CyLab is one of the largest university-based cybersecurity education and research centers in the U.S. Our goal is to build mutually-beneficial public-private partnerships to develop new technologies for measurable, available, secure, trustworthy, and sustainable computing and communications systems and to educate individuals at all levels.

Technology transfer to and from the public sector

CyLab's joint projects with government agencies include:

  • Fluid Software Assurance Tool is an experimentally-applied software assurance tool for large-scale (200KLOC+) deployed production Java software. Working with the Jet Propulsion Laboratory, the project identified several dozen race conditions errors, and repaired them without introducing any new faults or errors.
  • A collaboration with the Idaho National Laboratory, a new attack surface measurement method for critical software systems was developed to project INL's critical systems.
  • MERIT (Management and Education on the Risk of Insider Threats) delivers methods and tools that help managers to understand the potential near-term and long-term insider threat risk to their organization, quantitatively analyze tradeoffs associated with alternative approaches to mitigate this risk, and communicate risks and mitigations with others in their organization. The tools were developed in collaboration with the DoD Personnel Security Research Center and DoD CounterIntelligence Field Agency (CIFA)
  • PASIS (Perpetually Available and Secure Information Systems) is a general survivable storage system that enables experimentation with different mechanisms for data encoding and distribution. Working with AFRL Jont Battlespace Infosphere (JBI) researchers, PASIS was evaluated and chosen to replace existing JBI software.

Technology transfer to and from the private sector

CyLab's joint projects with private sector companies include:

  • Selective Obfuscation of Enterprise Data
  • VANETS (Vehicular Ad Hoc Networks)

Some of CyLab's spin-off companies include:

  • ForAllSecure's mission is to make the world's software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software. Led by CyLab's David Brumley as CEO, the company won the grand prize at DARPA's Cyber Grand Challenge in 2016, a hacking competition between computers and computers alone -- the first ever of its kind.
  • Wombat Security Technologies was founded by CyLab's Lorrie Cranor, Jason Hong, and Norman Sadeh, after leading the largest national research project on combating phishing attacks. Their goal was to address the human element in cyber security and develop novel, more effective anti-phishing filtering solutions, which yielded a uniquely effective suite of cyber security software training and filtering technologies. These technologies provided the foundation for Wombat Security Technologies’ line of products. Today Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their Security Education Platform includes integrated knowledge assessments, a library of simulated attacks, and interactive training modules, which have been proven to reduce successful phishing attacks and malware infections by up to 90%.
  • Yinzcam's mobile sports apps are in the hands of thousands of sports fans in the country, allowing them to stay in touch with the favorite teams 24x7x365, by providing fans with real-time stats, multimedia, streaming radio, social-media and much more. The company's mobile-video technology is also being deployed within sports venues throughout the country to allow fans to watch instant replays, live cameras (including the NFL RedZone channel) on their smartphones, tablets or touchscreen computers.
  • reCAPTCHA channels this human effort into helping to digitize books and newspapers. Over 200 million CAPTCHAs are solved every day by people around the world. When you solve a reCAPTCHA, you help preserve literature by deciphering a word that was not readable by computers.
  • SureLogic supplies tools for software engineers developing complex and critical applications; provides advanced bug-finding, analysis and verification; empowers development teams to deliver reliable and powerful applications.
  • Greenbank Systems provides licensed Grey smartphone technology which allows users to securely exercise and/or delegate authority for accessing physical and virtual spaces. BiometriCore Inc. The company produces commercial face and iris recognition technology and provides face and iris software development kits. The technology is used by U.S. government for surveillance in airports and critical infrastructure locations.

Information assurance professionals

Our goal is to build a national supply of experts in Information Assurance. We offer both PhD and MS programs with over 150 PhD students to date.

Through a grant from the National Science Foundation, Carnegie Mellon created the Information Assurance Capacity Building Program (IACBP), under which it partnered with minority-serving institutions (MSIs) across the country to help develop or increase their capacity to conduct research and education in information assurance. Each selected institution sent several faculty members to Carnegie Mellon for an intensive summer program where they worked to develop new courses, certification programs, laboratory plans and publications. 92 faculty members, including 2 department heads, from 43 MSIs participated in the IACBP from 2002 to 2011. Relationships between CyLab faculty and the IACBP participants continue beyond their attendance of the summer program and develop into ongoing collaborations between faculty and their institutions.

CyLab administers scholarships for information security students in federal programs, notably, the Federal Cyber Corps Scholarship for Service Program (SFS). The SFS provides a full-tuition scholarship and stipend to a few highly qualified applicants each year pursuing graduate degrees in information security at the Information Networking Institute and the Heinz College. Since the program's inception, Carnegie Mellon has graduated 199 SFS scholars who have gone on to full-time positions in the nation's cybersecurity workforce. The Department of Defense (DoD)'s Information Assurance Scholarship Program (IASP) also offers full-tuition funding in exchange for a commitment to federal employment after graduation. To date, five IASP students have graduated from Carnegie Mellon and go on to serve the DoD and two more are currently pursuing the IASP.

National awareness programs and tools

Carnegie Mellon conducts education, outreach and training with the goal to raise cyberawareness among Internet users of all ages.

Recognizing the need to fill the talent gap in the currently struggling cybersecurity workforce, CyLab has created a free, online competition aimed at introducing young minds to the problem-solving skills of cybersecurity. The annual competition, named picoCTF, was first launched in 2013 and has since been played by over 50,000 students from all over the world. During the competition, which typically lasts between one and two weeks, student participants hack, decrypt, reverse-engineer and do anything necessary to solve computer security challenges created by CyLab’s competitive hacking team, the Plaid Parliament of Pwning.

The INI and CyLab developed the MySecureCyberspace initiative in 2005, through a grant from the National Science Foundation, and developed three educational tools to teach users safe, responsible, sound and reliable practices for the computer and Internet at home: an educational website for the general public, an interactive game for upper elementary school children, and a companion website for the game.

The MySecureCyberspace initiative reached over one million visitors, and Carnegie Cadets served hundreds of registered users in homes and schools around the globe. Recognition for these projects included finalist status for the 2009 Japan Prize, the Silver Award of Distinction in the 2009 Communicator Awards in two interactive categories, and the 2006-2007 Award of Merit for online communication award from the Society for Technical Communication, Pittsburgh Chapter.

In 2010, the INI and CyLab received a grant from the Verizon Foundation to conduct local community workshops based on the MySecureCyberspace web resources. Through this grant, the project team delivered workshops in the Pittsburgh community to local schools, where students, parents, teachers, and school administrators were provided with the knowledge and tools they needed to practice safe, secure and responsible computing.

Michael Lisanti headshot

Source: CyLab

Michael Lisanti

Join us!

We hope you're as excited as we are to work towards our vision to create a world in which technology can be trusted. To learn more about partnering with us, please reach out to Michael Lisanti, Associate Director of Partner Development, at mlisanti@andrew.cmu.edu or +1 412 268 1870.