Improving software security implies a two-pronged approach: testing the software security environment and mitigating attacks. While testing enables developers to detect bugs that are reachable through adversarially controlled input, mitigation involves the process of patching the underlying bugs and prohibiting an attack. On the one hand, mitigations such as ASLR, DEP, or stack canaries protect against unknown or unpatched vulnerabilities by stopping an exploit; on the other, lightweight runtime guards detect a security violation and terminate the process. Nonetheless, despite rapid advancements in software security, attacks continue to expose software vulnerabilities by reusing existing code. In this context, a team of researchers at EPFL, led by tenure-track assistant professor Mathias Payer, are working on a project to enhance software security by focusing on multidimensional, input-guided software security testing through sanitization.
The MultiSan project, which is being funded by an Eccellenza Grant from the Swiss National Science Foundation (SNSF), specifically focuses on code that is exposed to potentially adversary-controlled data. By targeting the immediate attack surface instead of testing all code, the research aims to prioritize the search for bugs on exposed code, thus enabling developers to take care of security vulnerabilities before they can be exploited.
The project hopes to improve software security along four different lines: policy-based sanitization, automatic (security) test inference, scaling testing, and guarding the hardware/software interface. Policy-based sanitization will lead to faster and more accurate detection of security violations. A report will be generated whenever a bug is triggered and not when the program crashes. On the other hand, automatic (security) test inference will customize input generation and modify the program to remove hard-to-trigger checks, such as checksums. Scaling testing will apply to complex environments by providing end-to-end testing for large code bases. In its fourth dimension, the MultiSan project will allow developers to test hardware and/or software interfaces and expose an inherently attacker-controlled environment. The hardware testing approach proposed by the research team will virtualize drivers and let them interact with emulated mock-hardware controlled by the testing framework.
The findings of the research project–including prototypes, benchmarks, and code—will be available as open source releases. That would enable the research community to build on the findings and further improve them over time. Conversely, the end users or developers can access the documentation, reports, and prototypes produced during the research to protect their code.