We are living in a time of a paradigm shift towards cyber security attacks on targets such as critical infrastructure, governments and sensitive data. It is more important than ever to remember that cyber security is not only about technology but about a holistic process that includes business decisions, human beings, technologies and adversaries. From a high-level perspective, securing an organization involves four distinct paradigms:
- Prevention: Protect as much as possible your environment at the perimeter as well as inside your network (firewall, access control, encryption, etc.)
- Resilience: Be able to detect when these protections have failed and have a fallback plan in place (intrusion detection, quarantine, backup, degraded modes of operation)
- Continuous Improvement: Have the capacity to continuously remove newly discovered vulnerabilities, no matter where in your network (compliance testing, patch management, etc.)
- Assessment: Be in a position to assess in real-time the security posture your environment is in with respect to a well-defined security policy (asset identification, policy definition, penetration testing, security assessment, etc.).
We have decided to focus on the areas of cyber security that are the most important to Qatar and on segments of cyber security where existing expertise in related technologies can be leveraged and readily applied.
These priorities include:
QCRI’s Cyber Security group's objective is to become a center of excellence in the application of real time data analytics for the detection of cyber attacks, forensics and remediation of a cyber event and to anticipate and ultimately defeat cyber attacks on Qatar’s cyber infrastructure. Our group has been a key contributor to the development plan of the National Cyber Security Research Lab (NCSRL) and has collaborations with local stakeholders including the Ministry of Interior (MoI), Ooredoo, MEEZA and Qatar Airways.
We also collaborate with other institutions including the University of Michigan, the University of Illinois at Urbana-Champaign, Texas A&M Qatar, HBKU and Qatar University.
Projects that illustrate the diversity of activities within the Cyber Security group include:
MADA: A system for identifying malicious domains using a real-life "guilt by association" principle. It detects malicious domains by analysing the movements and previous associations of a domain address. It can analyse 50 million domains in six minutes.
Cryptolytics: A platform that provides usage analytics for cryptography - the practice of securing data communication and storage against adversaries - for Android applications. It identifies how cryptography is misused, what kinds of data are encrypted and where data is generated, transferred and stored. The platform allows Android developers to automatically assess their apps before they are publicly-released, and identify vulnerabilities that could result in serious data breaches. The platform has been developed in collaboration with the University of British Columbia and has been used to evaluate more than 120,000 Android applications. It has already helped a major Qatari stakeholder to identify and solve multiple vulnerabilities in their Android app.
PRIDSA: PRIDSA is a suite of techniques to facilitate data collection and analysis of sensitive data from individuals with strong privacy protection. It significantly improves the state-of-the-art techniques developed by Google in terms of accuracy as well as the variety of supported data analysis tasks.
I’m excited to help build what is going to be one of the best cybersecurity research groups in the world.
QCRI offers a unique opportunity to conduct high-quality impactful research.
QCRI is a wonderful place to work in the Middle East as it both satisfies my career goals and my family needs.
In the Media
There are few things social media users love more than flooding their feeds with photos of food. Yet we seldom use these images for much more than a quick scroll on our cellphones. Researchers from ...
A signature catchphrase, a heavy push for jobs, his son-in-law’s digital operation and a blowhard, braggadocios style of speech ultimately handed President Donald Trump the White House on Election ...
Cyber security experts in Qatar and the region have advised caution and not to access any emails or other information from unknown sources, following the recent wave of cyber attacks across the world...
Children and teenagers will be given a rare chance to develop their computing skills with world-class computing scientists at the first summer computing camp to be conducted by the Qatar Computing ...
The Qatar Computing Research Institute’s new Creative Space, which conducts fun activities to teach children computing skills, has successfully held its first Open House event. About 100 children ...
The QCRI – MIT CSAIL Annual Research Project Review is open to the public on Monday, March 27, 2017, at the HBKU Research Complex Multipurpose Room. The annual meeting is a highlight of a ...