CT-ISG: Memory Safety for Legacy Software, A Quantitative Approach

CT-ISG：遗留软件的内存安全，一种定量方法

• 批准号: 0831532
• 负责人: Hovav Shacham
• 金额: $ 40万
• 依托单位: University of California-San Diego
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2008
• 资助国家: 美国
• 起止时间: 2008-09-01 至 2012-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0831532&HistoricalAwards=false
• 关键词: CT; ISG; Memory; Safety; Legacy

The inability of programmers to write vulnerability free code is the most pressing problem in practical computer systems security. The most serious class of vulnerabilities is memory vulnerabilities, which generally allow an attacker to subvert the program's control flow. In response to this problem, generic mitigations have been widely deployed that, through changes to the operating system and processor, seek to make it impossible for attackers to exploit errors in programs.Implementers considering deploying such mitigations must know how much (if at all) a generic mitigation improves security and what its costs are if they are to allocate R&D resources wisely.Unfortunately, until recently, the benefits of generic mitigations were studied only superficially. Recent first steps have already shed some light, showing, e.g., that the widely deployed "W-xor-X"mitigation provides no security benefit whatsoever.This project puts imperfect, ad-hoc mitigation on a scientific footing. It provides a formal, comprehensive analysis to determine the cost-benefit equation is for generic mitigations.The project begins by producing quantitative analyses of current mitigation techniques and of attacks; these analyses facilitate the creation of new mitigations that resist attacks that foil current mitigations; these new mitigations are implemented, evaluated, and disseminated. In addition, the project develops a sandboxed environment for experimenting with software vulnerabilities and malicious code, and a curriculum for teaching systems security.The results will be better use of implementation resources for vendors; a more secure legacy software environment for users; and better security education for the next generation of programmers, so they will not make the mistakes earlier ones did.

程序员不能编写无漏洞的代码是实际计算机系统安全中最紧迫的问题。最严重的一类漏洞是内存漏洞，它通常允许攻击者破坏程序的控制流。为了应对这一问题，人们广泛部署了泛型缓解措施，试图通过改变操作系统和处理器，使攻击者无法利用程序中的错误。考虑部署此类缓解措施的实施者必须知道，如果他们要明智地分配研发资源，泛型缓解措施能在多大程度上(如果有的话)提高安全性，以及其成本是多少。不幸的是，直到最近，人们才对泛型缓解措施的好处进行了肤浅的研究。最近的初步步骤已经阐明了一些问题，例如，广泛部署的“W-XOR-X”缓解措施无论如何都不会带来任何安全益处。该项目将不完善的特别缓解措施建立在科学的基础上。它提供了正式、全面的分析，以确定用于一般缓解的成本-收益方程。该项目首先对当前的缓解技术和攻击进行量化分析；这些分析有助于创建新的缓解措施，以抵御挫败当前缓解措施的攻击；实施、评估和传播这些新的缓解措施。此外，该项目还开发了一个沙盒环境，用于试验软件漏洞和恶意代码，并开发了一个用于教授系统安全的课程。结果将是更好地利用供应商的实现资源；为用户提供更安全的遗留软件环境；为下一代程序员提供更好的安全教育，这样他们就不会犯以前的错误。