Project description DEENESFRITPL Better security foundations for all software-based systems The instruction set architecture (ISA) of computers defines the way the central processing unit (CPU) is controlled by the software. State-of-the-art formalizations of the ISA do not explicitly specify the security properties guaranteed by that interface. As such, various micro-architectural cache side-channel attacks on the CPU can easily take place. The EU-funded UniversalContracts project will develop a new approach to specify ISA security properties. It will use universal contracts that can capture ISA-enforced upper bounds on the effects of arbitrary (even attacker-controlled) software. These contracts can be applied to general security primitives, mechanically verified against the ISA's operational semantics. Show the project objective Hide the project objective Objective The Instruction Set Architecture (ISA) is the interface that processor hardware offers to software developers. Current ISAs do not explicitly specify the security properties guaranteed by that interface, so that, for example, recent severe micro-architectural side-channel vulnerabilities like Spectre did not even violate the specifications. This project proposes a fundamentally new approach to specify ISA security properties by using what we call universal contracts. These are formal contracts in a compositional program logic that automatically hold for arbitrary code. Such contracts capture ISA-enforced upper bounds on the effects of arbitrary (even attacker-controlled) software. While this approach is widely different from traditional specifications, the approach looks extremely promising: universal contracts can be applied to general security primitives, mechanically verified against the ISA's operational semantics and they make it possible to obtain full-system security proofs by manually verifying only the trusted code of a sytem.In this project, we will contribute reusable techniques and tools for applying universal contracts in realistic ISAs. To this end, we will (1) design, prove and evaluate universal contracts for ISAs with state-of-practice security primitives, (2) develop semi-automation machinery for verifying universal contracts of ISAs, (3) extend universal contracts to deal with semantic complications like concurrency or micro-architectural side-channels and (4) design, implement and evaluate techniques which facilitate the construction of trusted software that relies on universal contracts, particularly assembly-level reasoning support and secure compilers. If successful, the project has the potential to fundamentally improve the security foundations of all software-based systems, by (1) clearly dividing the security responsibilities between hardware and software developers and (2) enabling scalable, rigorous, full-system security proofs. Fields of science natural sciencescomputer and information sciencessoftware Keywords instruction set architectures security primitives program logics separation logic semi-automatic verification Programme(s) HORIZON.1.1 - European Research Council (ERC) Main Programme Topic(s) ERC-2021-STG - ERC STARTING GRANTS Call for proposal ERC-2021-STG See other projects for this call Funding Scheme HORIZON-ERC - HORIZON ERC Grants Host institution KATHOLIEKE UNIVERSITEIT LEUVEN Net EU contribution € 1 500 000,00 Address OUDE MARKT 13 3000 Leuven Belgium See on map Region Vlaams Gewest Prov. Vlaams-Brabant Arr. Leuven Activity type Higher or Secondary Education Establishments Links Contact the organisation Opens in new window Website Opens in new window Participation in EU R&I programmes Opens in new window HORIZON collaboration network Opens in new window Total cost € 1 500 000,00 Beneficiaries (1) Sort alphabetically Sort by Net EU contribution Expand all Collapse all KATHOLIEKE UNIVERSITEIT LEUVEN Belgium Net EU contribution € 1 500 000,00 Address OUDE MARKT 13 3000 Leuven See on map Region Vlaams Gewest Prov. Vlaams-Brabant Arr. Leuven Activity type Higher or Secondary Education Establishments Links Contact the organisation Opens in new window Website Opens in new window Participation in EU R&I programmes Opens in new window HORIZON collaboration network Opens in new window Total cost € 1 500 000,00
