CE39 - Sécurité globale, résilience et gestion de crise, cybersécurité

Effective Detection of Software Backdoors – BACKED

Submission summary

As software drives an increasing part of human activities, it is continuously under attack for criminal, economic, politic and strategic purposes. Attackers try to sneak into programs in order to steal data, hijack processes and disrupt activities. To do so, they can notably exploit backdoors to achieve their goals. A backdoor is a program feature hidden by a malevolent or careless developer and implementing a security flaw, like a secret access. They are particularly worrying as current practice sees developers and organisations massively reuse off-the-shelf code components or whole programs that could be infected by such backdoors. But contrary to traditional software vulnerabilities, backdoors are currently an almost unmitigated threat. There is indeed a severe lack of data about the variety of backdoors existing in the wild, while the rare existing backdoor detection methods suffer from a restricted scope, automation and applicability.
In this project, we aim at building the first systematic means of mitigating the threat posed by software backdoors. First, we introduce a generic model of backdoors and propose to evaluate and refine it against a wide set of backdoor samples that we will systematically
collect in the wild. Second, we devise a detection method for backdoors following this model, designed to be as automated and adaptable as possible, and we evaluate it against a variety of real backdoors.

Project coordination

Marcozzi Michaël (Commissariat à l'énergie atomique et aux énergies alternatives)

The author of this summary is the project coordinator, who is responsible for the content of this summary. The ANR declines any responsibility as for its contents.


LIST Commissariat à l'énergie atomique et aux énergies alternatives

Help of the ANR 199,562 euros
Beginning and duration of the scientific project: - 48 Months

Useful links

Explorez notre base de projets financés



ANR makes available its datasets on funded projects, click here to find more.

Sign up for the latest news:
Subscribe to our newsletter