Mathias Payer, tenure-track assistant professor in the School of Computer and Communication Sciences (IC), is the recipient of Eccellenza Grant from the Swiss National Science Foundation (SNSF) for his research project to detect and remove software security flaws.
The project, called MultiSan, will lead to the development of technologies that can be used by software developers to eliminate exploitable security flaws. Instead of testing all code, Payer and colleagues will target code that is exposed to potentially adversary-controlled data, otherwise known as “input-reachable” code. They will do so by adopting the “code sanitization” approach.
The MultiSan project aims to improve software security testing in four major areas: policy-based sanitization, automatic (security) test inference, scaling testing, and guarding the hardware/software interface. It will generate reports to help developers patch the underlying bugs and prohibit an attack.
True to the belief in open source development, all research findings and applications will be released as open source prototypes, benchmarks, and code. That will not only facilitate further evolution of the results by other researchers but also help users access increased software security and data protection tools. It will also create new synergies between academia, developers, and the corporate sector.
The Eccellenza Grants, which offer project funds of up to CHF 1,500,000 over five years, are awarded annually to “highly qualified young researchers who aspire to a permanent professorship.” It helps scientists carry out research projects with their own research team at a higher education institution in Switzerland.
It may be recalled that Mathias Payer was also awarded a European Research Council (ERC) Starting Grant earlier in the year to support open-source research in software security.