BASTION SIGNED
Leveraging Binary Analysis to Secure the Internet of Things
Total Cost €
0EC-Contrib. €
0Partnership
0Views
0BASTION project word cloud
Explore the words cloud of the BASTION project. It provides you a very rough idea of what is the project "BASTION" about.
Project "BASTION" data sheet
The following table provides information about the project.
| Coordinator |
RUHR-UNIVERSITAET BOCHUM
Organization address contact info |
| Coordinator Country | Germany [DE] |
| Total cost | 1˙472˙268 € |
| EC max contribution | 1˙472˙268 € (100%) |
| Programme |
1. H2020-EU.1.1. (EXCELLENT SCIENCE - European Research Council (ERC)) |
| Code Call | ERC-2014-STG |
| Funding Scheme | ERC-STG |
| Starting year | 2015 |
| Duration (year-month-day) | from 2015-03-01 to 2020-02-29 |
Partnership
Take a look of project's partnership.
| # | ||||
|---|---|---|---|---|
| 1 | RUHR-UNIVERSITAET BOCHUM | DE (BOCHUM) | coordinator | 1˙472˙268.00 |
Map
Project objective
We are in the midst of the shift towards the Internet of Things (IoT), where more and more (legacy) devices are connected to the Internet and communicate with each other. This paradigm shift brings new security challenges and unfortunately many current security solutions are not applicable anymore, e.g., because of a lack of clear network boundaries or resource-constrained devices. However, security plays a central role: In addition to its classical function in protecting against manipulation and fraud, it also enables novel applications and innovative business models.
We propose a research program that leverages binary analysis techniques to improve the security within the IoT. We concentrate on the software level since this enables us to both analyze a given device for potential security vulnerabilities and add security features to harden the device against future attacks. More specifically, we concentrate on the firmware (i.e., the combination of persistent memory together with program code and data that powers such devices) and develop novel mechanism for binary analysis of such software. We design an intermediate language to abstract away from the concrete assembly level and this enables an analysis of many different platforms within a unified analysis framework. We transfer and extend program analysis techniques such as control-/data-flow analysis or symbolic execution and apply them to our IL. Given this novel toolset, we can analyze security properties of a given firmware image (e.g., uncovering undocumented functionality and detecting memory corruption or logical vulnerabilities,). We also explore how to harden a firmware by retrofitting security mechanisms (e.g., adding control-flow integrity or automatically eliminating unnecessary functionality). This research will deepen our fundamental understanding of binary analysis methods and apply it to a novel area as it lays the foundations of performing this analysis on the level of intermediate languages.
Publications
| year | authors and title | journal | last update |
|---|---|---|---|
| 2019 |
Andre Pawlowski, Victor van der Veen, Dennis Andriesse, Erik van der Kouwe, Thorsten Holz, Cristiano Giuffrida, Herbert Bos VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching published pages: , ISSN: , DOI: |
ACSAC\'19 | 2019-11-22 |
| 2019 |
Davidsson, Nicolai; Pawlowski, Andre; Holz, Thorsten Towards Automated Application-Specific Software Stacks published pages: , ISSN: , DOI: |
ESORICS 2019 | 2019-11-22 |
| 2016 |
Robert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany and Thorsten Holz
Horst Görtz Institute for IT-Security (HGI), Ruhr-University Bochum, Germany Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding published pages: , ISSN: , DOI: |
Network and Distributed System Security Symposium (NDSS) 2016 | 2019-05-29 |
| 2017 |
Tim Blazytko, Moritz Contag, Cornelius Aschermann, and Thorsten Holz Syntia: Synthesizing the Semantics of Obfuscated Code published pages: , ISSN: , DOI: |
USENIX Security Symposium | 2019-05-29 |
| 2016 |
Julian Lettner, University of California, Irvine; Benjamin Kollenda, Ruhr-Universität Bochum;
Andrei Homescu, Immunant, Inc.; Per Larsen, University of California, Irvine, and
Immunant, Inc.; Felix Schuster, Microsoft Research; Lucas Davi and Ahmad-Reza Sadeghi,
Technische Universität Darmstadt; Thorsten Holz, Ruhr-Universität Bochum;
Michael Franz, University of California, Irvine Subversive-C: Abusing and Protecting Dynamic Message Dispatch published pages: , ISSN: , DOI: |
2016 USENIX Annual Technical Conference (USENIX ATC ’16) | 2019-05-29 |
| 2017 |
Andre Pawlowski, Moritz Contag, Victor van der Veen, Chris Ouwehand, Thorsten Holz, Herbert Bos, Elias Athanasopoulos, and Cristiano Giuffrida MARX: Uncovering Class Hierarchies in C++ Programs published pages: , ISSN: , DOI: |
2019-05-29 |
Are you the coordinator (or a participant) of this project? Plaese send me more information about the "BASTION" project.
For instance: the website url (it has not provided by EU-opendata yet), the logo, a more detailed description of the project (in plain text as a rtf file or a word file), some pictures (as picture files, not embedded into any word file), twitter account, linkedin page, etc.
Send me an email (fabio@fabiodisconzi.com) and I put them in your project's page as son as possible.
Thanks. And then put a link of this page into your project's website.
The information about "BASTION" are provided by the European Opendata Portal: CORDIS opendata.