Computer programs are analyzed by simulating their behavior according to the syntax and semantics of the programming language used. While this approach is effective for smaller programs, it often produces false positives or fails to report critical security flaws when applied to more complex systems, such as the majority of those used today.
Similarly, in biology, scientists use computer models to understand the behavior of a biological system. In some instances, the system is too complex for computer models. In that case, biologists use empirical methods, such as observation or experiments, to learn about the properties of that system "in-vivo". Marcel Böhme took inspiration from biology to develop AT*SCALE. “In project AT*SCALE, I will design new, groundbreaking methods to address challenges of scalability and reliability of existing methods. I strongly believe the empirical lens will inspire a new perspective on the software analysis problem, which will lead to a paradigm shift in the research community.”, says Böhme.
AT*SCALE will not only detect security flaws but also diagnose and repair them: “My goal is to find and fix security flaws in large software systems automatically. Specifically, project AT*SCALE will develop the most scalable and reliable techniques for the automatic discovery, diagnosis, and repair of security flaws to date.”, added Böhme. To achieve this goal, Böhme and his team will create millions of software clones per second, on which they will run concurrent experiments to detect possible cyberattack vulnerabilities. To do that, they will use the fuzzing algorithm developed by their team.
A fuzzer is an automated test generator: it generates artificial executions of parts of the given software to detect vulnerabilities to attacks. It is a commonly used software analysis tool that is considered the first line of defense against attacks by companies such as Google. In the current project, the artificial executions will be replaced by real executions on the cloned versions of the software, enhancing detection accuracy.
For this project proposal, Marcel Böhme, a faculty member at the Max Planck Institute for Security and Privacy, was awarded the ERC consolidator Grant by the European Research Council. “In 2024, the global cost for cybercrime is expected to exceed 10 trillion Euros. Project AT*SCALE will deliver effective technology to fortify the world’s digital infrastructure against cyberattacks and significantly lower these costs”, concludes Böhme.
The European Research Council (ERC), established by the European Commission, grants research funding to excellent scientists from all disciplines who perform research at the frontiers of knowledge. The ERC is the primary European research funding organization and offers four grant schemes: Starting Grants, Consolidator Grants, Advanced Grants, and Synergy Grants.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.