CASA PI Prof. Dr. Thorsten Holz is being funded by the European Research Council (ERC) with a Consolidator Grant of around 2 million euros for his research on software security. In the project "Resilient and Sustainable Software Security", RS3 for short, Holz wants to develop innovative methods to make software more robust against attacks in the long term.
The fact that thousands of smartphones belonging to politicians, human rights activists, representatives of the press and other people were investigated with the help of the Israeli Pegasus spying software caused a stir last summer. Among other things, the unknowing victims were infected with the malware via prepared messages without having to do anything. Among other things, Pegasus can record conversations, activate cameras or read location data. "This is just one of many cases in which software vulnerabilities have been exploited in recent years. Especially in complex software systems, there are currently still many gaps," says Thorsten Holz. Existing security solutions, for example on the protocol level, are theoretically secure, but the actual software implementation of complex systems often contains vulnerabilities in practice, according to the CISPA researcher.
In the EU-funded RS3 project, Thorsten Holz and a team of six want to tackle the challenge from different perspectives over the next five years. "Systems must be resistant to entire classes of attacks and also be able to maintain security over their entire lifetime. That means they have to keep adapting over time." As a first step, the CISPA researcher wants to develop new strategies to effectively and automatically test even complex software in order to quickly find errors and initiate the appropriate countermeasures through automated patching. In addition, the project will investigate how desired security features can also be embedded in the generation of software systems through the development of new compiler methods. In addition, robust mechanisms are to be developed at the hardware level with which advanced attacks can be mitigated and test methods can be implemented much more efficiently.
The new ERC grant - Thorsten Holz was already funded with a Starting Grant in 2014 - not only gives the researcher more freedom for his research. "An ERC grant also brings Europe-wide visibility for my research and the work here at CISPA. That is very helpful, especially in recruiting young researchers," explains Holz. The 40-year-old has been researching at CISPA since 2021 and focuses on the automated detection of software vulnerabilities, the interface of IT security and machine learning, and the security of mobile phone systems.
ERC President Prof Maria Leptin says: "Even in times of crisis, conflict and suffering, it is our duty to keep science on track and give our brightest minds free rein to explore their ideas. We do not know today how their work will revolutionise the future - but we do know that it will open new horizons, satisfy our curiosity and most likely help us prepare for unforeseeable future challenges. I am therefore very pleased that a new group of ERC awardees will be supported on their scientific journey. I wish them the best of luck on their journey to push the boundaries of our knowledge!"
About the ERC
The ERC, established by the European Union in 2007, is the main European funding organisation for excellent frontier research. It funds creative researchers of all nationalities and ages to carry out projects across Europe. The ERC offers four main funding programmes: Starting Grants, Consolidator Grants, Advanced Grants and Synergy Grants. With its additional Proof of Concept Grants programme, the ERC helps grantees bridge the gap between their groundbreaking research and the early stages of its commercialisation. The ERC is governed by an independent governing body, the Scientific Council. Maria Leptin has been the ERC President since 1 November 2021. The ERC's total budget for 2021 to 2027 is more than €16 billion and is part of the Horizon Europe programme under the responsibility of Mariya Gabriel, European Commissioner for Innovation, Research, Culture, Education and Youth.
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.