Carnegie Mellon University
November 11, 2013

Press Release: Carnegie Mellon CyLab Researchers Work To Make Commercial Technologies Secure for Defense Department

Contact: Chriss Swaney / 412-268-5776 /

PITTSBURGH—Researchers from Carnegie Mellon University CyLab and the University of Pennsylvania have received a four-year, $3.9 million from the Defense Advanced Research Projects Agency (DARPA) to improve the security of commercial technologies used by the military.

“We are studying how to improve the security for commercial-off-the-shelf  (COTS) technology that remains vulnerable to attack from latent vulnerabilities or hidden malicious codes,” said CyLab researcher David Brumley, the Gerard G. Elia Career Development Professor in the Department of Electrical and Computer Engineering. Brumley is widely regarded for his cutting-edge contributions to addressing the challenges associated with malware.

Brumley along with CyLab Director Virgil Gligor, a CMU professor of electrical and computer engineering, will analyze each COT system, such as wireless routers and printers, and make certain they are malice-free.

“COTS consists of complex stacks where a weakness at any level can endanger the entire system,” said Brumley, a faculty adviser for CMU’s award-winning “Capture the Flag” team. “Capture the Flag” is a computer security game in which each team competes to find a key source of information by solving challenging problems.

The COTS technology challenge is important to the Defense Department because it buys and uses commercial technologies for everything from information technologies to retrofitting the F-15E Fighter with new digital video recording equipment.

CMU researchers report that plugging such devices into the network can significantly harm overall security.

“For example, vendors or potentially malicious employees can remotely log in with the default backdoor passwords and hackers can break in via vulnerabilities,” Brumley said. “We are working to identify the attack surface of the system, and we propose that achieving these goals requires a holistic systems approach.”

CyLab is the largest university-based research and education center in the world for computer and network security, information security and software assurance. CyLab is located in the university’s College of Engineering with campuses in Silicon Valley and Pittsburgh. CMU CyLab establishes public-private partnerships for the research and development of technologies for sustainable, resilient and trustworthy computing and communication systems.