SubsidieMeestersA Principled Plan to Prevent Transient Execution Attacks
Ghostbuster aims to automatically detect and mitigate advanced transient execution attacks by analyzing vulnerable code fragments and modeling attack conditions, enhancing security without crippling performance.
Projectdetails
Introduction
Ghostbuster is a research program to stop advanced “transient execution attacks,” which by themselves already rank among the most advanced attacks ever. The program aims to find vulnerable code fragments, analyze them for exploitability, and inject mitigations where needed.
Background on Vulnerabilities
The vulnerabilities such as Spectre, Meltdown, and others originate in vulnerable hardware and allow data leakage across all security boundaries. Recently, my team and I showed that even more advanced attacks exist by combining transient execution with traditional software exploitation.
Current Challenges
Today, we have no way of even detecting these hybrid attacks, let alone stopping them. While we keep finding new variants, vendors have indicated that they cannot fix them all, as it would cripple performance. The hope is that developers identify and harden vulnerable code snippets (e.g., with instructions that stop transient execution). Unfortunately, finding vulnerable snippets is hard, beyond the abilities of top programmers, and even more so for the new hybrid attacks.
Automation Possibility
Can it be done automatically? The challenge is daunting and involves all interaction between the code and a myriad of obscure CPU resources, requiring expertise in hardware, operating systems, fuzzing, program analysis, etc. State-of-the-art (and limited) tools do not even aim for mitigation and simply report potential issues—with many false positives and negatives.
Ghostbuster's Approach
Unlike existing solutions that detect the snippets through pattern matching, Ghostbuster takes a principled approach and considers the fundamental conditions enabling attacks. It avoids resorting to symbolic execution, which scales poorly to large programs.
Modeling Attacks
Ghostbuster models the fundamental conditions of (steps of) an attack in terms of control and dataflow properties and translates the models into detectors. After detecting the code that looks vulnerable, it runs additional (possibly heavy-weight) exploitability analysis and, if need be, mitigates the issue by removing some of the enabling conditions.
Financiële details & Tijdlijn
Financiële details
| Subsidiebedrag | € 2.499.995 |
| Totale projectbegroting | € 2.499.995 |
Tijdlijn
| Startdatum | 1-1-2025 |
| Einddatum | 31-12-2029 |
| Subsidiejaar | 2025 |
Partners & Locaties
Projectpartners
- STICHTING VUpenvoerder
Land(en)
Vergelijkbare projecten binnen European Research Council
| Project | Regeling | Bedrag | Jaar | Actie |
|---|---|---|---|---|
SecuStack: Securing the Leaky Hardware/Software BoundarySecuStack aims to eliminate side-channel leaks by developing precise hardware-level leakage models to create provably secure systems, enhancing data protection against emerging attacks. | ERC Starting... | € 1.500.000 | 2024 | Details |
Resilient and Sustainable Software SecurityThe RS³ project aims to enhance software security by developing resilient and sustainable countermeasures through innovative testing, secure compilers, attack mitigation, and hardware improvements. | ERC Consolid... | € 1.998.851 | 2023 | Details |
Hardware-assisted Adaptive Cross-Layer Security for Computing SystemsHYDRANOS aims to revolutionize computing security by designing adaptable hardware within SoCs for post-fabrication reconfiguration to combat emerging cross-layer attacks. | ERC Advanced... | € 2.485.281 | 2022 | Details |
Machine Learning for Offensive Computer SecurityThe Malfoy project explores the application of machine learning in offensive security to identify vulnerabilities and develop innovative defenses against evolving cyber threats. | ERC Consolid... | € 1.962.000 | 2023 | Details |
Practical, Learning-Based Tools for Finding and Fixing BugsBugGPT aims to develop practical AI-based tools for automatically finding and fixing software bugs, enhancing efficiency in the software development process and paving the way for a commercial product. | ERC Proof of... | € 150.000 | 2024 | Details |
SecuStack: Securing the Leaky Hardware/Software Boundary
SecuStack aims to eliminate side-channel leaks by developing precise hardware-level leakage models to create provably secure systems, enhancing data protection against emerging attacks.
Resilient and Sustainable Software Security
The RS³ project aims to enhance software security by developing resilient and sustainable countermeasures through innovative testing, secure compilers, attack mitigation, and hardware improvements.
Hardware-assisted Adaptive Cross-Layer Security for Computing Systems
HYDRANOS aims to revolutionize computing security by designing adaptable hardware within SoCs for post-fabrication reconfiguration to combat emerging cross-layer attacks.
Machine Learning for Offensive Computer Security
The Malfoy project explores the application of machine learning in offensive security to identify vulnerabilities and develop innovative defenses against evolving cyber threats.
Practical, Learning-Based Tools for Finding and Fixing Bugs
BugGPT aims to develop practical AI-based tools for automatically finding and fixing software bugs, enhancing efficiency in the software development process and paving the way for a commercial product.
Vergelijkbare projecten uit andere regelingen
| Project | Regeling | Bedrag | Jaar | Actie |
|---|---|---|---|---|
Perpetual Sandbox AnalysisHet project ontwikkelt een geautomatiseerde technologie voor het snel monitoren van malware met incubatietijd, gericht op het verbeteren van de cybersecurity van financiële instellingen. | Mkb-innovati... | € 190.050 | 2017 | Details |
Protecting modern open-source web applicationsThe project aims to enhance website security by integrating independent security researchers with automated virtual patching technology to protect against open-source code vulnerabilities. | EIC Accelerator | € 1.904.000 | 2022 | Details |
AI Fuzzing TechnologieHet project ontwikkelt een geïntegreerde Fuzzing Stack om de beveiliging van embedded software in diverse apparaten te verbeteren, met als doel efficiëntere en veiligere producten te creëren. | Mkb-innovati... | € 208.320 | 2021 | Details |
Perpetual Sandbox Analysis
Het project ontwikkelt een geautomatiseerde technologie voor het snel monitoren van malware met incubatietijd, gericht op het verbeteren van de cybersecurity van financiële instellingen.
Protecting modern open-source web applications
The project aims to enhance website security by integrating independent security researchers with automated virtual patching technology to protect against open-source code vulnerabilities.
AI Fuzzing Technologie
Het project ontwikkelt een geïntegreerde Fuzzing Stack om de beveiliging van embedded software in diverse apparaten te verbeteren, met als doel efficiëntere en veiligere producten te creëren.