Trustfull: Trustworthy Fullstack Computing
The Trustfull project, funded by Stiftelsen för Strategisk Forskning (SSF), aims to show that formal techniques can be used in combination with intelligent static and dynamic program manipulation techniques at scale to significantly strengthen the security of real life application stacks. The focus is on software-based attacks: attacks manifested through software that affect the host systems in adversarial ways through bugs, vulnerabilities, and design deficiencies at any level in the software stack.
The project brings together different research groups, the group of Dam and Guanciale with deep experience in provable security and low level execution platforms from the previous SSF-supported PROSPER project, and the groups of Baudry and Monperrus, with extensive experience in large scale software engineering, software diversity, and automated program repair.
The proposed research program involves three main components:
• Theories and tools for formal modelling, security analysis, and program manipulation at the level of processor architecture, firmware, kernel and application code.
• Defensive mechanisms that use formal methods and diversity-based techniques in innovative ways for application hardening at both application and system level.
• A core demonstrator application, an electronic voting system, serving as the main tool for focusing project work and evaluating the results.
This project is funded by SSF, see https://strategiska.se/pressmeddelande/300-miljoner-till-cybersakerhet-en-strategisk-injektion/