October 8, 2024
This is a research program submitted to the call for CSIC R&D Groups 2022 edition. This research program was selected and awarded funding for the period 2023-2027.
General objective of the program The main objective of this research program can be divided into three complementary lines of research:
- The conception and development of automated mechanisms for the identification, analysis and prevention of cyber attacks on web applications and computer systems based on machine and deep learning techniques, model-guided security and process mining.
- Development of methodologies and tools that allow the creation of a Cyber Range that is an advanced platform for training, experimentation and research around the multiple aspects of cybersecurity.
- Develop, adapt and specialize methods, techniques and tools for the verification of smart contracts, protocols and computing platforms based on cryptocurrencies. Develop and analyze a system, using blockchain, that provides services to manage, store and validate digital academic certificates, which respects national regulations on the handling of personal data. To train human resources that master the technologies associated with blockchain and cryptocurrencies.
Specific Objectives This research program has the following specific objectives:
- O1) Definition of models and application of machine learning techniques for the detection of attacks on web applications.
- O2) Development of model-guided security techniques and process mining for the automated classification and prevention of attacks.
- O3) Implementation of a prototype of an attack decision module based on blocking rules and deep learning models.
- O4) Design and implementation of a virtualization platform and the associated tools necessary to provide computational support for the execution of cyber range scenarios.
- O5) Development of methodologies and tools that assist in the design, definition, deployment and maintenance of scenarios in the cyber range.
- O6) Develop a formal specification of the Ethereum Virtual Machine (EVM) and apply formal and semi-formal verification techniques to the EVM, to the verification of the EVM and to an important set of smart contracts.
- O7) Conduct an empirical analysis of the techniques mentioned in O6) to determine which of them produce better results when applied in the context of the Ethereum platform.
- O8) Complete the set of verification tools and techniques in at least one aspect of those mentioned above in order to begin the path of adaptation and specialization of formal software verification techniques to the context of the Ethereum platform.
- O9) Complete the specification of the idealized model introduced in [51,52] and the formal analysis of its properties (particularly security), using tools such as EasyCript and Coq. Obtain a certified prototype of the model (using in particular the Coq wizard) that can be used to analyze MimbleWimble implementations.
- O10) Develop and analyze a system, using blockchain, that provides services to manage, store and validate digital academic certificates, which respects regulations on the handling of personal data.