Software Security: excellent results for the ASPIRE project
The ASPIRE (Advanced Software Protection: Integration, Research and Exploitation) scientific project, in which FBK participated, was rated excellent.
Coordinated, for FBK, by researcher Mariano Ceccato, a researcher with the Software Engineering Unit headed by Paolo Tonella, the project has focused on the area of cybersecurity and in particular the automatic code protection.
After three years of work, the results were presented to auditors in January 2017 in Brussels and this month researchers received the official evaluation: the highest score possible.
What was the project about?
Software programs, and in particular apps for smartphones, are inherently insecure because, once delivered to the end user, they can be modified. In this way an app might work in a different way compared to how it was originally designed and manufactured. This is a big issue in various fields, such as on-demand video systems, pay-per-view systems, banking applications, and in general programs that require a valid (and paid) license to run. Thanks to the ASPIRE project, innovative approaches have been designed to automatically protect apps from alteration attempts.
“Unfortunately,” Ceccato emphasizes, “it’s embarrasing how easy it is to alter a smartphone app nowadays. The industry world asks us more and more often effective instruments to secure them. The ASPIRE project is an example of how research excellence can meet the contingent and urgent needs of industry, developing innovative and functional solutions. ”
The protections designed during the project have been tested in various ways. In particular, professional hackers were hired to test the apps, so as to consider not only the strengths and vulnerabilites of protection systems, but also to understand what strategies and tools are used to conduct this type of attacks. Finally, a similar challenge, open to the public, was launched with prize money for those who managed to break the protection systems. The results of these tests have led to improved security techniques and enhanced the results of ASPIRE.
The application developments.
The project produced as well applications for enterprises. Researchers at Fondazione Bruno Kessler created “2ASPIRE”, a startup whose goal is to produce and commercialize innovative solutions developed by the research project and make apps more secure. The 2ASPIRE business plan won the first prize in the ICT category of the D2T Start Cup competition (sponsored by TrentinoSviluppo).
Start and end date: November 1, 2013 – October 31, 2016
List of partners
• Ghent University
Fondazione Bruno Kessler
• Nagravision (Kudelski Group)
Polytechnic University of Turin
• SafeNet Europe GmbH (SafeNet group)
• University of East London
EU Funding: 2,949,977 Euros
• Dr. Mariano Ceccato (principal investigator)
• Dr. Paolo Tonella (research line leader)
• Dr. Andrea Avancini (researcher)
• Roberto Tiella (researcher)