About the project
Project Name: SCoP – Secure-by-design Communication Protocols
Create an open, secure and resource efficient infrastructure to engineer a modern basis for open messaging (for existing and emerging protocols) using type-safe languages and unikernels.
Over the past few decades, the usage of emails has been massively widespread by both individuals and companies. Billions of emails are sent every day and this number is expected to increase to reach 333 billion of emails exchanged daily in 2022. Moreover, end-users tend to delegate this task to third-party companies like Google and Microsoft, as managing internet communication software stacks became increasingly complex. Moreover, existing implementations of these communication services rely on ad-hoc methodologies and memory-unsafe languages, where minor developer errors could easily escalate into major security flaws. The centralization of communication services means that a successful attack is leading to major personal data breaches.
To fix this issue, this project aims to engineer a modern basis for open messaging that supports existing protocols such as emails but is also extensible and customizable for emerging protocols such as matrix. We will be building trustable implementations of these open protocols using type-safe languages and we will deploy these implementations as specialized, secure and resource efficient unikernels. They will become the basis of the communication system of OSMOSE, Tarides’ commercial solution for secure-by-design IoT infrastructure.
Every component of that system will be carefully designed as independent libraries, using modern development techniques to avoid the common reported threats and flaws. For instance, the implementation of protocol parsers and serializers will be written in a type-safe language and will be using fuzzing, e.g state-of-the-art coverage-driven test. The combination of these techniques will increase users’ trust to migrate their personal data to these new secure services.
Moreover, these techniques are also useful to produce a large and reusable corpus of test materials, and we also plan to release this corpus of tests separately for other implementations to use. It will give the tools to other developers to write the next-generation messaging applications by extending the existing protocols with more confidence.