Project description
Enhancing IoT security with binary analysis
The rapid pace of digitalisation and the transition to the Internet of Things (IoT) has resulted in a significant number of legacy devices connected to the internet. Despite the many benefits of this transition, it has also made both legacy devices and the IoT more susceptible to digital crime due to the lack of available solutions. Funded by the European Research Council, the BASTION project aims to address this issue by developing a research programme focusing on binary analysis techniques. The project aims to produce novel methods and technologies that can improve security within the IoT. To achieve this, it will design several useful technologies and methods focusing on software to provide crucial data for binary analysis-based security solutions.
Objective
We are in the midst of the shift towards the Internet of Things (IoT), where more and more (legacy) devices are connected to the Internet and communicate with each other. This paradigm shift brings new security challenges and unfortunately many current security solutions are not applicable anymore, e.g. because of a lack of clear network boundaries or resource-constrained devices. However, security plays a central role: In addition to its classical function in protecting against manipulation and fraud, it also enables novel applications and innovative business models.
We propose a research program that leverages binary analysis techniques to improve the security within the IoT. We concentrate on the software level since this enables us to both analyze a given device for potential security vulnerabilities and add security features to harden the device against future attacks. More specifically, we concentrate on the firmware (i.e. the combination of persistent memory together with program code and data that powers such devices) and develop novel mechanism for binary analysis of such software. We design an intermediate language to abstract away from the concrete assembly level and this enables an analysis of many different platforms within a unified analysis framework. We transfer and extend program analysis techniques such as control-/data-flow analysis or symbolic execution and apply them to our IL. Given this novel toolset, we can analyze security properties of a given firmware image (e.g. uncovering undocumented functionality and detecting memory corruption or logical vulnerabilities,). We also explore how to harden a firmware by retrofitting security mechanisms (e.g. adding control-flow integrity or automatically eliminating unnecessary functionality). This research will deepen our fundamental understanding of binary analysis methods and apply it to a novel area as it lays the foundations of performing this analysis on the level of intermediate languages.
Fields of science (EuroSciVoc)
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
CORDIS classifies projects with EuroSciVoc, a multilingual taxonomy of fields of science, through a semi-automatic process based on NLP techniques. See: The European Science Vocabulary.
- engineering and technology mechanical engineering manufacturing engineering
- natural sciences computer and information sciences internet internet of things
- natural sciences computer and information sciences software
- social sciences sociology social issues corruption
- natural sciences computer and information sciences computer security
You need to log in or register to use this function
We are sorry... an unexpected error occurred during execution.
You need to be authenticated. Your session might have expired.
Thank you for your feedback. You will soon receive an email to confirm the submission. If you have selected to be notified about the reporting status, you will also be contacted when the reporting status will change.
Programme(s)
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
Multi-annual funding programmes that define the EU’s priorities for research and innovation.
-
H2020-EU.1.1. - EXCELLENT SCIENCE - European Research Council (ERC)
MAIN PROGRAMME
See all projects funded under this programme
Topic(s)
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Calls for proposals are divided into topics. A topic defines a specific subject or area for which applicants can submit proposals. The description of a topic comprises its specific scope and the expected impact of the funded project.
Funding Scheme
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
Funding scheme (or “Type of Action”) inside a programme with common features. It specifies: the scope of what is funded; the reimbursement rate; specific evaluation criteria to qualify for funding; and the use of simplified forms of costs like lump sums.
ERC-STG - Starting Grant
See all projects funded under this funding scheme
Call for proposal
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
Procedure for inviting applicants to submit project proposals, with the aim of receiving EU funding.
(opens in new window) ERC-2014-STG
See all projects funded under this callHost institution
Net EU financial contribution. The sum of money that the participant receives, deducted by the EU contribution to its linked third party. It considers the distribution of the EU financial contribution between direct beneficiaries of the project and other types of participants, like third-party participants.
44801 Bochum
Germany
The total costs incurred by this organisation to participate in the project, including direct and indirect costs. This amount is a subset of the overall project budget.