Advancing beyond state-of-the-art open-source fuzzing, we’re developing new automated tools that are capable of identifying nested weaknesses in software at machine speed and scale – without the need for source code and false positives. 

This involves rethinking what we mean by ‘performance’ and how to overcome the challenges that limit us in exposing vulnerable code. We are also enabling machines to find flaws in other machines (with minimal human intervention) by acquiring deep intelligence from compiled software that is difficult to interface with in a generic way.

Our research domains include: 

  • Under-constrained symbolic execution
  • SMT solvers
  • Coverage-guided fuzzing
  • Machine learning
  • Emulation
  • Hypervisors
  • Instrumentation

Given the variety of security bug classes, processes to resolve security vulnerabilities, and the complexity of modern software, it is often difficult to determine the root cause and assess the risk of a security flaw. Locating and triaging bugs is an emerging challenge with sophisticated software, as it is typically a manual process that requires expert oversight. Knowing this, we are questioning deeply held assumptions about computer security and envisioning new preventative methods to improve automated triaging. For this, we are focusing on how to expedite the process and remove the need for human intervention.

This will allow us to identify vulnerabilities, remove false positives, and give non-computer professionals an understanding of computer threats, as well as arm them to react.

Our research domains include: 

  • Vulnerability classes
  • Triage techniques
  • Crash analysis
  • Memory safety
  • Determinism

We’re exploring novel techniques to improve computer defence. This includes automatically hardening programs, patching zero-day vulnerabilities in seconds, and conducting regression testing at scale before nefarious adversaries can exploit them. We aim to achieve this without compromising software performance or functionality.

Overall, we are identifying:

1. The best methods to apply the latest security mitigations to compiled binaries.

2. How to repair software once unknown vulnerabilities have been detected.

3. Intelligence required for automated processes to know if it is worth patching a security flaw if the risk and likelihood of impact is minimal.

Our research domains include: 

  • Symbolic execution
  • Binary translation
  • Binary rewriting/recompilation
  • Memory safety checks
  • Semantic program verification
  • Dynamic taint analysis
  • Binary optimisation
  • Machine learning

Ultimately, to achieve IT defense-autonomy, machines must replicate the human decision-making process based on software characteristics and associated behaviours. With emerging technologies – such as artificial intelligence, machine learning, game theory strategy concepts, and Moore's Law – we are called upon to rethink how to solve problems in defence before our adversaries even attempt to compromise our programmes. To this end, we are aggressively pursuing the next generation of scientific discovery and innovation to learn new methods to create intelligent defence systems with adaptive strategies.

Our research domains include: 

  • Machine learning
  • Game theory
  • Simulations