Go to content
SV På svenska

Trustworthy Fullstack Computing

Reference number
RIT17-0036
Project leader
Dam, Mads
Start and end dates
180301-240229
Amount granted
34 000 000 SEK
Administrative organization
KTH - Royal Institute of Technology
Research area
Information, Communication and Systems Technology

Summary

A typical modern application stack involves a large number of untrusted, subsidiary third-party services, even for security critical information flows. A graphical user interface, for instance, has a large attack surface involving devices, networks, operating systems, and a range of middleware, most of which is essentially untrustworthy and beyond user scrutiny. To address this problem, reducing the attack surface is essential. The TrustFull project aims to show that formal techniques can be used in combination with intelligent static and dynamic program manipulation techniques at scale to reduce attack surfaces and significantly strengthen systems defensive capabilities. The work plan focuses on application protection, fault containment and repair, developing the fundamental tools for modelling and analysis as needed. A secure GUI stack is developed as the main demonstration platform used to instantiate two concrete demonstrators, an e-wallet and a secure e-voting client.

Popular science description

That IT security is not in a satisfactory state is apparent to anyone that regularly opens a newspaper. A commonplace source of problems is software bugs. Some bugs are nothing more than inconveniences. Others can leave a computer to be taken over completely and used for various types of malicious acts such as keyboard sniffing, information theft, or zombification. This can be bad, but when it happens at scale, as the recent Wannacry attack showed, it can cripple large parts of society completely. The bugs themselves are an annoyance. But modern software is never shipped in a bugfree state. It is far too complex for that. There is, however, no reason why a bug in an application program or, for that matter, an operating system, should leave a computer completely defenseless. Computers ought to be robust enough to survive the presence of a bug and, even better, possess the means to repair themself. To achieve this the first problem is to reduce the possible damage a bug can give rise to. One way of solving this is to build a thin layer of very carefully crafted code, sometimes called a hypervisor, into the lowest layer of the software stack, in order to prevent the computer from being completly overrun. This idea was studied in a precursor project Prosper to TrustFull. In this project we take the idea much further to study how the same type of software can be used to protect much larger parts of software base, not least the security infrastructure itself. A key idea is to introduce variability into the software base to make it difficult for attackers to figure out where sensitive data is kept, or where to place malicious code. The same idea can be used also to attempt to recover, once faults have been discovered. The TrustFull project will demonstrate these ideas in practice by building a secure windowing system. These types of systems are vitally important for security, but also difficult to secure properly since they so many different software and hardware components are involved. The windowing system will be used to construct various secure applications, an e-wallet and an e-voting app, and demonstrate how the security solution developed in TrustFull improves on the state o the art in computer and communication security.