ERC Consolidator Grant for CISPA Faculty Member Thorsten Holz

The fact that thousands of smartphones belonging to politicians, human rights activists, members of the press, and other individuals were investigated with the help of the Israeli Pegasus spyware caused a stir last summer. Amongst other things, the unknowing victims were infected with the malware via prepared messages without having to do anything. Pegasus can record conversations, activate cameras, or read location data, to name a few. "This is just one of many cases in which software vulnerabilities have been exploited in recent years. There are currently many gaps, especially in complex software systems," says Thorsten Holz. Existing security solutions, for example, at the protocol level, are theoretically secure, but the actual software implementation of complex systems often contains vulnerabilities in practice, according to the CISPA researcher.

In the EU-funded RS3 project, Thorsten Holz and a six-member team plan to tackle the challenge from different perspectives over the next five years. "Systems must be robust against entire classes of attacks and also be able to maintain security throughout their entire service life. That means they have to keep adapting over time." As a first step, the CISPA researcher wants to develop new strategies to effectively and automatically test even complex software to quickly find errors and initiate the appropriate countermeasures through automated patching. In addition, the project will investigate how desired security properties can also be embedded in the generation of software systems through the development of novel compiler methods. In addition, the project will develop robust mechanisms at the hardware level that can be used to mitigate advanced attacks and implement test methods much more efficiently.

The new ERC Grant - Thorsten Holz was already funded with a Starting Grant in 2014 - not only brings the researcher more freedom for his research. "An ERC Grant also brings Europe-wide visibility for my research and the work here at CISPA. This is particularly helpful in recruiting young researchers," Holz explains. The 40-year-old has been conducting research at CISPA since 2021 and focuses on automated software vulnerability finding, the interface of IT security and machine learning, and the security of mobile communication systems.

ERC President Prof. Maria Leptin says: "Even in times of crisis, conflict, and suffering, it is our duty to keep science on track and give our brightest minds a free hand to explore their ideas. We do not know today how their work will revolutionize the future - but we do know that it will open new horizons, satisfy our curiosity, and most likely help us prepare for unforeseeable future challenges. I am therefore very pleased that a new group of ERC awardees will be supported on their scientific journey. I wish them the best of luck on their journey to push the boundaries of our knowledge!"


About the ERC
The ERC, established by the European Union in 2007, is the central European funding organization for excellent frontier research. It funds creative researchers of all nationalities and ages to carry out projects across Europe. The ERC offers four core funding programs: Starting Grants, Consolidator Grants, Advanced Grants, and Synergy Grants. With its additional Proof of Concept Grants program, the ERC helps grantees bridge the gap between their groundbreaking research and the early stages of its commercialization. The ERC is governed by an independent executive committee, the Scientific Council. Maria Leptin has been the president of the ERC since November 1, 2021. The ERC's total budget for 2021 to 2027 is more than €16 billion. It is part of the Horizon Europe program under the responsibility of Mariya Gabriel, European Commissioner for Innovation, Research, Culture, Education and Youth.