Preventing Hacks at CERNA chat with Andrés Gómez
By Julian Arango | May 13, 2019
Have you heard about God’s particle?
In 2012, the Large Hadron Collider (
LHC) found the Higgs Boson;
a particle predicted to exist in the 1960s
thanks to the work of Peter Higgs and other physicists.
LHC consists of a 27-kilometer ring
of superconducting magnets with several accelerating structures
to boost the energy of particles along the way.
According to Forbes, finding the Higgs Boson
had cost around
Now you have a sense of what we will discussing in this post.
A good friend of ours
Fluid Attacks security engineer,
has been working in that huge scientific project.
Andrés is a final
in Computer Science at the Goethe University in Germany.
His work has focused on securing the computer grid
that allows many physicists around the world
to analyze data on subatomic particle collisions at the
He has a fantastic record in cybersecurity.
Before starting his doctoral studies,
he found several serious weaknesses in commercial software.
One of his most striking findings was the CVE-2013 3174 (MS13-56),
which refers to a Remote Execution Vulnerability
affecting Microsoft Windows Systems.
You can read more about Andrés in his academic profile,blog or Twitter account.
- What is your doctoral thesis about?
“It is about creating a security monitoring system for the
ALICEis one of the major
LHCexperiments. The grid is made up of computer centers interconnected around the world that allow scientists to run applications for analyzing data obtained from particle collisions inside
ALICE. My project is composed of a software framework that isolates applications scientists use in a sandbox. Then, it collects information about the behavior those applications, classifying them as normal or malicious using Machine Learning (
ML). And finally, it allows performing actions upon detection of malicious behavior, such as sending alerts or stopping their execution.”
Researching protecting such a tremendous scientific “device”
is undoubtedly a huge challenge.
Andrés has been featured in the prestigious magazine
He told us that the
CERN, owner of the
is a constant target for cyber attacks
and that this is not surprising:
CERN systems are exposed to the Internet.
We wanted to know more about
ML in his work…
- Tell us a bit about how ML contributes to the framework you developed
“I used two
MLmodels. The first performs a classification of applications into malicious and non-malicious. The other generates synthetic attacks to improve the training of the first.
I used thousands of examples of typical applications as well as
Linuxmalware for training and testing both models. My framework managed to identify malicious software with an accuracy of
99%and less than
0.06%of false positives.”
We see a link to what we shared days ago on antifragility
and this cutting-edge work.
By constant training and exposure to stressors,
the framework makes itself better and better (just like lifting weights).
According to Cybersecurity Ventures,
by 2021 it is estimated that cybersecurity damages
will add up to
USD 6 trillion in the world,
3 trillion more than in 2015.
capable of detecting security weaknesses and responding
are seen as an answer for the rampant threats nowadays.
If you want to dig deeper into Andrés' work,
here is a link of a recent paper.
Now, we turn to more general security-related issues with him.
- In your opinion, what trends in cybersecurity
- we should pay more attention to?
“I think of three relevant topics:
One is the use of Artificial Intelligence (
AI) for both attack detection as well as for vulnerability detection. I focused on the former in my doctoral research. + +
Another is the implementation of cryptographic techniques to increase reliance in execution environments, so user privacy is improved. For example, by using something called homomorphic encryption, an end-user could cipher his/her sensitive information before sharing it with a third-party (i.e., a company). The third-party can then perform operations over the encrypted data and finally, the user deciphers the results. No one (especially potential attackers) has access to plain, actionable data. Homomorphic encryption is used, for instance, in blockchain-based applications. + +
The last trend is the emergence of computer systems designed from formal mathematical models which, in theory, are vulnerability-proof.”
An example of that vulnerability-proof software can be found here.
As a company focused on proving security in an offensive way,
AI is definitely a focus of research for us.
Although we haven’t yet got dirty developing
is something very likely to happen soon.
- What threats are worth "having on the radar"?
“In general, with the rise of
AI, I believe we will start to see more attacks that learn automatically from the environment where they are carried out. Attacks on "Internet of Things" (
IoT) devices have also wreaked havoc in recent months. Finally, the leakage of sensitive user data is becoming more problematic as time passes on.”
IoT weaknesses and leakage of sensitive information
are well under our scope.
We provide Continuous hacking,
as well as One-shot hacking.
If you have
IoT devices deployed on your premises,
we can help you identifying attacks vectors,
as well as providing ways to increase their security.
We can help you to protect better your sensitive information.
Our services rely on highly-skilled security analysts as well as on technology designed to deliver real value to your company. But, we go further. Get in touch so we can discuss how we can help you.
We continue our conversation with Andrés.
- What do you think is a persistent problem within organizations?
“I would say there are still many companies receiving well-intended warnings from third parties concerning security holes in their systems. But, instead of taking a good skill in fixing the problems and thanking the contributions, what they do is threaten or sue the guy pointing to the risk.”
This is a sensitive topic and a critique. We know that some companies foster this kind of actions in what is called Big Bounty programs, with clear rules and rewards. These companies, presumably, have reached an understanding of the costs of a cybersecurity breach, so these programs are a win-win. Is it a matter of rules? Is it a matter of incentives? It is a topic worth discussing in more depth in the future.
We want to conclude this post with two quick questions to Andrés:
- Where should companies focus their learning efforts
- to improve their risk management?
“Organizations should adopt a data-driven strategy and invest in automation. They should also invest in research to stay relevant in a continuously changing field.”
- Do you expect any further development based on your doctoral thesis?
“I am exploring to go further with the framework. The idea is to push what has been developed so far in a research stage into a commercial product that can be put to work in different organizations.”
We hope you liked this post in which we shared some experiences and opinions with Andrés. We would love to hear from you on these topics. Drops us a mail to [email protected] and engage with us!
Thank you, Andrés!