Project description
Taking software security to a new level
Cybersecurity is the backbone of digitisation, which is evolving at an incredible rate. However, the robust implementation of complex software systems is still not well understood in practice. The current state of the art in software security consists of solutions that are often technically sound, but do not provide operational security in practice. The ERC-funded RS³ project will develop novel countermeasures at different system levels that fundamentally improve security. For instance, the system needs to be resilient against attacks. Sustainability (maintain security over its design lifetime at least) is also important. The project’s design for secure compiler chains will embed security properties during the compilation phase. It will also devise robust mechanisms that mitigate and patch advanced attacks.
Objective
"In parallel with the ongoing digitization, computer security has become an increasingly important and urgent challenge. In particular, the sound and robust implementation of complex software systems is still not well understood in practice, as evidenced by the steady stream of successful attacks observed in the wild. The current state of the art in software security consists of solutions that are often technically sound, but do not provide operational security in practice.
With the Resilient and Sustainable Software Security (RS³) project, we propose a compelling research agenda to fundamentally change this situation by developing novel countermeasures at different system levels that fundamentally improve security. On the one hand, the system must be ""resilient"" against entire classes of attack vectors. On the other hand, the system must be ""sustainable"", i.e. it must be able to maintain its security at least over its design lifetime and possibly even adapt over time. Our work plan addresses the problem from four different angles by
(i) developing novel software testing strategies that enable accurate and efficient vulnerability discovery,
(ii) designing secure compiler chains that embed security properties during the compilation phase that can be enforced at runtime,
(iii) devising robust mechanisms that mitigate and patch advanced attacks, and
(iv) investigating how hardware changes for open-source hardware (e.g. RISC-V processors) can improve the efficiency and accuracy of all of these goals.
We expect to develop innovative methods and fundamental principles to build, test, and patch complex systems securely and efficiently. This holistic approach covers multiple layers of the computing stack, and each aspect has the potential to improve security significantly. The main success criterion will be our ability to perform a security analysis of a complex system an order of magnitude more effectively and efficiently than with current state-of-the-art methods."
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
You need to log in or register to use this function
We are sorry... an unexpected error occurred during execution.
You need to be authenticated. Your session might have expired.
Thank you for your feedback. You will soon receive an email to confirm the submission. If you have selected to be notified about the reporting status, you will also be contacted when the reporting status will change.
Keywords
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Project’s keywords as indicated by the project coordinator. Not to be confused with the EuroSciVoc taxonomy (Fields of science)
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
HORIZON.1.1 - European Research Council (ERC)
MAIN PROGRAMME
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
HORIZON-ERC - HORIZON ERC Grants
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) ERC-2021-COG
See all projects funded under this callHost institution
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
66123 SAARBRUCKEN
Germany
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.