobile applications. The research will be carried out taking into account different application usage profiles. Static and dynamic analysis as well as long-term behavioral analysis will be carried out.
2. Development of methods and tools for testing the vulnerabilities in IoT devices - vulnerabilities in hardware, embedded software and protocols. A coherent exemplary methodology for conducting IoT device vulnerabilities tests in an intelligent building will be developed and practically verified.
3. Development of methods and tools for testing the vulnerabilities in complex cyber-physical systems. The research will cover advanced control algorithms based on AI techniques.
4. Development of methods and tools for automated authorization testing in access management. An innovative concept of automated identification of vulnerabilities related to the authorization mechanisms implemented in the software will be developed.
5. Development of a coherent methodology for conducting security research in the technology of backbone components in next-generation networks, especially 5G.
6. Building a research platform for conducting comprehensive studies of the vulnerabilities in IT systems and devices. The laboratory will be equipped with appropriate tools, including proprietary solutions.
7. Preparation of documentation related to the implementation of a research platform and services for testing the vulnerabilities in IT devices and software
Project Participants:
- Research and Academic Computer Network
- Warsaw University of Technology
- Galach Consulting Sp. z o.o.
Planned duration: 01.05.2021 - 30.09.2024
Total project value: 11 505 385,00 zł.