Securely Taking On New Executable Stuff Of Uncertain Provenance

Can we securely run software of uncertain provenance, improving the assurance and substantially reducing the cost of certifying security properties of mission-critical software systems? That is the subject of the STONESOUP study.

We are studying how to gain assurance by examining software itself and accompanying artifacts of its creation, and by running software in an environment that constrains its behavior. The mechanisms of interest are those that do not rely on trust in the code supplier.

A new certification pipeline?

We are investigating technologies that can produce specific assurances about software—particularly, security assurances:

  • Languages and specifications. Lightweight specifications can help evaluate software properties.
  • Analysis and transformation. Analyses can identify vulnerabilities; transformations can eliminate them or enable monitoring.
  • Testing and model checking. Automated testing and model checking can be used to identify vulnerabilities.
  • Monitoring and confinement. Confinement (by the OS, VMM, ...) can prevent misbehavior and allow monitoring.

We will also study synergies between these different technologies, bringing together interested researchers from different research areas to identify how combined approaches can improve assurance or reduce cost.