Resilient and Sustainable Software Security

In parallel with the ongoing digitization, computer security has become an increasingly important and urgent challenge. In particular, the sound and robust implementation of complex software systems is still not well understood in practice, as evidenced by the steady stream of successful attacks observed in the wild. With the "Resilient and Sustainable Software Security" (RS^3) project, we propose a compelling research agenda to fundamentally change this situation by developing novel countermeasures at different system levels that fundamentally improve security. On the one hand, the system must be resilient against entire classes of attack vectors. On the other hand, the system must be sustainable, i.e. it must be able to maintain its security at least over its design lifetime and possibly even adapt over time. Our work plan addresses the problem from four different angles by (i) developing novel software testing strategies that enable accurate and efficient vulnerability discovery, (ii) designing secure compiler chains that embed security properties during the compilation phase that can be enforced at runtime, (iii) devising robust mechanisms that mitigate and patch advanced attacks, and (iv) investigating how hardware changes for open-source hardware can improve the efficiency and accuracy of all of these goals. We study innovative methods and fundamental principles to build, test, and patch complex systems securely and efficiently. This holistic approach covers multiple layers of the computing stack, and each aspect has the potential to improve security significantly. Our main objective is to investigate how we can combine advanced software testing and patching methods with fundamental changes to the underlying system execution platform to develop the next generation of software testing methods. The main research question that defines our research agenda is: How can we increase the efficiency of software testing by at least an order of magnitude? Furthermore, we plan to design methods to detect and isolate software bugs in an automated way, evaluate and prioritize the identified bugs to support developers and penetration testers, and devise novel methods to detect system failures due to unpredictable threats and new attack vectors. To address these challenges, we will explore novel methods to secure computer systems at multiple levels of the computing stack, such as through changes to a processor's instruction set architecture (ISA) to better support security objectives, or through secure compiler chains that eliminate today's low-level vulnerabilities and support testing. While the focus on secure-by-construction applications is very promising, such methods do not address the ongoing security issues that arise from the large amount of legacy code that has been developed and deployed over the last four decades. In RS^3, we will therefore focus primarily on the development of new, advanced security testing methods to identify existing vulnerabilities on a large scale and to develop novel methods for retrofitting security features in existing systems. Combined with methods for automated program repair, these techniques will allow legacy components to tolerate runtime attacks and even improve over time.

We focused on improving the reliability and security of software systems through the development and refinement of fuzz testing methods. This research spans multiple application areas, including embedded systems, web applications, network protocols, and cryptographic code, demonstrating the broad applicability and importance of fuzzing as a vulnerability detection technique. A main theme linking the activities is the recognition of the limitations of current fuzzing techniques and the search for innovative approaches to overcome them. We identified areas where conventional methods fall short, whether due to the complexity of modern systems, the inadequacy of coverage-based metrics, or the challenges associated with generating meaningful inputs for complex, structured programs. In response, we explored a variety of improvements, including the integration of adaptive mechanisms, hybrid analysis techniques, and novel data formats to improve input generation, coverage, and vulnerability detection. We have placed an emphasis on improving the evaluation practices of fuzzing tools: we have recognized that the lack of standardized methods has made it difficult to meaningfully compare fuzzers or reproduce results in the past. By proposing a more rigorous, systematic framework for evaluating the effectiveness of fuzzing, this line of research aims to establish standardized benchmarks and methods that improve the reproducibility and credibility of experimental results. In addition, our research highlights the importance of applying fuzzing techniques to increasingly specialized and complex environments. This includes using fuzzing to detect concurrency issues at the binary level, investigating server-side vulnerabilities in web applications, investigating vulnerabilities in shader translation mechanisms, and network applications. This diversity of applications demonstrates both the adaptability of fuzzing as a testing approach and the need for continuous refinement to meet evolving technological challenges. Ultimately, the overarching theme of this project is the effort to extend fuzzing beyond its traditional boundaries and make it more adaptable, efficient, and reliable in various domains. The work aims to bridge the gap between theoretical advances and practical applicability, providing tools and methods that are not only effective, but also reproducible and widely accessible. Through collaboration with other research groups, we aim to create a more coherent, integrated framework for applying fuzzing techniques to real-world security problems. Three distinguished paper awards have been awarded to the project results so far (IEEE Symposium on Security and Privacy 2023 + 2024 and USENIX Security 2025).

The project has already made significant progress in the area of software security, with a particular focus on improving the efficiency, reliability, and applicability of fuzz testing techniques in various domains. Overall, the results show significant progress in addressing long-standing challenges in fuzzing, including input space coverage, adaptive testing methods, and security of highly specialized systems such as web applications, embedded firmware, and WebGPU shaders. The main contributions of this project so far are the development of new fuzzing methods, the improvement of existing systems, and the introduction of systematic evaluation procedures to ensure reproducibility and credibility. For example, the introduction of adaptive mechanisms to improve input generation and coverage has the potential to significantly improve the effectiveness of fuzzers. These advances are likely to have far-reaching implications in several areas. Security researchers and developers of open-source tools such as AFL++ and libAFL will directly benefit from these improvements by providing better benchmarks, advanced methods, and integrated tools that can be used for a wide range of security analysis tasks. In addition, the demonstration of fuzzing techniques in areas such as web applications, network protocols, and embedded systems underscores the adaptability of these methods and their potential to address vulnerabilities in increasingly complex environments.