NSOE-TSS Grant Call 2019: Trustworthy Software Systems – Core Technologies

Issued by National Satellite of Excellence in Trustworthy Software Systems

The National Satellite of Excellence in Trustworthy Software Systems (NSoE-TSS) focuses on cutting edge research in software and system security. The center aims to build on Singapore's combined strengths in the areas of analysis, testing, verification, hardening, isolation and system design. Focus will be on developing certification capabilities, particularly for embedded software systems and Internet of Things (IoT) devices. The NSoE-TSS has received significant funding from National Research Foundation in January 2019 for a period of four years.


OVERVIEW

Program analysis is a core activity which is key to software vulnerability detection, patching, testing and certification. Advances in program analysis can thus directly benefit and enhance program certification and hardening capabilities.  In the past, we have seen a variety of analysis and verification methods emerging which rely on the maturity of powerful constraint solvers in the back-end. In addition, various security testing and fuzz testing tools which rely on a variety of search-based genetic programming techniques have matured. Bridging the gap between testing and verification by enabling both techniques to contribute to software certification has emerged as a possibility.

Side channel analysis is also an old area of security. Conventionally, the side channel analysis has been focusing on timing properties, but recently there has been greater focus on timing properties, energy, thermal and electromagnetic properties. In this area, there also exists scope for combining and bridging the gap between testing and verification, albeit in the context of ensuring non-functional properties of software.


SCOPE

In this grant call, proposals which build on past advances in this area, and at the same time, investigate combinations of learning techniques to enhance the analysis / certification capabilities with the goal of building trust-worthy and smart systems are encouraged. Topics of interest include, but are not restricted to the following.

  1. Binary analysis
  2. Malware detection and rectification
  3. Intelligent fuzzing techniques
  4. Patch management in large systems
  5. Combinations of fuzzing and verification
  6. Testing, analysis and verification of device drivers
  7. Fuzzing and security testing of mobile apps
  8. Advances in constraint solving to aid analysis
  9. Advances in model checking and symbolic execution
  10. Advances in compositional verification and refinement
  11. Run-time monitoring and its combination with code analysis
  12. Advances in decision procedures in theorem proving
  13. Analysis driven code generation
  14. Combination of machine learning and analysis for software security
  15. Isolated execution mechanisms to enable certification.
  16. Certification and verification of critical infrastructures and cyber physical systems
  17. Compiler/OS testing and analysis
  18. Big-data driven security analysis of software
  19. Analysis for critical application scenarios such as smart home, water and power systems
  20. Mobile app analysis
  21. Side channels – their analysis, detection and prevention
  22. Soft errors – their analysis, detection and prevention.

Since the gestation period for building strong analysis and certification tools is high, the research risks can be mitigated by proposing technologies which build on widely available open-source tools, or on previously home grown tools, or both. Each applicant team can make a case on

  1. whether the proposed project touches functional or non-functional certification
  2. show relevance of the proposed research to certification by pointing to possible solutions to challenge problems.


PROJECT FUNDING AND DURATION

The duration of the project should be 2 to 2.5 years, with a quantum of $400,000 to $800,000 (inclusive of 10% IRC).


ELIGIBILITY

The grant call is open to all researchers from a publicly-funded Singaporean Institute of Higher Learning (IHL) or Research Institution (RI). Each proposal submission must have a Principal Investigator (PI) who is a full-time researcher (or part-time with at least 75% appointment) at publicly-funded Singapore based IHL/RI. Grant applicants must meet the following requirements to be eligible for the funding under the grant call:

  • Evidence of pathway to deployment of proposed research is desirable. One possible way to demonstrate this is to point out receptacles of your research in Singapore and mention them as Co-PI (this is one way, not a requirement).
  • Collaborators are not restricted to any category, but are not eligible to receive any funding. 
  • All project work must be done in Singapore, unless expressly approved by the NSOE-TSS.

Proposals already funded by other funding agencies are not eligible for funding under this grant call.


APPLICATION

The following templates and guidelines for the submission of the grant documents are made available at https://www.comp.nus.edu.sg/~nsoe-tss/grantCall1.htm

  • Proposal Template
  • Budget Template
  • Objectives and Deliverables Template
  • Performance Indicators Template
  • Gantt Chart Template

All relevant sections in the online submission form should be filled out. These documents are required as attachments:

  • Full Proposal in PDF format
  • Budget, Objectives, Deliverables, KPIs, Gantt Chart in MS Excel document
  • Slide deck of 5 slides explaining significance of work proposed in PDF format


SUBMISSION BY PRINCIPAL INVESTIGATOR (DEADLINE: 30th APRIL 2019, TUESDAY, 11.59PM, SINGAPORE TIME)


Grant applicants shall submit the full proposals by the specified deadline through the online submission site at https://cmt3.research.microsoft.com/TSSCTG2019.


CONTACT PERSON FOR MORE INFORMATION