Prof. Kruegel and Prof. Vigna's Group

Project Description

In today's interconnected world, security vulnerabilities present a continuous threat to individuals and organizations alike. We propose an engaging undergraduate education project focused on advancing cybersecurity through the innovative CVEX (Common Vulnerabilities and Exposures with Exploits) system. The CVEX project aims to address a pivotal deficiency in the existing CVE (Common Vulnerabilities and Exposures) framework by extending it to include reproducible exploits. While CVE entries provide essential information about vulnerabilities, reproducing exploits remains a resource-intensive and complex task for security professionals. CVEX offers an opportunity to revolutionize this process by enhancing CVE entries with practical, reproducible exploits, facilitating a more effective understanding and mitigation of vulnerabilities. The core objective of the CVEX project is to create a standardized approach for enriching CVE entries with reproducible exploits. This cutting-edge system will leverage containerization and virtualization technologies to recreate the requisite environments for replicating vulnerability exploitation while capturing vital traces of the exploitation, such as network traffic data. By doing so, we seek to significantly reduce the time and effort required to comprehend and address security vulnerabilities. This project provides a unique educational experience for undergraduate students, allowing them to immerse themselves in the intricacies of cybersecurity, containerization, and virtualization technologies. Participants will gain hands-on experience in developing practical solutions to real-world security challenges, preparing them for future careers in cybersecurity and related fields.

Through participation in the CVEX project, students will acquire a diverse skill set. They will gain a foundational understanding of cybersecurity principles and develop the ability to work with and interpret CVE entries. Additionally, students will hone practical skills in creating reproducible exploits and become proficient in containerization, enabling them to develop and deploy self-contained applications. Furthermore, students will develop skills in security research, ethical hacking techniques, and problem-solving, while also enhancing their communication skills for effectively conveying technical concepts. Teamwork and effective task management will round out their experience, preparing them for future careers in cybersecurity and related fields.

Prerequisite Information

None

Knowledge/Skills to Acquire (with guidance from mentors)

Security Research, containerization, Network analysis, scripting

Team Members

• Rachel Jiang
• Grace Feng
• Yarwin Liu
• Nikhil Kapasi

Professor and Mentors

• Prof. Christopher Kruegel and Prof. Giovanni Vigna
• Grad mentor: Noah Spahn (research staff)

Meeting Times

• Mentor Meetings
  • Fridays, 10 a.m. - 12 p.m.
• ERSP Team Meetings
  • Saturdays, 11 a.m. - 1 p.m.

Research Logs

• Grace's logs
• Nikhil's logs
• Rachel's logs
• Yarwin's logs