Project description DEENESFRITPL Rare-event approach revolutionising software security Data protection is increasingly important today, as more companies develop software using open source code, leading to many dependencies and third-party components (like external libraries and apps). These involve pieces of software, chunks of data, or commands sequences that can take advantage of a bug or vulnerability. Amounts of third-party code in software are too high to be effectively mitigated through updating policies. The EU-funded ProSVED project will revolutionise the prediction of the security of vulnerabilities caused by exploits in dependencies thanks to a unique rare-event sampling approach. It will enable effective update strategies and decrease security risks arising from external resources while leveraging software security to the highest levels. Show the project objective Hide the project objective Objective ProSVED stands for Projection of Security Vulnerabilities caused by Exploits in Dependencies, and targets the prognosis of software vulnerabilities via security exploits in third-party libraries. The code controlled by developers, e.g. to add security patches, is a small fraction of the whole codebase that supports any software project today. Most lines of code reside in external dependencies whose security vulnerabilities pose threats to the entire project. This can be mitigated via strategic update policies. However, measuring the risks to find optimal policies constitutes a tremendous prognosis problem, to find the needle of offending lines that hide in a haystack of third-party libraries. ProSVED proposes a novel rare-event approach to the challenge, to estimate the most promising update policies in order to reduce the security risks inherited from external code. Working with experts from the University of Trento, ProSVED will thus push the frontiers of software security analysis, taking it beyond its classical empirical approach, and into the horizon of formal risk modelling for prediction and mitigation. Fields of science natural sciencescomputer and information sciencessoftware Programme(s) HORIZON.1.2 - Marie Skłodowska-Curie Actions (MSCA) Main Programme Topic(s) HORIZON-MSCA-2021-PF-01-01 - MSCA Postdoctoral Fellowships 2021 Call for proposal HORIZON-MSCA-2021-PF-01 See other projects for this call Funding Scheme HORIZON-AG-UN - HORIZON Unit Grant Coordinator UNIVERSITA DEGLI STUDI DI TRENTO Net EU contribution € 172 750,08 Address Via calepina 14 38122 Trento Italy See on map Region Nord-Est Provincia Autonoma di Trento Trento Activity type Higher or Secondary Education Establishments Links Contact the organisation Opens in new window Website Opens in new window Participation in EU R&I programmes Opens in new window HORIZON collaboration network Opens in new window EU contribution No data
