COGITO, or “Runtime Code Generation to Secure Devices”, is a research project funded by ANR under grant agreement ANR-13-INSE-0006-01.

The project started on October 1st 2013 and will complete on March 31st, 2017. This page presents the summary of the project objectives.

Executive Summary

This project is aligned with the ANR theme 1 “Sécurité et sûreté des systèmes numériques”. Considering that reverse engineering of code and the recovery of sensitive data are nowadays one of the greatest threats in secure devices, COGITO proposes an innovating solution that puts into perspective the use of runtime code generation in order to increase the level of security in embedded information systems.

Security in embedded devices and runtime code generation are, a priori, two technological fields that hardly combine together. On one hand, secure elements must target small production costs, silicon and energy consumption, and as such, offer very limited computing and memory resources. On the other hand, compilation is a computation-intensive process, and dynamic compilation techniques require a fair amount of computing power and of memory resources at runtime. However, the objective of the COGITO project is to demonstrate the applicability and the effectiveness of code generation techniques applied at runtime and on board for security purposes in embedded devices. In this project we will define and validate a unique protection mechanism that implements a wide range of ad hoc countermeasures and provide a means for effective code obfuscation. The objective of the factorization of a large set of countermeasures is to obtain a better trade-off between security and performance than the state-of-the art solutions.

To reach this objective, the partners of the project COGITO plan to adapt a technology for runtime code generation developed by the CEA. This technology, called deGoal, is fundamentally different from the traditional approaches (interpretation and dynamic compilation): ad hoc code generators compiled statically and are embedded in the target application, each code generator being dedicated for each computing kernel whose binary code will be updated at runtime. Thus, such code generators are lightweight and very fast, allowing to target small architectures that are usually out of reach of the standard techniques for dynamic code generation such as the small microcontrollers used in secure devices. Furthermore, we are confident about the ability of our solution to combine well with other software and hardware state-of-the-art countermeasures for cryptography.

The three main tasks to achieve the objective are :

1. Provide an in-depth analysis of the opportunities and threats of runtime code generation to increase the level of security in secure devices.

2. Demonstrate the applicability of runtime code generation to the field of secure devices. To achieve this objective, we will adapt the tool deGoal.

3. Experiment, measure and validate the effectiveness of runtime code generation in illustrative use cases.

In parallel to these technical tasks, the dissemination of the project results will be carried out via a dedicated website, via publications in outstanding journals in the fields of interest, via the participation in conferences, workshops and the events organised by the ANR, and via the organization of a special workshop at mid term focusing industrials in particular.