For decades, numerous vulnerabilities have put computer systems and applications at risk. Several cybersecurity issues have been recurrent, being Buffer Overflows (BOs) vulnerabilities a primary attack method, which nowadays still accounts for more than 25% of the reported attacks. Such a high number clearly shows that classical software-based and compiler-assisted techniques for preventing exploitation of buffer overflow vulnerabilities did not succeed. Existing hardware-based methods (e.g., StackGhost) are too restricted and therefore they are not widely used.
This project aims the design of an innovative hardware-based system monitoring architecture, introducing novel non-intrusive observation and runtime verification mechanisms for robust defence against cybersecurity hazards emerging either from accidental faults or from malicious attacks. Technical feasibility will be demonstrated for SPARC (aerospace applications) and ARM (telecommunications, including mobile) platforms.
LASIGE is supported by FCT, project UID/CEC/00408/2013