Objective
The emergence of memory-safe programming languages like Rust, Go, and Swift has significantly enhanced security by mitigating common memory-related vulnerabilities with minimal performance loss. Traditionally, memory safety was enforced through run-time support (e.g. Java), which executes bytecode but incurs significant performance overhead. In contrast, Rust, Go, Swift, and similar languages provide memory safety without heavy run-time support, delivering fast, secure machine code instead of virtual bytecode assessed at run-time. The core idea is to let the compiler vet about the security of a program by rejecting insecure code and by injecting certain checks in the produced machine code. However, the lack of run-time protection introduces a new attack vector. Specifically, developers themselves can become attackers by subtly manipulating binaries compiled with memory-safe languages, introducing deliberate vulnerabilities. These compromised binaries, disguised as secure, can bypass app store screening processes and become malicious post-installation through remote exploitation. This underscores the need for a robust validation mechanism to complement existing screening processes. To address this, we introduce VALIDATE (VALIDATing SEcurity Safeguards in Binaries Compiled with Memory-Safe Languages Pre-Execution), a validation mechanism ensuring that binaries compiled with memory-safe languages retain their intended security properties before execution. VALIDATE operates at the final executable level, where no further code alterations can occur, providing accurate end-to-end security guarantees. By advancing static and dynamic analysis techniques beyond the state-of-the-art, VALIDATE ensures that security guarantees enforced at compile-time remain intact at load-time. Integrating VALIDATE with app store screening processes enhances cybersecurity and maintains user trust by ensuring that memory-safe advertised software is indeed safe before execution.
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: https://op.europa.eu/en/web/eu-vocabularies/euroscivoc.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: https://op.europa.eu/en/web/eu-vocabularies/euroscivoc.
- natural sciencescomputer and information sciencessoftware
- natural sciencescomputer and information sciencescomputer security
You need to log in or register to use this function
We are sorry... an unexpected error occurred during execution.
You need to be authenticated. Your session might have expired.
Thank you for your feedback. You will soon receive an email to confirm the submission. If you have selected to be notified about the reporting status, you will also be contacted when the reporting status will change.
Programme(s)
- HORIZON.1.2 - Marie Skłodowska-Curie Actions (MSCA) Main Programme
Funding Scheme
HORIZON-TMA-MSCA-PF-EF - HORIZON TMA MSCA Postdoctoral Fellowships - European FellowshipsCoordinator
2628 CN Delft
Netherlands