RUNSECURE is the acronym for a new research project on Provably secure program executions through declaratively defined dynamic program analyses, which the DFG is now funding for up to five years through its prestigious Emmy Noether Fellowship program. As the DFG writes, “The Emmy Noether Program supports young researchers in achieving independence at an early stage of their scientific careers. Young postdocs gain the qualifications required for a university teaching career during a DFG-funded period, usually lasting five years, in which they lead their own independent junior research group. As a rule, researchers who have acquired between two and four years of postdoctoral research experience are eligible to apply. Applicants must have international research experience.”
Project RUNSECURE
Modern software systems are rich in functionality but also prone to bugs and vulnerabilities that threaten the security and privacy of users and their data. In the past years, researchers have made significant progress in the static analysis of such systems, which allows developers to recognize and remove programming errors prior to deployment. Many vulnerabilities, however, can only be recognized as a piece of software executes, last but not least because also malicious attackers can use static-analysis tools to craft exploits in such a way that they circumvent static detection. A truly secure execution environment must therefore combine static analyses with just-in-time runtime analyses.
The project RUNSECURE will develop methods, techniques and tools that will allow software developers to reliably detect and security vulnerabilities and prevent them from being exploited. No matter how much an exploit tries to conceal its malicious intent, it can always be recognized when it is about to execute. At this point in time, one must be sure, however, that the executing exploit can be recognized and prevented from succeeding. To this end, the project will develop a novel programming language that allows developers to define dynamic program analyses and security monitors in a highly declarative manner. Analyses defined that way are then amenable to highly efficient automatic code generation and can easily be proven correct, due to their high level of abstraction.
This project is initially funded for three years, with possible extension up to five years. Thanks to everyone who supported my application!
Press Coverage