SubsidieMeestersResilient and Sustainable Software Security
The RS³ project aims to enhance software security by developing resilient and sustainable countermeasures through innovative testing, secure compilers, attack mitigation, and hardware improvements.
Projectdetails
Introduction
In parallel with the ongoing digitization, computer security has become an increasingly important and urgent challenge. In particular, the sound and robust implementation of complex software systems is still not well understood in practice, as evidenced by the steady stream of successful attacks observed in the wild. The current state of the art in software security consists of solutions that are often technically sound, but do not provide operational security in practice.
Project Overview
With the Resilient and Sustainable Software Security (RS³) project, we propose a compelling research agenda to fundamentally change this situation by developing novel countermeasures at different system levels that fundamentally improve security.
Key Objectives
On the one hand, the system must be "resilient" against entire classes of attack vectors. On the other hand, the system must be "sustainable", i.e., it must be able to maintain its security at least over its design lifetime and possibly even adapt over time.
Work Plan
Our work plan addresses the problem from four different angles by:
- Developing novel software testing strategies that enable accurate and efficient vulnerability discovery.
- Designing secure compiler chains that embed security properties during the compilation phase that can be enforced at runtime.
- Devising robust mechanisms that mitigate and patch advanced attacks.
- Investigating how hardware changes for open-source hardware (e.g., RISC-V processors) can improve the efficiency and accuracy of all of these goals.
Expected Outcomes
We expect to develop innovative methods and fundamental principles to build, test, and patch complex systems securely and efficiently. This holistic approach covers multiple layers of the computing stack, and each aspect has the potential to improve security significantly.
Success Criteria
The main success criterion will be our ability to perform a security analysis of a complex system an order of magnitude more effectively and efficiently than with current state-of-the-art methods.
Financiële details & Tijdlijn
Financiële details
| Subsidiebedrag | € 1.998.851 |
| Totale projectbegroting | € 1.998.851 |
Tijdlijn
| Startdatum | 1-1-2023 |
| Einddatum | 31-12-2027 |
| Subsidiejaar | 2023 |
Partners & Locaties
Projectpartners
- CISPA - HELMHOLTZ-ZENTRUM FUR INFORMATIONSSICHERHEIT GGMBHpenvoerder
Land(en)
Vergelijkbare projecten binnen European Research Council
| Project | Regeling | Bedrag | Jaar | Actie |
|---|---|---|---|---|
Hardware-assisted Adaptive Cross-Layer Security for Computing SystemsHYDRANOS aims to revolutionize computing security by designing adaptable hardware within SoCs for post-fabrication reconfiguration to combat emerging cross-layer attacks. | ERC Advanced... | € 2.485.281 | 2022 | Details |
Foundations for Sustainable SecurityThe FSSec project aims to enhance energy efficiency in IT systems by integrating cryptography-grade security into all layers, targeting a 20% efficiency increase while minimizing vulnerabilities. | ERC Starting... | € 1.498.489 | 2023 | Details |
SecuStack: Securing the Leaky Hardware/Software BoundarySecuStack aims to eliminate side-channel leaks by developing precise hardware-level leakage models to create provably secure systems, enhancing data protection against emerging attacks. | ERC Starting... | € 1.500.000 | 2024 | Details |
Realizing the benefits of safety-security co-analysis through effective tool supportRUBICON aims to develop a proof-of-concept software tool for integrated safety-security risk analysis in technology, enhancing decision-making through advanced algorithms and multi-objective optimization. | ERC Proof of... | € 150.000 | 2024 | Details |
Decentralized Cryptographic SystemsThis project aims to develop robust cryptographic systems that align theoretical models with real-world challenges, enhancing security and efficiency for decentralized infrastructures. | ERC Consolid... | € 1.998.351 | 2024 | Details |
Hardware-assisted Adaptive Cross-Layer Security for Computing Systems
HYDRANOS aims to revolutionize computing security by designing adaptable hardware within SoCs for post-fabrication reconfiguration to combat emerging cross-layer attacks.
Foundations for Sustainable Security
The FSSec project aims to enhance energy efficiency in IT systems by integrating cryptography-grade security into all layers, targeting a 20% efficiency increase while minimizing vulnerabilities.
SecuStack: Securing the Leaky Hardware/Software Boundary
SecuStack aims to eliminate side-channel leaks by developing precise hardware-level leakage models to create provably secure systems, enhancing data protection against emerging attacks.
Realizing the benefits of safety-security co-analysis through effective tool support
RUBICON aims to develop a proof-of-concept software tool for integrated safety-security risk analysis in technology, enhancing decision-making through advanced algorithms and multi-objective optimization.
Decentralized Cryptographic Systems
This project aims to develop robust cryptographic systems that align theoretical models with real-world challenges, enhancing security and efficiency for decentralized infrastructures.
Vergelijkbare projecten uit andere regelingen
| Project | Regeling | Bedrag | Jaar | Actie |
|---|---|---|---|---|
Integrated Safety for Deeply Embedded Systems Software (ISAFE)Het ISAFE-project ontwikkelt een geïntegreerde aanpak voor de kwalificatie van softwaretools in veiligheid kritische systemen, gericht op het voldoen aan veiligheidsstandaarden en het verbeteren van softwareontwikkeling. | Mkb-innovati... | € 160.200 | 2016 | Details |
Secure software co-designHet project onderzoekt veilige software co-development binnen het Reach platform door risicoprofielen op te stellen en mitigatiemogelijkheden voor gebruikersgegevens en malware te identificeren. | Mkb-innovati... | € 20.000 | 2022 | Details |
SecuriPiSecuriPi ontwikkelt een geavanceerd multi-factor authenticatiesysteem om digitale weerbaarheid tegen cyberdreigingen te versterken. | Mkb-innovati... | € 20.000 | 2024 | Details |
Protecting modern open-source web applicationsThe project aims to enhance website security by integrating independent security researchers with automated virtual patching technology to protect against open-source code vulnerabilities. | EIC Accelerator | € 1.904.000 | 2022 | Details |
REVOLUTIONISING INDUSTRIAL ROBOTICS WITH THE NEXT GENERATION ROBOT-SPECIFIC AI-POWERED SECURITY PLATFORMRIS is an innovative AI-based Endpoint Protection Platform designed to secure industrial robots by detecting vulnerabilities and protecting against known and unknown threats. | EIC Accelerator | € 2.499.875 | 2024 | Details |
Integrated Safety for Deeply Embedded Systems Software (ISAFE)
Het ISAFE-project ontwikkelt een geïntegreerde aanpak voor de kwalificatie van softwaretools in veiligheid kritische systemen, gericht op het voldoen aan veiligheidsstandaarden en het verbeteren van softwareontwikkeling.
Secure software co-design
Het project onderzoekt veilige software co-development binnen het Reach platform door risicoprofielen op te stellen en mitigatiemogelijkheden voor gebruikersgegevens en malware te identificeren.
SecuriPi
SecuriPi ontwikkelt een geavanceerd multi-factor authenticatiesysteem om digitale weerbaarheid tegen cyberdreigingen te versterken.
Protecting modern open-source web applications
The project aims to enhance website security by integrating independent security researchers with automated virtual patching technology to protect against open-source code vulnerabilities.
REVOLUTIONISING INDUSTRIAL ROBOTICS WITH THE NEXT GENERATION ROBOT-SPECIFIC AI-POWERED SECURITY PLATFORM
RIS is an innovative AI-based Endpoint Protection Platform designed to secure industrial robots by detecting vulnerabilities and protecting against known and unknown threats.