Opendata, web and dolomites


Leveraging Binary Analysis to Secure the Internet of Things

Total Cost €


EC-Contrib. €






Project "BASTION" data sheet

The following table provides information about the project.


Organization address
city: BOCHUM
postcode: 44801

contact info
title: n.a.
name: n.a.
surname: n.a.
function: n.a.
email: n.a.
telephone: n.a.
fax: n.a.

 Coordinator Country Germany [DE]
 Total cost 1˙472˙268 €
 EC max contribution 1˙472˙268 € (100%)
 Programme 1. H2020-EU.1.1. (EXCELLENT SCIENCE - European Research Council (ERC))
 Code Call ERC-2014-STG
 Funding Scheme ERC-STG
 Starting year 2015
 Duration (year-month-day) from 2015-03-01   to  2020-02-29


Take a look of project's partnership.

# participants  country  role  EC contrib. [€] 
1    RUHR-UNIVERSITAET BOCHUM DE (BOCHUM) coordinator 1˙472˙268.00


 Project objective

We are in the midst of the shift towards the Internet of Things (IoT), where more and more (legacy) devices are connected to the Internet and communicate with each other. This paradigm shift brings new security challenges and unfortunately many current security solutions are not applicable anymore, e.g., because of a lack of clear network boundaries or resource-constrained devices. However, security plays a central role: In addition to its classical function in protecting against manipulation and fraud, it also enables novel applications and innovative business models.

We propose a research program that leverages binary analysis techniques to improve the security within the IoT. We concentrate on the software level since this enables us to both analyze a given device for potential security vulnerabilities and add security features to harden the device against future attacks. More specifically, we concentrate on the firmware (i.e., the combination of persistent memory together with program code and data that powers such devices) and develop novel mechanism for binary analysis of such software. We design an intermediate language to abstract away from the concrete assembly level and this enables an analysis of many different platforms within a unified analysis framework. We transfer and extend program analysis techniques such as control-/data-flow analysis or symbolic execution and apply them to our IL. Given this novel toolset, we can analyze security properties of a given firmware image (e.g., uncovering undocumented functionality and detecting memory corruption or logical vulnerabilities,). We also explore how to harden a firmware by retrofitting security mechanisms (e.g., adding control-flow integrity or automatically eliminating unnecessary functionality). This research will deepen our fundamental understanding of binary analysis methods and apply it to a novel area as it lays the foundations of performing this analysis on the level of intermediate languages.


year authors and title journal last update
List of publications.
2019 Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos
VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching
published pages: , ISSN: , DOI:
ACSAC\'19 2019-11-22
2019 Davidsson, Nicolai; Pawlowski, Andre; Holz, Thorsten
Towards Automated Application-Specific Software Stacks
published pages: , ISSN: , DOI:
ESORICS 2019 2019-11-22
2016 Robert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany and Thorsten Holz Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum, Germany
Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding
published pages: , ISSN: , DOI:
Network and Distributed System Security Symposium (NDSS) 2016 2019-05-29
2017 Tim Blazytko, Moritz Contag, Cornelius Aschermann, and Thorsten Holz
Syntia: Synthesizing the Semantics of Obfuscated Code
published pages: , ISSN: , DOI:
USENIX Security Symposium 2019-05-29
2016 Julian Lettner, University of California, Irvine; Benjamin Kollenda, Ruhr-Universität Bochum; Andrei Homescu, Immunant, Inc.; Per Larsen, University of California, Irvine, and Immunant, Inc.; Felix Schuster, Microsoft Research; Lucas Davi and Ahmad-Reza Sadeghi, Technische Universität Darmstadt; Thorsten Holz, Ruhr-Universität Bochum; Michael Franz, University of California, Irvine
Subversive-C: Abusing and Protecting Dynamic Message Dispatch
published pages: , ISSN: , DOI:
2016 USENIX Annual Technical Conference (USENIX ATC ’16) 2019-05-29
2017 Andre Pawlowski, Moritz Contag, Victor van der Veen, Chris Ouwehand, Thorsten Holz, Herbert Bos, Elias Athanasopoulos, and Cristiano Giuffrida
MARX: Uncovering Class Hierarchies in C++ Programs
published pages: , ISSN: , DOI:

Are you the coordinator (or a participant) of this project? Plaese send me more information about the "BASTION" project.

For instance: the website url (it has not provided by EU-opendata yet), the logo, a more detailed description of the project (in plain text as a rtf file or a word file), some pictures (as picture files, not embedded into any word file), twitter account, linkedin page, etc.

Send me an  email ( and I put them in your project's page as son as possible.

Thanks. And then put a link of this page into your project's website.

The information about "BASTION" are provided by the European Opendata Portal: CORDIS opendata.

More projects from the same programme (H2020-EU.1.1.)


Dynamic Modeling of Labor Market Mobility and Human Capital Accumulation

Read More  

MATCH (2020)

Discovering a novel allergen immunotherapy in house dust mite allergy tolerance research

Read More  

RTMFRM (2019)

Room Temperature Magnetic Resonance Force Microscopy

Read More