Project acronym CLOUDMAP
Project Cloud Computing via Homomorphic Encryption and Multilinear Maps
Researcher (PI) Jean-Sebastien Coron
Host Institution (HI) UNIVERSITE DU LUXEMBOURG
Country Luxembourg
Call Details Advanced Grant (AdG), PE6, ERC-2017-ADG
Summary The past thirty years have seen cryptography move from arcane to commonplace: Internet, mobile phones, banking system, etc. Homomorphic cryptography now offers the tantalizing goal of being able to process sensitive information in encrypted form, without needing to compromise on the privacy and security of the citizens and organizations that provide the input data. More recently, cryptographic multilinear maps have revolutionized cryptography with the emergence of indistinguishability obfuscation (iO), which in theory can been used to realize numerous advanced cryptographic functionalities that previously seemed beyond reach. However the security of multilinear maps is still poorly understood, and many iO schemes have been broken; moreover all constructions of iO are currently unpractical.
The goal of the CLOUDMAP project is to make these advanced cryptographic tasks usable in practice, so that citizens do not have to compromise on the privacy and security of their input data. This goal can only be achieved by considering the mathematical foundations of these primitives, working "from first principles", rather than focusing on premature optimizations. To achieve this goal, our first objective will be to better understand the security of the underlying primitives of multilinear maps and iO schemes. Our second objective will be to develop new approaches to significantly improve their efficiency. Our third objective will be to build applications of multilinear maps and iO that can be implemented in practice.
Summary
The past thirty years have seen cryptography move from arcane to commonplace: Internet, mobile phones, banking system, etc. Homomorphic cryptography now offers the tantalizing goal of being able to process sensitive information in encrypted form, without needing to compromise on the privacy and security of the citizens and organizations that provide the input data. More recently, cryptographic multilinear maps have revolutionized cryptography with the emergence of indistinguishability obfuscation (iO), which in theory can been used to realize numerous advanced cryptographic functionalities that previously seemed beyond reach. However the security of multilinear maps is still poorly understood, and many iO schemes have been broken; moreover all constructions of iO are currently unpractical.
The goal of the CLOUDMAP project is to make these advanced cryptographic tasks usable in practice, so that citizens do not have to compromise on the privacy and security of their input data. This goal can only be achieved by considering the mathematical foundations of these primitives, working "from first principles", rather than focusing on premature optimizations. To achieve this goal, our first objective will be to better understand the security of the underlying primitives of multilinear maps and iO schemes. Our second objective will be to develop new approaches to significantly improve their efficiency. Our third objective will be to build applications of multilinear maps and iO that can be implemented in practice.
Max ERC Funding
2 491 266 €
Duration
Start date: 2018-10-01, End date: 2023-09-30
Project acronym NATURAL
Project Natural Program Repair
Researcher (PI) Tegawende F. Bissyande
Host Institution (HI) UNIVERSITE DU LUXEMBOURG
Country Luxembourg
Call Details Starting Grant (StG), PE6, ERC-2020-STG
Summary Automatic bug fixing, i.e., the idea of having programs that fix other programs, is a long-standing dream that is increasingly embraced by the software engineering community. Indeed, despite the significant effort that humans put into reviewing code and running software test campaigns, programming mistakes slip by, with severe consequences. Fixing those mistakes automatically has recently been the focus of a number of potentially promising techniques. Proposed approaches are however recurrently criticized as being shallow (i.e., they mostly address unit test failures, which are often neither hard nor important problems).
Initial successes in automatic bug fixing are based on scenarios such as the following: when a bug is localized, patches are generated repetitively and automatically, through trial and error, until a valid patch is produced. The produced patch could then be later revised by developers. While the reported achievements are certainly worthwhile, they do not address what we believe is a more comprehensive challenge of software engineering: to systematically fix features of a software system based on end-user requirements.
The ambition of NATURAL is to develop a methodology for yielding an intelligent agent that is capable of receiving a natural language description of a problem that a user faces with a software feature, and then synthesizing code to address this problem so that it meets the user's expectations. Such a repair bot would be a trustworthy software contributor that is 1) first, targeting real bugs in production via exploiting bug reports, which remain largely under-explored, 2) second, aligning with the conversational needs of collaborative work via generating explanations for patch suggestions, 3) third, shifting the repair paradigm towards the design of self-improving systems via yielding novel algorithms that iteratively integrate feedback from humans. Ultimately, NATURAL will be transformative in the practice of software engineering.
Summary
Automatic bug fixing, i.e., the idea of having programs that fix other programs, is a long-standing dream that is increasingly embraced by the software engineering community. Indeed, despite the significant effort that humans put into reviewing code and running software test campaigns, programming mistakes slip by, with severe consequences. Fixing those mistakes automatically has recently been the focus of a number of potentially promising techniques. Proposed approaches are however recurrently criticized as being shallow (i.e., they mostly address unit test failures, which are often neither hard nor important problems).
Initial successes in automatic bug fixing are based on scenarios such as the following: when a bug is localized, patches are generated repetitively and automatically, through trial and error, until a valid patch is produced. The produced patch could then be later revised by developers. While the reported achievements are certainly worthwhile, they do not address what we believe is a more comprehensive challenge of software engineering: to systematically fix features of a software system based on end-user requirements.
The ambition of NATURAL is to develop a methodology for yielding an intelligent agent that is capable of receiving a natural language description of a problem that a user faces with a software feature, and then synthesizing code to address this problem so that it meets the user's expectations. Such a repair bot would be a trustworthy software contributor that is 1) first, targeting real bugs in production via exploiting bug reports, which remain largely under-explored, 2) second, aligning with the conversational needs of collaborative work via generating explanations for patch suggestions, 3) third, shifting the repair paradigm towards the design of self-improving systems via yielding novel algorithms that iteratively integrate feedback from humans. Ultimately, NATURAL will be transformative in the practice of software engineering.
Max ERC Funding
1 495 988 €
Duration
Start date: 2021-02-01, End date: 2026-01-31
Project acronym TUNE
Project Testing the Untestable: Model Testing of Complex Software-Intensive Systems
Researcher (PI) Lionel, Claude, Laurent Briand
Host Institution (HI) UNIVERSITE DU LUXEMBOURG
Country Luxembourg
Call Details Advanced Grant (AdG), PE6, ERC-2015-AdG
Summary Software-intensive systems pervade modern society and industry. These systems often play critical roles from an economic, safety or security standpoint, thus making their dependability indispensible. Software Verification and Validation (V&V) is core to ensuring software dependability. The most prevalent V&V technique is testing, that is the automated, systematic, and controlled execution of a system to detect faults or to show compliance with requirements. Increasingly, we are faced with systems that are untestable, meaning that traditional testing methods are highly expensive, time-consuming or infeasible to apply due to factors such as the systems’ continuous interactions with the environment and the deep intertwining of software with hardware.
TUNE will enable testing of untestable systems by revolutionising how we think about test automation. Our key idea is to frame testing on models rather than operational systems. We refer to such testing as model testing. The models that underlie model testing are executable representations of the relevant aspects of a system and its environment, alongside the risks of system failures. Such models inevitably have uncertainties due to complex, dynamic environment behaviours and the unknowns about the system. This necessitates that model testing be uncertainty-aware.
We propose to develop scalable, practical and uncertainty-aware techniques for test automation, leveraging our expertise on model-driven engineering and automated testing. Our solutions will synergistically combine metaheuristic search with system and risk models to drive the search for critical faults that entail the most risk. TUNE is the first initiative with the specific goal of raising the level of abstraction of testing from operational systems to models. The project will bring early and cost-effective automation to the testing of many critical systems that defy existing automation techniques, thus significantly improving the dependability of such systems.
Summary
Software-intensive systems pervade modern society and industry. These systems often play critical roles from an economic, safety or security standpoint, thus making their dependability indispensible. Software Verification and Validation (V&V) is core to ensuring software dependability. The most prevalent V&V technique is testing, that is the automated, systematic, and controlled execution of a system to detect faults or to show compliance with requirements. Increasingly, we are faced with systems that are untestable, meaning that traditional testing methods are highly expensive, time-consuming or infeasible to apply due to factors such as the systems’ continuous interactions with the environment and the deep intertwining of software with hardware.
TUNE will enable testing of untestable systems by revolutionising how we think about test automation. Our key idea is to frame testing on models rather than operational systems. We refer to such testing as model testing. The models that underlie model testing are executable representations of the relevant aspects of a system and its environment, alongside the risks of system failures. Such models inevitably have uncertainties due to complex, dynamic environment behaviours and the unknowns about the system. This necessitates that model testing be uncertainty-aware.
We propose to develop scalable, practical and uncertainty-aware techniques for test automation, leveraging our expertise on model-driven engineering and automated testing. Our solutions will synergistically combine metaheuristic search with system and risk models to drive the search for critical faults that entail the most risk. TUNE is the first initiative with the specific goal of raising the level of abstraction of testing from operational systems to models. The project will bring early and cost-effective automation to the testing of many critical systems that defy existing automation techniques, thus significantly improving the dependability of such systems.
Max ERC Funding
2 307 932 €
Duration
Start date: 2016-09-01, End date: 2022-02-28
