Academy of Finland  
Funding decision
Organisation Aalto University
Project title Rigorous security guarantees for run-time integrity
Applicant / Contact person Gunn, Lachlan
Decision No. 339514
Decision date 03.06.2021
Funding period 01.09.2021 - 31.08.2024
Funding 248 120
Project description
Memory corruption vulnerabilities are a major risk to application security; Microsoft state that they make up seventy percent of their reported vulnerabilities. The WannaCry and NotPetya ransomware programs spread using this type of vulnerability, alone causing an estimated 14 to 18 billion US dollars worth of damage. Ever since these vulnerabilities were first exploited by the Morris Worm in 1988, attackers and defenders have played a cat-and-mouse game, with defenders adding new roadblocks in the way of known attacks, and attackers coming up with new ways to bypass them in turn. But despite these defenses, attackers still achieve remote code execution by exploiting the same vulnerabilities, except with more complex exploits and lower probabilities of success. The goal of this project is to end the game of cat-and-mouse by developing new defensive mechanisms whose security is provably limited only by the capabilities of the attacker, rather than the attacker's ingenuity.