CORDIS
EU research results

CORDIS

English EN

CRYSP: A Novel Framework for Collaboratively Building Cryptographically Secure Programs and their Proofs

Objective

The field of software security analysis stands at a critical juncture.
Applications have become too large for security experts to examine by hand,
automated verification tools do not scale, and the risks of deploying insecure software are too great to tolerate anything less than mathematical proof.
A radical shift of strategy is needed if programming and analysis techniques are to keep up in a networked world where increasing amounts of governmental and individual information are generated, manipulated, and accessed through web-based software applications.

The basic tenet of this proposal is that the main roadblock to the security verification of a large program is not its size, but rather the lack of precise security specifications for the underlying libraries and security-critical application code. Since, large-scale software is often a collaborative effort, no single programmer knows all the design goals. Hence, this proposal advocates a collaborative specification and verification framework that helps teams of programmers write detailed security specifications incrementally and then verify that they are satisfied by the source program.

The main scientific challenge is to develop new program verification techniques that can be applied collaboratively, incrementally, and modularly to application and library code written in mainstream programming languages. The validation of this approach will be through substantial case studies. Our aim is to produce the first verified open source cryptographic protocol library and the first web applications with formal proofs of security.

The proposed project is bold and ambitious, but it is certainly feasible, and has the potential to change how software security is analyzed for years to come.
Leaflet | Map data © OpenStreetMap contributors, Credit: EC-GISCO, © EuroGeographics for the administrative boundaries

Principal Investigator

Karthikeyan Bhargavan (Dr.)

Host institution

INSTITUT NATIONAL DE RECHERCHE ENINFORMATIQUE ET AUTOMATIQUE

Address

Domaine De Voluceau Rocquencourt
78153 Le Chesnay Cedex

France

Activity type

Research Organisations

EU Contribution

€ 1 406 726

Principal Investigator

Karthikeyan Bhargavan (Dr.)

Administrative Contact

Valérie Boutheon (Ms.)

Beneficiaries (1)

Sort alphabetically

Sort by EU Contribution

Expand all

INSTITUT NATIONAL DE RECHERCHE ENINFORMATIQUE ET AUTOMATIQUE

France

EU Contribution

€ 1 406 726

Project information

Grant agreement ID: 259639

Status

Closed project

  • Start date

    1 November 2010

  • End date

    31 October 2015

Funded under:

FP7-IDEAS-ERC

  • Overall budget:

    € 1 406 726,40

  • EU contribution

    € 1 406 726

Hosted by:

INSTITUT NATIONAL DE RECHERCHE ENINFORMATIQUE ET AUTOMATIQUE

France