2018-annual-report
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
64
DEDETIS
Detecting and Defending Against Threats to the Information Society
annual report
20
Funding: Spanish Ministry of Economy, Industry, and Competitiveness
Duration: 2016-2018
Principal Investigators: Assoc. Res. Prof. Juan Caballero – Assoc. Res. Prof. Boris Köpf
The goal of the DEDETIS project is to deliver the next generation of detection and defense techniques and
tools against cyber threats. While our techniques and tools will be useful in multiple application scenarios,
the emphasis of the project is on protecting the booming mobile and cloud computing environments against
today’s and tomorrow’s threats. The work plan of the project is organized in 3 research lines that cover: 1)
The fight against cybercrime, including novel system and network security approaches for detecting malicious
software (malware) in mobile devices, classifying and recovering the software lineage of malware, and disrupting
malicious server infrastructures hosted on cloud hosting services; 2) The detection and analysis of software
vulnerabilities, including novel program analysis techniques to detect vulnerabilities with high coverage as
well as algorithmic vulnerabilities, e.g., side-channel attacks on cryptographic modules and denial of service
attacks through resource starvation; 3) Privacy and integrity in cloud computing , including novel cryptographic
protocols based on homomorphic encryption and zero-knowledge verifiable computation to securely outsource
data and computations to untrusted cloud service providers.
RISCO
Rigorous Technologies for the Analysis and Verification
of Sophisticated Concurrent Software
Funding: Spanish Ministry of Economy, Industry, and Competitiveness
Duration: 2016-2018
Principal Investigators: Assoc. Res. Prof. Pierre Ganty – Assoc. Res. Prof. Alexey Gotsman
The overall goal of the project is to develop new foundations for production and rigorous formal reasoning about
modern concurrent and distributed computations. Formally proving that concurrent and distributed programs
behave as expected is an old problem, and many of its facets have been well understood. However, modern
applications, hardware platforms, and language standards, keep imposing new and stringent requirements
on the development and deployment of such programs. The specific goal of this project is to bridge the gap
between the low-level details essential for the implementation of programs on modern concurrent and distributed
architectures, and the high-level understanding necessary for formal verification. We will tackle the problems
using a two-pronged approach, as follows: 1) We will study how the gap can be bridged in an automated way,
by investigating the complexity of the verification problems for the above modern concurrent and distributed
computational models, and design efficient decision procedures for reasoning about high-level abstract data
types in such models, and implement them in tools; 2) We will study how the gap can be bridged in the context
of human-assisted (i.e., interactive) proof development. In that setting, the challenge is to come up with proof
abstractions that reduce the number and complexity of the required proof obligations, thus enabling humans
to develop the correctness proofs by hand.