CORDIS
EU research results

CORDIS

English EN
Programming Language-Based Security To Rescue

Programming Language-Based Security To Rescue

Objective

It is alarming that the society's critical infrastructures are not
fully prepared to meet the challenge of information security. Modern
computing systems are increasingly extensible, inter-connected, and
mobile. However, exactly these trends make systems more vulnerable to
attacks. A particularly exposed infrastructure is the world-wide web
infrastructure, where allowing the mere possibility of fetching a web
page opens up opportunities for delivering potentially malicious
executable content past current security mechanisms such as
firewalls. A critical challenge is to secure the computing
infrastructures without losing the benefits of the trends.

It is our firm belief that attacks will continue succeeding unless a
fundamental security solution, one that focuses on the security of the
actual applications (code), is devised. To this end, we are convinced
that application-level security can be best enforced, *by
construction*, at the level of programming languages.

ProSecuToR will develop the technology of *programming language-based
security* in order to secure computing infrastructures.
Language-based security is an innovative approach for enforcing
security by construction. The project will deliver policies and
enforcement mechanisms for protecting who can see and who can modify
sensitive data. Security policies will be expressible by the
programmer at the construction phase. We will devise a policy
framework capable of expressing fine-grained application-level
security policies. We will build practical enforcement mechanisms to
enforce the policies for expressive languages. Enforcement mechanisms
will be fully automatic, preventing dangerous programs from executing
whenever there is a possibility of compromising desired security
properties. The practicality will be demonstrated by building robust
web applications. ProSecuToR is expected to lead to breakthroughs in
*securing web mashups* and *end-to-end web application security*.
Leaflet | Map data © OpenStreetMap contributors, Credit: EC-GISCO, © EuroGeographics for the administrative boundaries

Principal Investigator

Andreas Sabelfeld (Prof.)

Host institution

CHALMERS TEKNISKA HOEGSKOLA AB

Address

-
41296 Goeteborg

Sweden

Activity type

Higher or Secondary Education Establishments

EU Contribution

€ 1 500 000

Principal Investigator

Andreas Sabelfeld (Prof.)

Administrative Contact

Sara Kanhede (Ms.)

Beneficiaries (1)

Sort alphabetically

Sort by EU Contribution

Expand all

CHALMERS TEKNISKA HOEGSKOLA AB

Sweden

EU Contribution

€ 1 500 000

Project information

Grant agreement ID: 307544

Status

Closed project

  • Start date

    1 January 2013

  • End date

    31 December 2017

Funded under:

FP7-IDEAS-ERC

  • Overall budget:

    € 1 500 000

  • EU contribution

    € 1 500 000

Hosted by:

CHALMERS TEKNISKA HOEGSKOLA AB

Sweden