TC: Medium: Collaborative Research: Securing Concurrency in Modern Systems

TC：媒介：协作研究：确保现代系统中的并发性

• 批准号: 0905177
• 负责人: Jedidiah Crandall
• 金额: $ 40万
• 依托单位: University of New Mexico
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0905177&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Securing

This award is funded under the American Recovery and Reinvestment Act of 2009 (Public Law 111-5). Concurrency-related vulnerabilities are pervasive in modern computing systems. Concurrency exploits include time-of-check-to-time-of-use (TOCTTOU) race conditions in file systems, attacks on signal handlers, and evasive malware that uses concurrency to escape sandboxing mechanisms. As processors feature ever more parallelism, and computers process more of our sensitive data, defending against concurrency attacks is a key challenge for the coming decade. The first goal is to protect legitimate applications from concurrency attacks when they access system resources (e.g., prevent TOCTTOU attacks on file accesses and exploitable race conditions in signal handlers). The objective is to provide application programmers with mechanisms and policies for synchronizing access to system resources so they can avoid unintentional vulnerabilities. The second goal is to provide strong confinement of untrusted code in the presence of concurrency, i.e., blocking intentionally malicious behavior. Today's malware abuses concurrency mechanisms to bypass and circumvent containment mechanisms like reference monitors and system call wrappers. Providing robust system support for containing malicious code is a critical challenge in intrusion detection and prevention. Modern computing systems fundamentally depend on concurrency for their performance and functionality. Making sure that concurrency is used securely is essential for building a trusted cyber infrastructure. This research will have a significant impact on the practical development of secure software, and enable security-critical applications to realize the performance benefits of today's highly parallel systems.

该奖项是根据2009年美国复苏和再投资法案（公法111-5）资助的。并发相关的漏洞在现代计算系统中普遍存在。并发攻击包括文件系统中的检查时间到使用时间（TOCTTOU）竞争条件，对信号处理程序的攻击以及使用并发来逃避沙箱机制的规避恶意软件。随着处理器的并行性越来越强，计算机处理的敏感数据越来越多，防御并发攻击是未来十年的一个关键挑战。第一个目标是保护合法应用程序在访问系统资源时免受并发攻击（例如，防止对文件访问的TOCTTOU攻击和信号处理程序中可利用的竞争条件）。目标是为应用程序员提供同步访问系统资源的机制和策略，以便他们可以避免无意的漏洞。第二个目标是在存在并发的情况下提供对不可信代码的强约束，即，阻止故意恶意行为。今天的恶意软件滥用并发机制来绕过和规避包含机制，如引用监视器和系统调用包装器。提供强大的系统支持来遏制恶意代码是入侵检测和防御中的一个关键挑战。现代计算系统的性能和功能从根本上依赖于并发性。确保安全地使用并发对于构建可信的网络基础设施至关重要。这项研究将对安全软件的实际开发产生重大影响，并使安全关键应用程序实现当今高度并行系统的性能优势。