image: Marco Guarnieri
Credit: IMDEA Software
Marco Guarnieri, Associate Research Professor at the IMDEA Software Institute, has been awarded an ERC Consolidator Grant from the European Research Council (ERC) to develop PRIMULA, a scientific project focused on the security of hardware–software systems. The project has a budget of 2€ million and a duration of 5 years.
PRIMULA: Towards hardware–software systems that are secure by design
The development of security-critical software often relies on a risky assumption: that the underlying processor is completely secure. However, recent experience shows that this assumption is frequently false. Microarchitectural attacks such as Spectre and Meltdown have revealed that internal processor details, invisible at the program level, can be exploited to compromise even correctly designed applications.
These attacks take advantage of subtle hardware behaviors stemming from the processor’s microarchitecture. The PRIMULA project aims to tackle this challenge at its root by developing new methodologies for building hardware–software systems with precise security guarantees directly tied to the CPU microarchitecture.
Expected results: formal foundations and practical tools
Over the next five years, the PRIMULA project aims to advance in two key directions:
1. Establish formal foundations for reasoning about security against microarchitectural attacks in modern multicore CPUs.
2. Develop tools for hardware and software developers, enabling the construction of systems that are secure by design.
Thanks to these advances, PRIMULA will enable the creation of hardware architectures and software that are provably and proactively resistant to entire families of microarchitectural attacks, eliminating the need for ad-hoc solutions whenever a new vulnerability emerges.
A paradigm shift in computer security
In the past decade, mitigating microarchitectural attacks has cost billions of euros, both directly (through patches and updates) and indirectly (through unexpected performance losses). Moreover, the continuous appearance of new variants keeps the problem alive.
The project led by Marco Guarnieri aims to drive a profound shift: moving from a reactive and manual approach, based on temporary mitigations, to a proactive approach that enables the design of secure systems from the outset. This vision will make it possible to address entire classes of attacks “once and for all,” the researcher notes, avoiding future costs and strengthening trust in the digital infrastructure that underpins modern society.
About the ERC Consolidator Grant
The European Research Council (ERC) selected 349 mid-career researchers to receive Consolidator Grants, with a total budget of 728€ million, funded by Horizon Europe. These grants support frontier research at universities and research centers in 25 European countries.
ERC President Prof. Maria Leptin highlighted that this was one of the “most competitive calls to date,” underscoring the need to continue strengthening European investment in excellent science.
About IMDEA Software
IMDEA Software is one of the seven advanced research institutes of the Madrid Region (Spain) that make up the IMDEA ecosystem (Madrid Institutes for Advanced Studies). The IMDEA Software Institute focuses on research in software science and technology, with the goal of developing methods and tools that enable the construction of safer, more reliable, more efficient, and more correct software.
For more information, please visit the institute’s official website:
Funded by the European Union (GA 101230068). Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Research Council. Neither the European Union nor the European Research Council can be held responsible for them.