Cybersecurity is more important than ever in an increasingly digitalized society. Andrei Sabelfeld never has a boring moment at work. As a cybersecurity researcher, he operates in a constantly evolving field.
The work of the Areas of Advance is interdepartmental and for the Information and Communication Technology Area of Advance (ICT), this can mean supporting research on ICT tools. But what does it mean? We met Andrei Sabelfeld, Professor of Computer Science at the Department of Computer Science Engineering, to learn about his work and how it connects with the Information and Communication Technology area.
Hello Andrei! What are you working on?
I’m working on cutting-edge research projects that tackle various aspects of software security, crucial in today’s interconnected digital world.
These projects vary in size and cover different aspects of software security. We focus on software because of its important role in digital systems in today's interconnected world.
One of the projects is WebSec, funded by the Swedish Foundation for Strategic Research (SSF) and focuses on securing JavaScript. JavaScript is the most popular programming language and has an important role in powering the web. To secure the web, we need to secure JavaScript. This is a large-scale project in collaboration with Uppsala University.
Another major project is a WASP NEST project called CyberSecIT, which we coordinate. It is one of WASP’s flagship initiatives and targets the security of Internet of Things (IoT) systems. The purpose is to develop robust platforms that ensure privacy and security, preventing single points of failure and unauthorized access.
I also work with Facebook on securing browser extensions and securing privacy, and in another project with Amazon, we explore formal methods for security. The newest projects are with OpenAI and Google. We leverage machine learning techniques for web crawling and web application scanning, where we can utilize the power of AI to find vulnerabilities.
How is your work linked to ICT?
My work connects with ICT in many ways. Cybersecurity is a unique field as it is inherently interdisciplinary. Indeed, threat actors seek to attack the weakest links in systems. It is thus utterly important to understand all aspects of ICT systems and their breadth, to be able to understand the threats and design effective end-to-end protection.
Why is your work important?
In today’s digital age, cybersecurity is crucial for fundamental reasons. With the increasing digitalization, the world is interconnected and so much more is at stake. Society relies heavily on digital infrastructures for governmental and commercial services, all of which are increasingly targeted by cyber threats.
At the same time, attacking has become easier, as interconnectivity allows attackers to strike from anywhere in the world. The current geopolitical situation further motivates the need for robust cybersecurity.
The situation is quite different from, say 20 years ago. Then, when we pointed out the importance of security to companies, they could not always prioritize this. Now, it's the other way around. The industry realizes that cybersecurity is important, and companies come to us instead. Both for research and for education.
In addition to research, I am also actively involved in teaching. In this role I develop courses in a package of courses that form the security specialization for Master’s students. This initiative aims to equip the next generation of developers and security experts with the skills needed to build secure systems from the ground up.
The combination of AI and security is becoming increasingly interesting.
What do you find most exciting?
I find cybersecurity both exciting and challenging because, while it is constantly evolving, our research enables us to develop robust solutions that tackle broad classes of attacks. The job is never really done. There are always new ways to attack, and we must stay ahead with defenses!
What challenges do you see?
The growing field of AI is both the main challenge and at the same time the main solution. Attackers can use AI for attacks while we in security research can use AI to develop protection. The combination of AI and security is becoming increasingly interesting. It is important to both ensure the security of AI and to utilise its potential to protect digital systems.
It is important to both ensure the security of AI and to utilise its potential to protect digital systems.
The ICT Area of Advance is an excellent forum because it helps building bridges among different research groups and research areas. I am thinking of the cyber security seminar last year and this years’ workshops. Initiatives like last year’s ICT cybersecurity seminar and this year’s ICT cybersecurity workshops create valuable opportunities for researchers to connect and collaborate across fields.
Finally, what do you do when you are not working?
Music means a lot to me, not just in listening but also in creating my own. I play a few instruments, and I enjoy making electronic music, using digital technology, mixing, programming and sampling. It is a fun and energizing hobby to have alongside being a researcher.
