CAREER: Security in the Large: Gaining Assurance in Real-World Systems

职业：大范围的安全：在现实世界的系统中获得保证

• 批准号: 0093337
• 负责人: David Wagner
• 金额: $ 26.77万
• 依托单位: University of California-Berkeley
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2001
• 资助国家: 美国
• 起止时间: 2001-03-01 至 2006-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0093337&HistoricalAwards=false
• 关键词: CAREER; Security; Large; Gaining; Assurance

As we enter the so-called "information age" of global networks, ubiquitous computing devices, and electronic commerce, computer security is of increasing importance. One of the greatest challenges in computer security today is the software assurance problem: How do we deal with the fact that our most trusted software, even our security software itself, is often buggy?This research will study two aspects of the software assurance problem: ensuring first that bad things do not happen, and second that good things do happen. The project will explore vulnerability detection of legacy software, focusing on detecting the types of security bugs that pervade systems built before security became as serious a concern as it is today. Also this work will study infrastructural support for building new systems that need to be secure. The enabling technology is a mix of lightweight formal methods (such as static program analysis) coupled with domain-specific heuristics, and a main goal will be to build tools that can be used in practice. In each case, a key selling point of the approach is that it allows us to proactively eliminate or neutralize security bugs before they are exploited.

当我们输入全球网络，无处不在的计算设备和电子商务的所谓“信息时代”时，计算机安全的重要性越来越大。 当今计算机安全性最大的挑战之一是软件保证问题：我们如何处理我们最受信任的软件，甚至我们的安全软件本身，通常都是错误的？这项研究将研究软件保证问题的两个方面：确保首先不会发生坏事，而第二个好事确实会发生好事。 该项目将探索遗留软件的脆弱性检测，重点是检测在安全系统构建的安全错误的类型上，在安全系统变得像今天一样严重。 这项工作还将研究建立需要安全的新系统的基础设施支持。 支持技术是轻巧的形式方法（例如静态程序分析）以及特定于域的启发式方法的混合，主要目标是构建可以在实践中使用的工具。 在每种情况下，方法的关键卖点是，它允许我们在利用安全错误之前主动消除或中和。