Loading…

Loading grant details…

Active HORIZON European Commission

SecuStack: Securing the Leaky Hardware/Software Boundary

€1.5M EUR

Funder European Commission
Recipient Organization Stichting Vu
Country Netherlands
Start Date Apr 01, 2024
End Date Mar 31, 2029
Duration 1,825 days
Number of Grantees 1
Roles Coordinator
Data Source European Commission
Grant ID 101115046
Grant Description

Problem: Side-channel leaks via timing, cache, and speculation can expose sensitive information across traditional isolation barriers, putting our data at risk. Unfortunately, despite decades-long attempts to eliminate these leaks, new attacks are discovered by the day.

Fundamentally, this is due to the following mismatch: Today's hardware is extremely complicated because of its myriad fast paths and performance optimizations, yet, we reason about it based on coarse, implicit, and inaccurate models. This divide between model and reality results in leaks and inefficient systems that fail to keep our data safe.

Aim: SecuStack wants to put an end to this seemingly endless cycle of new attacks and defenses through a radically new approach based on the following insight: To effectively secure computer systems against side-channel leaks, we need to know when the hardware leaks, at the level of gates, flip-flops, and wires.

Approach: SecuStack will leverage this insight via the following four research tasks.

First, the SecuStack team will automatically construct per-processor, ground-truth leakage models at the hardware level (T1).

Next, we will use those models to describe leakage at the assembly (ISA) level (T2), which in turn will allow us to synthesize provably correct software defenses (T3). These steps build on research breakthroughs from my recent work.

To remain feasible for a small team in a five-year timeframe, SecuStack will not target legacy toolchains but instead aim for a breakthrough in a tightly controlled setting, based on open-source RISC-V processors and a custom compilation toolchain.

Finally, we will demonstrate immediate practical impact by implementing two challenging case studies: a silicon root of trust and an enclave monitor (T4).

Impact: If successful, this ambitious effort will yield the first provably secure end-to-end timing, cache, and speculation safe systems and pave the way towards secure infrastructure for the future.

All Grantees

Stichting Vu

Advertisement
Apply for grants with GrantFunds
Advertisement
Browse Grants on GrantFunds
Interested in applying for this grant?

Complete our application form to express your interest and we'll guide you through the process.

Apply for This Grant