Opendata, web and dolomites

CodeSan SIGNED

Code Sanitization for Vulnerability Pruning and Exploitation Mitigation

Total Cost €

0

EC-Contrib. €

0

Partnership

0

Views

0

Project "CodeSan" data sheet

The following table provides information about the project.

Coordinator
ECOLE POLYTECHNIQUE FEDERALE DE LAUSANNE 

Organization address
address: BATIMENT CE 3316 STATION 1
city: LAUSANNE
postcode: 1015
website: www.epfl.ch

contact info
title: n.a.
name: n.a.
surname: n.a.
function: n.a.
email: n.a.
telephone: n.a.
fax: n.a.

 Coordinator Country Switzerland [CH]
 Total cost 1˙499˙970 €
 EC max contribution 1˙499˙970 € (100%)
 Programme 1. H2020-EU.1.1. (EXCELLENT SCIENCE - European Research Council (ERC))
 Code Call ERC-2019-STG
 Funding Scheme ERC-STG
 Starting year 2020
 Duration (year-month-day) from 2020-03-01   to  2025-02-28

 Partnership

Take a look of project's partnership.

# participants  country  role  EC contrib. [€] 
1    ECOLE POLYTECHNIQUE FEDERALE DE LAUSANNE CH (LAUSANNE) coordinator 1˙499˙970.00

Map

 Project objective

Despite massive efforts in securing software, about 60 security bugs are publicly reported each month. Systems software is prone to low level bugs caused by undefined behavior (memory corruption, type confusion, or API confusion). Exploits abuse undefined behavior to execute attacker specified code, or to leak information. We propose code sanitization (CodeSan), a comprehensive approach to improve code quality. CodeSan will sanitize software by (i) automating bug discovery during development through software testing and (ii) protecting deployed software through reflective mitigations. CodeSan trades formal completeness for practical scalability in three steps: First, policy-based sanitization makes undefined behavior (through violations of memory safety, type safety, or API flow safety) explicit and detectable given concrete test inputs. Second, automatic test case generation increases testing coverage for large programs without the need for pre-existing test cases, enabling broader and automated use of policy-based sanitization. Third, for deployed software, reflective mitigations place runtime checks precisely where they are needed based on data-flow and control-flow coverage from our testing efforts. CodeSan complements formal approaches by protecting software that is currently out of reach due to its size, complexity, or low level nature.

CodeSan is a compelling, comprehensive, and adaptive approach to thoroughly address undefined behavior for complex software. The three proposed thrusts complement each other naturally and will immediately guard large software systems such as Google Chromium, Mozilla Firefox, the Android system, or the Linux kernel, making them resilient against attacks.

In line with PI Payer’s track record on open sourcing his group’s research artifacts on cast sanitization, transformative fuzzing, or control-flow hijacking mitigations, all prototypes produced during CodeSan will be released as open-source.

Are you the coordinator (or a participant) of this project? Plaese send me more information about the "CODESAN" project.

For instance: the website url (it has not provided by EU-opendata yet), the logo, a more detailed description of the project (in plain text as a rtf file or a word file), some pictures (as picture files, not embedded into any word file), twitter account, linkedin page, etc.

Send me an  email (fabio@fabiodisconzi.com) and I put them in your project's page as son as possible.

Thanks. And then put a link of this page into your project's website.

The information about "CODESAN" are provided by the European Opendata Portal: CORDIS opendata.

More projects from the same programme (H2020-EU.1.1.)

DISINTEGRATION (2019)

The Mass Politics of Disintegration

Read More  

VictPart (2019)

Righting Victim Participation in Transitional Justice

Read More  

FICOMOL (2019)

Field Control of Cold Molecular Collisions

Read More