Current research projects

LowCapsFormally: Low-level Object Capabilities for Formally Watertight Security (01/2019 to 12/2023)

Object capabilities (ocaps) are a technique for fine-grained privilege separation in programming languages, with applications in security and software engineering. Ocaps are practically used in high-level programming languages like JavaScript, but recently, there is also a renewed interest in capability machines: processors that apply ocaps at the low level of assembly languages (lowcaps). Security measures based on lowcaps offer the perspective of efficient but watertight defences against realistic attackers, that protect against arbitrary attacks, not just the ones we already know. Such measures promise to end the attack-defence arms race that plagues many current measures. In this research project, I aim to validate and demonstrate this potential, as well as deepen the scientific understanding of ocaps in general.

To reach this objective, this project takes the perspective that a lowcap assembly language is just another programming language, that can be studied using powerful techniques that are developed for high-level programming languages, particularly logical relations and program logics. Using this methodology, I intend to propose, study and implement novel lowcap security measures and rigorously prove their effectiveness. On the other hand, I also intend to further study effect parametricity: a general property I proposed that formally captured the essence of ocaps. I intend to study and apply it in different contexts: for modular reasoning about ocap and lowcap code, but also in the context of functional and dependently typed programming languages, for a number of different purposes (elaborated below).

This project’s results will range from novel, provably correct security measures built on lowcaps, novel methods for reasoning about such measures, but also novel insights about the nature of ocaps, the relation between object-oriented and functional code and the use of effect parametricity in dependently-typed proof assistants.

SECO-Assist: Automated Assistance for Developing Software in Ecosystems of the Future (01/2018 to 12/2021)

Software ecosystems are the most promising avenue for organising the software needs of the digital era. SECO-ASSIST aims to realise a scientific breakthrough to nurture the ecosystems of the future, by providing novel software recommendation techniques that address the resilience, evolvability, heterogeneity, and social interaction. To achieve this, the partners of this FWO-FNRS funded EOS project will combine their expertise in social networks (UMONS), software testing (UAntwerpen), software reuse (VUB) and database evolution (UNamur). 

D3-CPS: Distributed Software Technologies for Developing & Managing Dependable Cyber-Physical Systems (01/2018 to 12/2021)

In response to strong industry demand, the D3-CPS project aims to drastically rethink the way that distributed CPS applications are developed and managed. The overall objective of D3-CPS is to support software businesses in exploiting the potential of CPS. Our goal is to lower the boundary of CPS development by drastically reducing the effort required to develop and manage (i.e. coordinate, monitor, and reconfigure) distributed CPS applications. However, we do also want to guarantee that distributed CPS applications execute within safe boundaries of time (e.g. responsiveness) and quality (e.g. consistent and accurate operation).