As part of a Facebook-funded effort, a team of US researchers has developed a new cyber security tool that discovered 11 previously unknown internet browser security flaws.
The 11 vulnerabilities identified by the researchers from Georgia Institute of Technology's college of computing have been confirmed and fixed by the internet service providers.
The team included PhD students Byoungyoung Lee and Chengyu Song, along with Professors Taesoo Kim and Wenke Lee which received $100,000 from Facebook to continue their research and increase its impact to make the internet safer.
The research explored vulnerabilities in C++ programmes (such as Chrome and Firefox) that result from "bad casting" or "type confusion".
Bad casting enables an attacker to corrupt the memory in a browser so that it follows a malicious logic instead of proper instructions.
The researchers developed a new, proprietary detection tool called CAVER -- a run-time detection tool -- to catch them.
The team has been honoured with the "Internet Defense Prize", an award presented by Facebook in partnership with USENIX at the 24th "USENIX Security Symposium" this week.
"It is time for the internet community to start addressing the more difficult, deeper security problems," said Lee, professor and an adviser to the team in a statement.
"Our work studied the much harder and deeper bugs -- in particular 'use-after-free' and 'bad casting' -- and our tools discovered serious security bugs in widely used software. We are grateful to Facebook for this recognition," he added.
Facebook's "Internet Defense Prize" award recognises superior-quality research that combines a working prototype with significant contributions to the security of the internet -- particularly in the areas of protection and defence.
The award is meant to recognise the direction of the research and to inspire researchers to focus on high-impact areas.
"Designing defensive security technology has never been more important, and that's why we are once again offering the 'Internet Defense Prize' to stimulate high-quality research in this area," said Ioannis Papagiannis, security engineering manager at Facebook.
"We look forward to see what the Georgia Tech team does next to create broader impact and improve security on the internet," he noted.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app