Cyber and Information Security Research

Career Opportunities

Internship Programs

ORNL has lots of opportunities for students to conduct research in scientific fields. Check out our Fellowship and Internship programs.

Cyber Institute Fellowships Internships

About CISR

Missions and Goals

Cyberspace is defined as "a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures" and Information Intelligence is defined as "knowledge resulting from discovery, collection, processing, integration, analysis, evaluation, interpretation, and/or understanding of available information." Cyberspace is the dynamic globally interconnected information infrastructure critical and essential to our nationís security, economy, and the interaction of modern society.

The Cyber and Information Security Research (CISR) Group conduct cutting-edge research in cyber warfare, situational understanding, visual analytics, and information dominance to defend the nationís critical infrastructures against attacks from known and future adversaries, understand the threat to provide real-time actionable intelligence from diverse data, secure the supply chain and critical infrastructure, and continuing operational capabilities, and defeat known and future adversaries.

Our objective is rapid research, development and delivery of innovative end-to-end integrated solutions to hard and challenging cyber and information security problems.

Research Areas

Defending the Network

  • Beholder: Exploiting Timing Information to Detect Remote Intrusion and Zero-Day Attacks
  • Choreographer: Modifies DNS mappings to detect malicious content and connections, and to break the intruder kill chain
  • Concordia: Executable fragment forensics, clustering of software executable, similarity measures for malware, correlation and fusion of cyber information
  • SCREAM: Scalable Real-time Enterprise Asset Mapping/Monitoring
  • SFP: Secure File Protection
  • STASH: Ultra secure two-factor authentication using Quantum Technology
  • SAPPY: End-to-End Unbreakable Encryption over traditional channels based on Quantum Technology
  • USB-ARM: Automated Prevention of inadvertent and malicious injection of virus and malware

Understanding the Threat

  • AVUD: Automated Vulnerability Detection for Compiled Smart Grid Software
  • NV (Nessus Vulnerability Visualization): Web-based visualization tool for analyzing system vulnerabilities
  • Pico: National Malware Repository for automated security analysis and exploitation
  • SiTU (Situational Understanding and Discovery of Cyber Attacks): Timely discovery and understanding of novel and sophisticated cyber attacks from vast quantities of cyber data
  • STUCCO (Situation and Threat Understanding by Correlating Contextual Observations): Leveraging endogenous and exogenous data sources to provide context to cyber security events

Securing the Supply Chain and Critical Infrastructure

  • Hyperion: Automated sleeper code detection, vulnerability detection for defense or offense, zero-day malware detection and mitigation
  • Miru: Non-destructive automated hardware functionality analysis for Supply Chain Security. Detection of malicious or "sleeper" circuitry in microelectronic components; and vulnerabilities in microelectronics
  • Perseus: Detecting counterfeit hardware
  • PLAC (PLC Logic Audit Control): Auditing System to verify contents of PLC are Free of Tampering
  • Thor: Software tamper resistance ( rights management), hardware tamper resistance, key management, number generation

Defeat the Adversaries

  • Marco Polo: Real-time geophysical location of internet users for prosecution of online criminals; and pin-point potential adversaries
  • SCREAM Plus: Monitors potential adversary networks; locate vulnerabilities.


CISR Events

In the News

About ORNL