Summary
Computer systems have become critical to modern society, but they are pervasively subject to security flaws and attacks, with large-scale exposures of confidential data, denial-of-service and ransom attacks, and the threat of nation-state attackers: they are trusted, but are far from trustworthy. This is especially important for the systems software enforces what protection, eg the hypervisors that use the underlying hardware to isolate components from each other.
ERC AdG ELVER has developed mathematical models of the *systems features* of the underlying hardware: working with Arm to characterise virtual memory, instruction/data cache maintenance, and exceptions. This opens up a new possibility: using those not just for correctness proof (which remains challenging), but also for *lightweight methods to improve the assurance of critical systems software*, by checking that such software obeys the subtle disciplines required by the hardware. Targets include the pKVM hypervisor being developed by Google to protect sensitive data on all Android phones, and similar hypervisors for the Cloud. Building on experience with a prototype checker, which has already found subtle bugs, ELVER-CHECK will prototype, assess, and demonstrate how to use executable checkers based on our mathematical models of systems architecture to improve conventional development of critical systems software, to increase assurance that it provides the intended security, at lower cost than full verification.
ELVER-CHECK thus addresses an important aspect of the societal problem of the pervasive insecurity of our critical software infrastructure.
This is a new opportunity: conventional software testing, analysis, and verification methods assume that memory is a simple mapping from locations to values, but they are oblivious to the subtle ways in that is simply not true for systems software, and to the disciplines that it must follow to actually enforce the intended security properties.
ERC AdG ELVER has developed mathematical models of the *systems features* of the underlying hardware: working with Arm to characterise virtual memory, instruction/data cache maintenance, and exceptions. This opens up a new possibility: using those not just for correctness proof (which remains challenging), but also for *lightweight methods to improve the assurance of critical systems software*, by checking that such software obeys the subtle disciplines required by the hardware. Targets include the pKVM hypervisor being developed by Google to protect sensitive data on all Android phones, and similar hypervisors for the Cloud. Building on experience with a prototype checker, which has already found subtle bugs, ELVER-CHECK will prototype, assess, and demonstrate how to use executable checkers based on our mathematical models of systems architecture to improve conventional development of critical systems software, to increase assurance that it provides the intended security, at lower cost than full verification.
ELVER-CHECK thus addresses an important aspect of the societal problem of the pervasive insecurity of our critical software infrastructure.
This is a new opportunity: conventional software testing, analysis, and verification methods assume that memory is a simple mapping from locations to values, but they are oblivious to the subtle ways in that is simply not true for systems software, and to the disciplines that it must follow to actually enforce the intended security properties.
Unfold all
/
Fold all
More information & hyperlinks
| Web resources: | https://cordis.europa.eu/project/id/101189371 |
| Start date: | 01-10-2024 |
| End date: | 31-03-2026 |
| Total budget - Public funding: | - 150 000,00 Euro |
Cordis data
Original description
Computer systems have become critical to modern society, but they are pervasively subject to security flaws and attacks, with large-scale exposures of confidential data, denial-of-service and ransom attacks, and the threat of nation-state attackers: they are trusted, but are far from trustworthy. This is especially important for the systems software enforces what protection, eg the hypervisors that use the underlying hardware to isolate components from each other.ERC AdG ELVER has developed mathematical models of the *systems features* of the underlying hardware: working with Arm to characterise virtual memory, instruction/data cache maintenance, and exceptions. This opens up a new possibility: using those not just for correctness proof (which remains challenging), but also for *lightweight methods to improve the assurance of critical systems software*, by checking that such software obeys the subtle disciplines required by the hardware. Targets include the pKVM hypervisor being developed by Google to protect sensitive data on all Android phones, and similar hypervisors for the Cloud. Building on experience with a prototype checker, which has already found subtle bugs, ELVER-CHECK will prototype, assess, and demonstrate how to use executable checkers based on our mathematical models of systems architecture to improve conventional development of critical systems software, to increase assurance that it provides the intended security, at lower cost than full verification.
ELVER-CHECK thus addresses an important aspect of the societal problem of the pervasive insecurity of our critical software infrastructure.
This is a new opportunity: conventional software testing, analysis, and verification methods assume that memory is a simple mapping from locations to values, but they are oblivious to the subtle ways in that is simply not true for systems software, and to the disciplines that it must follow to actually enforce the intended security properties.
Status
SIGNEDCall topic
ERC-2024-POCUpdate Date
20-11-2024
Images
No images available.
Geographical location(s)
