TC: Small: Collaborative Research: Securing Multilingual Software Systems

TC：小型：协作研究：保护多语言软件系统

• 批准号: 0915157
• 负责人: Gang Tan
• 金额: $ 26.5万
• 依托单位: Lehigh University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0915157&HistoricalAwards=false
• 关键词: TC; Small; Collaborative; Research; Securing

Most real software systems consist of modules developed inmultiple programming languages. Different languages differ in theirsecurity assumptions and guarantees. Consequently, even if singlemodules are secure in some language model and with respect to somesecurity policy, there is usually no uniform security guarantee on awhole multilingual system. This project focuses on low-overheadtechniques for providing security guarantees to software systems inwhich type-safe languages such as Java interoperate with native code.Native code is developed in low-level languages including C, C++, andassembly languages. Although often used in software projects, nativecode is notoriously insecure and is a rich source of securityvulnerabilities. The PIs are developing a two-layered approach toalleviating security threats posed by native code to type-safelanguages: (1) Binary rewriting tools and their verifiers are beingincorporated into the Java Virtual Machine (JVM) for rewriting andverifying native modules at the machine-instruction level to enforcesecurity policies; (2) A safe dialect of C for interoperation withJava is being designed; with the help of programmer annotations, thesafety of programs in this dialect can be statically verified. Theoutcome of this project will enable popular platforms such as the JVMand .NET and other major programming languages (e.g., Python, OCaml,etc.) to incorporate native modules safely. The developed principleswill also be applicable to web browsers and operating systems in whichthere is a need of extending them with untrusted low-level moduleswithout comprising host security.

大多数真实的软件系统都由用多种编程语言开发的模块组成。不同的语言的安全假设和保证有所不同。因此，即使单个模块在某些语言模型中并且就某些安全策略而言是安全的，但在整个多语言系统上通常没有统一的安全保证。 该项目重点关注低开销技术，为软件系统提供安全保证，其中类型安全语言（例如 Java）与本机代码进行互操作。本机代码是用低级语言（包括 C、C++ 和汇编语言）开发的。 虽然本机代码经常在软件项目中使用，但众所周知，它不安全，并且是安全漏洞的丰富来源。 PI 正在开发一种两层方法来减轻本机代码对类型安全语言造成的安全威胁：(1) 将二进制重写工具及其验证器合并到 Java 虚拟机 (JVM) 中，用于在机器指令级别重写和验证本机模块，以实施安全策略； (2) 正在设计一种与Java 互操作的安全C 语言；借助程序员注释，可以静态验证该方言程序的安全性。 该项目的成果将使 JVM 和 .NET 等流行平台以及其他主要编程语言（例如 Python、OCaml 等）能够安全地合并本机模块。 所开发的原则也适用于网络浏览器和操作系统，在这些浏览器和操作系统中，需要使用不可信的低级模块来扩展它们，而不影响主机安全。