Summary
"In parallel with the ongoing digitization, computer security has become an increasingly important and urgent challenge. In particular, the sound and robust implementation of complex software systems is still not well understood in practice, as evidenced by the steady stream of successful attacks observed in the wild. The current state of the art in software security consists of solutions that are often technically sound, but do not provide operational security in practice.
With the Resilient and Sustainable Software Security (RS³) project, we propose a compelling research agenda to fundamentally change this situation by developing novel countermeasures at different system levels that fundamentally improve security. On the one hand, the system must be ""resilient"" against entire classes of attack vectors. On the other hand, the system must be ""sustainable"", i.e., it must be able to maintain its security at least over its design lifetime and possibly even adapt over time. Our work plan addresses the problem from four different angles by
(i) developing novel software testing strategies that enable accurate and efficient vulnerability discovery,
(ii) designing secure compiler chains that embed security properties during the compilation phase that can be enforced at runtime,
(iii) devising robust mechanisms that mitigate and patch advanced attacks, and
(iv) investigating how hardware changes for open-source hardware (e.g., RISC-V processors) can improve the efficiency and accuracy of all of these goals.
We expect to develop innovative methods and fundamental principles to build, test, and patch complex systems securely and efficiently. This holistic approach covers multiple layers of the computing stack, and each aspect has the potential to improve security significantly. The main success criterion will be our ability to perform a security analysis of a complex system an order of magnitude more effectively and efficiently than with current state-of-the-art methods."
With the Resilient and Sustainable Software Security (RS³) project, we propose a compelling research agenda to fundamentally change this situation by developing novel countermeasures at different system levels that fundamentally improve security. On the one hand, the system must be ""resilient"" against entire classes of attack vectors. On the other hand, the system must be ""sustainable"", i.e., it must be able to maintain its security at least over its design lifetime and possibly even adapt over time. Our work plan addresses the problem from four different angles by
(i) developing novel software testing strategies that enable accurate and efficient vulnerability discovery,
(ii) designing secure compiler chains that embed security properties during the compilation phase that can be enforced at runtime,
(iii) devising robust mechanisms that mitigate and patch advanced attacks, and
(iv) investigating how hardware changes for open-source hardware (e.g., RISC-V processors) can improve the efficiency and accuracy of all of these goals.
We expect to develop innovative methods and fundamental principles to build, test, and patch complex systems securely and efficiently. This holistic approach covers multiple layers of the computing stack, and each aspect has the potential to improve security significantly. The main success criterion will be our ability to perform a security analysis of a complex system an order of magnitude more effectively and efficiently than with current state-of-the-art methods."
Unfold all
/
Fold all
More information & hyperlinks
| Web resources: | https://cordis.europa.eu/project/id/101045669 |
| Start date: | 01-01-2023 |
| End date: | 31-12-2027 |
| Total budget - Public funding: | 1 998 851,00 Euro - 1 998 851,00 Euro |
Cordis data
Original description
"In parallel with the ongoing digitization, computer security has become an increasingly important and urgent challenge. In particular, the sound and robust implementation of complex software systems is still not well understood in practice, as evidenced by the steady stream of successful attacks observed in the wild. The current state of the art in software security consists of solutions that are often technically sound, but do not provide operational security in practice.With the Resilient and Sustainable Software Security (RS³) project, we propose a compelling research agenda to fundamentally change this situation by developing novel countermeasures at different system levels that fundamentally improve security. On the one hand, the system must be ""resilient"" against entire classes of attack vectors. On the other hand, the system must be ""sustainable"", i.e., it must be able to maintain its security at least over its design lifetime and possibly even adapt over time. Our work plan addresses the problem from four different angles by
(i) developing novel software testing strategies that enable accurate and efficient vulnerability discovery,
(ii) designing secure compiler chains that embed security properties during the compilation phase that can be enforced at runtime,
(iii) devising robust mechanisms that mitigate and patch advanced attacks, and
(iv) investigating how hardware changes for open-source hardware (e.g., RISC-V processors) can improve the efficiency and accuracy of all of these goals.
We expect to develop innovative methods and fundamental principles to build, test, and patch complex systems securely and efficiently. This holistic approach covers multiple layers of the computing stack, and each aspect has the potential to improve security significantly. The main success criterion will be our ability to perform a security analysis of a complex system an order of magnitude more effectively and efficiently than with current state-of-the-art methods."
Status
SIGNEDCall topic
ERC-2021-COGUpdate Date
09-02-2023
Images
No images available.
Geographical location(s)
Search
