SubsidieMeestersSecuStack: Securing the Leaky Hardware/Software Boundary
SecuStack aims to eliminate side-channel leaks by developing precise hardware-level leakage models to create provably secure systems, enhancing data protection against emerging attacks.
Projectdetails
Problem
Side-channel leaks via timing, cache, and speculation can expose sensitive information across traditional isolation barriers, putting our data at risk. Unfortunately, despite decades-long attempts to eliminate these leaks, new attacks are discovered by the day.
Fundamentally, this is due to the following mismatch: Today's hardware is extremely complicated because of its myriad fast paths and performance optimizations, yet we reason about it based on coarse, implicit, and inaccurate models. This divide between model and reality results in leaks and inefficient systems that fail to keep our data safe.
Aim
SecuStack wants to put an end to this seemingly endless cycle of new attacks and defenses through a radically new approach based on the following insight:
- To effectively secure computer systems against side-channel leaks, we need to know when the hardware leaks, at the level of gates, flip-flops, and wires.
Approach
SecuStack will leverage this insight via the following four research tasks:
- The SecuStack team will automatically construct per-processor, ground-truth leakage models at the hardware level (T1).
- Next, we will use those models to describe leakage at the assembly (ISA) level (T2), which in turn will allow us to synthesize provably correct software defenses (T3).
- These steps build on research breakthroughs from my recent work.
- To remain feasible for a small team in a five-year timeframe, SecuStack will not target legacy toolchains but instead aim for a breakthrough in a tightly controlled setting, based on open-source RISC-V processors and a custom compilation toolchain.
- Finally, we will demonstrate immediate practical impact by implementing two challenging case studies: a silicon root of trust and an enclave monitor (T4).
Impact
If successful, this ambitious effort will yield the first provably secure end-to-end timing, cache, and speculation safe systems and pave the way towards secure infrastructure for the future.
Financiële details & Tijdlijn
Financiële details
| Subsidiebedrag | € 1.500.000 |
| Totale projectbegroting | € 1.500.000 |
Tijdlijn
| Startdatum | 1-4-2024 |
| Einddatum | 31-3-2029 |
| Subsidiejaar | 2024 |
Partners & Locaties
Projectpartners
- STICHTING VUpenvoerder
Land(en)
Vergelijkbare projecten binnen European Research Council
| Project | Regeling | Bedrag | Jaar | Actie |
|---|---|---|---|---|
Resilient and Sustainable Software SecurityThe RS³ project aims to enhance software security by developing resilient and sustainable countermeasures through innovative testing, secure compilers, attack mitigation, and hardware improvements. | ERC Consolid... | € 1.998.851 | 2023 | Details |
Generation and Verification of Masking Countermeasures Against Side-Channel AttacksAMAskZONE aims to create a toolbox for generating and verifying secure cryptographic implementations on embedded devices, combining empirical testing and formal verification for practical security. | ERC Starting... | € 1.495.250 | 2023 | Details |
Hardware-assisted Adaptive Cross-Layer Security for Computing SystemsHYDRANOS aims to revolutionize computing security by designing adaptable hardware within SoCs for post-fabrication reconfiguration to combat emerging cross-layer attacks. | ERC Advanced... | € 2.485.281 | 2022 | Details |
A Principled Plan to Prevent Transient Execution AttacksGhostbuster aims to automatically detect and mitigate advanced transient execution attacks by analyzing vulnerable code fragments and modeling attack conditions, enhancing security without crippling performance. | ERC Advanced... | € 2.499.995 | 2025 | Details |
Formalizing, Verifying and Applying ISA Security Guarantees as Universal ContractsThis project aims to enhance ISA security by developing universal contracts for specifying security properties, enabling rigorous full-system security proofs and clearer developer responsibilities. | ERC Starting... | € 1.500.000 | 2022 | Details |
Resilient and Sustainable Software Security
The RS³ project aims to enhance software security by developing resilient and sustainable countermeasures through innovative testing, secure compilers, attack mitigation, and hardware improvements.
Generation and Verification of Masking Countermeasures Against Side-Channel Attacks
AMAskZONE aims to create a toolbox for generating and verifying secure cryptographic implementations on embedded devices, combining empirical testing and formal verification for practical security.
Hardware-assisted Adaptive Cross-Layer Security for Computing Systems
HYDRANOS aims to revolutionize computing security by designing adaptable hardware within SoCs for post-fabrication reconfiguration to combat emerging cross-layer attacks.
A Principled Plan to Prevent Transient Execution Attacks
Ghostbuster aims to automatically detect and mitigate advanced transient execution attacks by analyzing vulnerable code fragments and modeling attack conditions, enhancing security without crippling performance.
Formalizing, Verifying and Applying ISA Security Guarantees as Universal Contracts
This project aims to enhance ISA security by developing universal contracts for specifying security properties, enabling rigorous full-system security proofs and clearer developer responsibilities.
Vergelijkbare projecten uit andere regelingen
| Project | Regeling | Bedrag | Jaar | Actie |
|---|---|---|---|---|
Low-power consumption, heavy-metal-free wide-spectrum image sensors for mass-market computer vision applicationsQSTACK aims to develop a power-efficient, heavy-metal-free wide-spectrum image sensor technology to enhance computer vision applications, boosting the European semiconductor industry's competitiveness. | EIC Transition | € 2.370.937 | 2023 | Details |
SecuriPiSecuriPi ontwikkelt een geavanceerd multi-factor authenticatiesysteem om digitale weerbaarheid tegen cyberdreigingen te versterken. | Mkb-innovati... | € 20.000 | 2024 | Details |
Integrated Safety for Deeply Embedded Systems Software (ISAFE)Het ISAFE-project ontwikkelt een geïntegreerde aanpak voor de kwalificatie van softwaretools in veiligheid kritische systemen, gericht op het voldoen aan veiligheidsstandaarden en het verbeteren van softwareontwikkeling. | Mkb-innovati... | € 160.200 | 2016 | Details |
Multistage ruisreductie voor bewakingscamera’sV-Silicon onderzoekt de haalbaarheid van een multistage ruisreductieoplossing voor beveiligingscamera's, gericht op beeldverbetering in het donker. | Mkb-innovati... | € 20.000 | 2022 | Details |
Low-power consumption, heavy-metal-free wide-spectrum image sensors for mass-market computer vision applications
QSTACK aims to develop a power-efficient, heavy-metal-free wide-spectrum image sensor technology to enhance computer vision applications, boosting the European semiconductor industry's competitiveness.
SecuriPi
SecuriPi ontwikkelt een geavanceerd multi-factor authenticatiesysteem om digitale weerbaarheid tegen cyberdreigingen te versterken.
Integrated Safety for Deeply Embedded Systems Software (ISAFE)
Het ISAFE-project ontwikkelt een geïntegreerde aanpak voor de kwalificatie van softwaretools in veiligheid kritische systemen, gericht op het voldoen aan veiligheidsstandaarden en het verbeteren van softwareontwikkeling.
Multistage ruisreductie voor bewakingscamera’s
V-Silicon onderzoekt de haalbaarheid van een multistage ruisreductieoplossing voor beveiligingscamera's, gericht op beeldverbetering in het donker.