Objective
Security is a vital property for every operational system and network. As systems become more powerful and, in many aspects, more complex, advanced cyber-attacks impose new threats for important operations of our society. Computer systems assist core functions of hospitals, energy centers, logistics, and communications, to name a few, and compromising such systems may have severe consequences for everyone of us. Despite the evolution of computer systems, current security defenses-although they have been substantially improved in the last decade-seem not really enough to stop advanced cyber attacks. Systems still suffer from vulnerabilities, despite the many active or passive defenses in place that have been developed in the last decades.
We believe that the core of this problem is that cyber attackers are almost always one step ahead of the cyber security researchers and practitioners. Indeed, cyber attackers are the first to strike, and while researchers try to figure out what happened, attackers have all the time in the world to plan their next strike. In this project we advocate that we should change the rules of the cyber attackers’ game and challenge the asymmetry. Instead of following the cyber attackers, researchers should try to forecast where attackers will strike next and to use this information (i) to fortify potential targets to withstand the attack and (ii) to wire targets up with forensic hooks and make them “forensics ready”. To make all this possible at a reasonable performance cost, we propose selective fortification, a mechanism that combines traditional passive and active defense approaches into a new reactive mode of operation. We take advantage of our rich background in software hardening and instrumentation for immediate delivering effective patches by selectively armoring the vulnerable part of a program.
Fields of science
- natural sciencescomputer and information sciencesartificial intelligence
- natural sciencescomputer and information sciencesinternetinternet of things
- natural sciencescomputer and information sciencessoftwaresoftware applicationssystem software
- natural sciencescomputer and information sciencescomputer securitycryptography
- natural sciencescomputer and information sciencessoftwaresoftware development
Programme(s)
Topic(s)
Funding Scheme
RIA - Research and Innovation action
Coordinator
70013 Irakleio
Greece
See on map
Participants (6)
1081 HV Amsterdam
See on map
1678 Nicosia
See on map
06410 Biot
See on map
44801 Bochum
See on map
92671 Courbevoie
See on map
Legal entity other than a subcontractor which is affiliated or legally linked to a participant. The entity carries out work under the conditions laid down in the Grant Agreement, supplies goods or provides services for the action, but did not sign the Grant Agreement. A third party abides by the rules applicable to its related participant under the Grant Agreement with regard to eligibility of costs and control of expenditure.
D04TR29 Dublin
See on map