Cel The security of modern web applications depends on a variety of critical components including cryptographic libraries, Transport Layer Security (TLS), browser security mechanisms, and single sign-on protocols. Although these components are widely used, their security guarantees remain poorly understood, leading to subtle bugs and frequent attacks.Rather than fixing one attack at a time, we advocate the use of formal security verification to identify and eliminate entire classes of vulnerabilities in one go. With the aid of my ERC starting grant, I have built a team that has already achieved landmark results in this direction. We built the first TLS implementation with a cryptographic proof of security. We discovered high-profile vulnerabilities such as the recent Triple Handshake and FREAK attacks, both of which triggered critical security updates to all major web browsers and TLS libraries.So far, our security theorems only apply to carefully-written standalone reference implementations. CIRCUS proposes to take on the next great challenge: verifying the end-to-end security of web applications running in mainstream software. The key idea is to identify the core security components of web browsers and servers and replace them by rigorously verified components that offer the same functionality but with robust security guarantees.Our goal is ambitious and there are many challenges to overcome, but we believe this is an opportune time for this proposal. In response to the Snowden reports, many cryptographic libraries and protocols are currently being audited and redesigned. Standards bodies and software developers are inviting researchers to help analyse their designs and code. Responding to their call requires a team of researchers who are willing to deal with the messy details of nascent standards and legacy code, and at the same time prove strong security theorems based on precise cryptographic assumptions. We are able, we are willing, and the time is now. Dziedzina nauki natural sciencescomputer and information sciencescomputer securityaccess controlnatural sciencescomputer and information sciencesinternettransport layernatural sciencescomputer and information sciencescomputer securitycryptographyengineering and technologyelectrical engineering, electronic engineering, information engineeringinformation engineeringtelecommunicationsmobile phonesnatural sciencescomputer and information sciencessoftwaresoftware applications Program(-y) H2020-EU.1.1. - EXCELLENT SCIENCE - European Research Council (ERC) Main Programme Temat(-y) ERC-CoG-2015 - ERC Consolidator Grant Zaproszenie do składania wniosków ERC-2015-CoG Zobacz inne projekty w ramach tego zaproszenia System finansowania ERC-COG - Consolidator Grant Instytucja przyjmująca INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET AUTOMATIQUE Wkład UE netto € 1 885 248,00 Adres DOMAINE DE VOLUCEAU ROCQUENCOURT 78153 Le Chesnay Cedex Francja Zobacz na mapie Region Ile-de-France Ile-de-France Yvelines Rodzaj działalności Research Organisations Linki Kontakt z organizacją Opens in new window Strona internetowa Opens in new window Uczestnictwo w unijnych programach w zakresie badań i innowacji Opens in new window sieć współpracy HORIZON Opens in new window Koszt całkowity € 1 885 248,00 Beneficjenci (1) Sortuj alfabetycznie Sortuj według wkładu UE netto Rozwiń wszystko Zwiń wszystko INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET AUTOMATIQUE Francja Wkład UE netto € 1 885 248,00 Adres DOMAINE DE VOLUCEAU ROCQUENCOURT 78153 Le Chesnay Cedex Zobacz na mapie Region Ile-de-France Ile-de-France Yvelines Rodzaj działalności Research Organisations Linki Kontakt z organizacją Opens in new window Strona internetowa Opens in new window Uczestnictwo w unijnych programach w zakresie badań i innowacji Opens in new window sieć współpracy HORIZON Opens in new window Koszt całkowity € 1 885 248,00