SubsidieMeestersVulnerability Exposure Analysis for JavaScript
PAWJAM aims to commercialize the JAM tool, enhancing JavaScript vulnerability analysis by pinpointing library usage, enabling developers to mitigate security risks effectively.
Projectdetails
Introduction
The JavaScript programming language together with the Node.js framework constitute the foundation of modern web-based software. An essential part of this platform is the npm registry that contains millions of freely available third-party software libraries that provide common functionality.
Importance of Library Reuse
This massive reuse of libraries is essential to the productivity of software developers. However, the dependence on other people's libraries opens the door to security vulnerabilities that may have severe consequences for the applications and end users.
Need for Vulnerability Awareness
When new vulnerabilities are discovered, it is crucial that the programmers are informed. Existing tools only tell whether a program depends on libraries with vulnerabilities, but without precise information about how the vulnerable library code is being used. This results in an overwhelming amount of false positives and makes it extremely difficult for the programmers to investigate the possible consequences of the vulnerabilities.
PAW Project Overview
The ERC project PAW has delivered a range of novel program analysis techniques, most notably one that has the potential to alleviate this problem: The analysis tool JAM.
Capabilities of JAM
JAM is capable of automatically analyzing a given JavaScript program and can tell exactly which parts of the libraries are being used and where they are used. This capability enables programmers to make fast and correct decisions about how their programs are exposed to vulnerabilities and how to update their programs accordingly to prevent security incidents.
Proposed Project: PAWJAM
The proposed project, PAWJAM, aims to explore the commercial and innovative aspects of this program analysis tool. The objectives include:
- Further developing the prototype implementation into a commercial product.
- Performing more extensive evaluations of its effectiveness.
- Engaging with potential users and industry partners.
Financiële details & Tijdlijn
Financiële details
| Subsidiebedrag | € 150.000 |
| Totale projectbegroting | € 150.000 |
Tijdlijn
| Startdatum | 1-7-2023 |
| Einddatum | 31-12-2024 |
| Subsidiejaar | 2023 |
Partners & Locaties
Projectpartners
- AARHUS UNIVERSITETpenvoerder
Land(en)
Vergelijkbare projecten binnen European Research Council
| Project | Regeling | Bedrag | Jaar | Actie |
|---|---|---|---|---|
Advanced Software Tools for JavaScript DevelopersPAWTOOLS aims to commercialize novel program analysis techniques for JavaScript, enhancing security and stability in software development by automating library dependency management. | ERC Proof of... | € 150.000 | 2022 | Details |
A Principled Plan to Prevent Transient Execution AttacksGhostbuster aims to automatically detect and mitigate advanced transient execution attacks by analyzing vulnerable code fragments and modeling attack conditions, enhancing security without crippling performance. | ERC Advanced... | € 2.499.995 | 2025 | Details |
Resilient and Sustainable Software SecurityThe RS³ project aims to enhance software security by developing resilient and sustainable countermeasures through innovative testing, secure compilers, attack mitigation, and hardware improvements. | ERC Consolid... | € 1.998.851 | 2023 | Details |
Self-Optimizing Static Program AnalysisSOSA aims to revolutionize static program analysis by creating self-adaptive analyses that optimize performance and precision, enhancing software security and developer efficiency. | ERC Advanced... | € 2.500.000 | 2024 | Details |
Realizing the benefits of safety-security co-analysis through effective tool supportRUBICON aims to develop a proof-of-concept software tool for integrated safety-security risk analysis in technology, enhancing decision-making through advanced algorithms and multi-objective optimization. | ERC Proof of... | € 150.000 | 2024 | Details |
Advanced Software Tools for JavaScript Developers
PAWTOOLS aims to commercialize novel program analysis techniques for JavaScript, enhancing security and stability in software development by automating library dependency management.
A Principled Plan to Prevent Transient Execution Attacks
Ghostbuster aims to automatically detect and mitigate advanced transient execution attacks by analyzing vulnerable code fragments and modeling attack conditions, enhancing security without crippling performance.
Resilient and Sustainable Software Security
The RS³ project aims to enhance software security by developing resilient and sustainable countermeasures through innovative testing, secure compilers, attack mitigation, and hardware improvements.
Self-Optimizing Static Program Analysis
SOSA aims to revolutionize static program analysis by creating self-adaptive analyses that optimize performance and precision, enhancing software security and developer efficiency.
Realizing the benefits of safety-security co-analysis through effective tool support
RUBICON aims to develop a proof-of-concept software tool for integrated safety-security risk analysis in technology, enhancing decision-making through advanced algorithms and multi-objective optimization.
Vergelijkbare projecten uit andere regelingen
| Project | Regeling | Bedrag | Jaar | Actie |
|---|---|---|---|---|
Secure “Annex K” software library voor de security marktSolid Sands onderzoekt de haalbaarheid van een Secure Annex K software library voor de security markt, met een focus op technische en economische aspecten, met een budget van 50.100 EUR. | Mkb-innovati... | € 20.000 | 2020 | Details |
Protecting modern open-source web applicationsThe project aims to enhance website security by integrating independent security researchers with automated virtual patching technology to protect against open-source code vulnerabilities. | EIC Accelerator | € 1.904.000 | 2022 | Details |
Ontwikkeling Platform onafhankelijke Development toolHet project onderzoekt de haalbaarheid van een tool die ontwikkelaars helpt om de structuur van applicaties platformonafhankelijk te analyseren en te verbeteren voor robuustheid en cyberveiligheid. | Mkb-innovati... | € 20.000 | 2020 | Details |
Perpetual Sandbox AnalysisHet project ontwikkelt een geautomatiseerde technologie voor het snel monitoren van malware met incubatietijd, gericht op het verbeteren van de cybersecurity van financiële instellingen. | Mkb-innovati... | € 190.050 | 2017 | Details |
Secure software co-designHet project onderzoekt veilige software co-development binnen het Reach platform door risicoprofielen op te stellen en mitigatiemogelijkheden voor gebruikersgegevens en malware te identificeren. | Mkb-innovati... | € 20.000 | 2022 | Details |
Secure “Annex K” software library voor de security markt
Solid Sands onderzoekt de haalbaarheid van een Secure Annex K software library voor de security markt, met een focus op technische en economische aspecten, met een budget van 50.100 EUR.
Protecting modern open-source web applications
The project aims to enhance website security by integrating independent security researchers with automated virtual patching technology to protect against open-source code vulnerabilities.
Ontwikkeling Platform onafhankelijke Development tool
Het project onderzoekt de haalbaarheid van een tool die ontwikkelaars helpt om de structuur van applicaties platformonafhankelijk te analyseren en te verbeteren voor robuustheid en cyberveiligheid.
Perpetual Sandbox Analysis
Het project ontwikkelt een geautomatiseerde technologie voor het snel monitoren van malware met incubatietijd, gericht op het verbeteren van de cybersecurity van financiële instellingen.
Secure software co-design
Het project onderzoekt veilige software co-development binnen het Reach platform door risicoprofielen op te stellen en mitigatiemogelijkheden voor gebruikersgegevens en malware te identificeren.