Cyber Security Initiative (CSI)

There is a rapid growth in the number of Internet users in Saudi Arabia with current penetration at 14.7-million. Similarly, the country is undergoing an industrial growth in multiple sectors with many services going online. This includes critical sectors such as Government, Banking, Commerce and Education. Due to the high connectivity growth, the country is receiving an increasing number of cyber attacks. Recent reports show that Saudi Arabia is considered the most spammed country in the world for three years in a row with a 83.3% spam rate. Additionally, it was ranked 12th most attacked country receiving 1.81% of the world’s known attacks. Furthermore, it is ranked 18 out of 19 in the Cyber Power Index, an index which aims at measuring the ability of the G20 countries to withstand cyber attacks and to deploy the digital infrastructure needed for a productive economy.

The Cyber Security Initiative (CSI) project aims to understand the current threat and deliver more collaborative results for society to foster more effective technological capacity building for the Kingdom of Saudi Arabia. Within CSI, two main research tracks have emerged. The first is concerned with modeling and visualizing the impact of cyber-attacks on IT infrastructure, and the second focuses on developing a data privacy preserving framework with the goal of influencing the future of data privacy.

The main goal of the “Security Modeling and Visualization” track is to design and develop a scalable simulator using a multi-layered approach, providing a granularity down to the individual server component and client actions. In addition, it aims to design and develop a security visualization framework, i.e. cyber storm map, for monitoring the health of distributed data centers. Furthermore, the project attempts to quantify the relationships between specific events, services and devices that interact with each other. Finally, the project will evaluate and validate the proposed simulation and visualization tool and analyze the effectiveness of the proposed solution under various cyber-attack scenarios.

The second track of the project will attempt to develop and test the architecture for the trusted use of personal data that is consistent with new "best practice" standards concerning personal data which require that individuals retain the legal rights of possession, use, and disposal for data that is about them. To accomplish this, the project aims at adopting and further developing the openPDS -- an open-source Personal Data Store architecture, which is a privacy-protecting data mechanism enabling the user to collect, store, and give access to their data. Via an innovative framework for third-party applications to be installed, the system ensures that most processing of sensitive personal data takes place within the user’s PDS, as opposed to a third-party server. The framework allows for PDSs to engage in privacy-preserving group computation, which can be used as a replacement for centralized aggregation.