TC: Small: WATCHDOG: Hardware-Assisted Prevention of All Use-After-Free Security Vulnerabilities

TC：小：WATCHDOG：硬件辅助预防所有释放后使用安全漏洞

• 批准号: 1116682
• 负责人: Stephan Zdancewic
• 金额: $ 50万
• 依托单位: University of Pennsylvania
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-08-01 至 2017-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1116682&HistoricalAwards=false
• 关键词: TC; Small; WATCHDOG; Hardware; Assisted

A use-after-free error is a software flaw that potentially allows an attacker to remotely inject malicious software or corrupt memory values. Such attacks can result in the theft of private data, propagation of worms and viruses, or the creation of botnet nodes that can be programmed to spew spam or disrupt Internet traffic. Recently, use-after-free vulnerabilities have been found in crucial software such as Microsoft's Internet Explorer, Adobe Acrobat Reader, and Firefox among others. The goal of the Watchdog project is to devise hardware and software mechanisms to prevent all such vulnerabilities.To prevent use-after-free vulnerabilities, the researchers will develop hardware for enforcing safe manual memory management, without compromising system performance. They will study a formal model of their designs to establish the correctness of the techniques. The hardware designs will be prototyped using detailed micro-architectural simulations. The researchers will evaluate correctness and performance by using a suite of benchmark tests and off-the-shelf software. The tools and prototypes will be openly distributed for others to build upon, and the research findings will be integrated into the security and hardware courses taught by the researchers. If successful, the technology developed by this research will have significant societal impacts, improving the security of our computing ecosystem by eliminating an important class of vulnerabilities that is actively being exploited to compromise systems and spread malware.

释放后使用错误是一种软件缺陷，可能允许攻击者远程注入恶意软件或损坏内存值。此类攻击可能导致私人数据被盗、蠕虫和病毒传播，或创建可被编程为发送垃圾邮件或中断Internet流量的僵尸网络节点。 最近，在微软的Internet Explorer、Adobe Reader和Firefox等关键软件中发现了释放后使用漏洞。 Watchdog项目的目标是设计硬件和软件机制来防止所有此类漏洞。为了防止释放后使用漏洞，研究人员将开发硬件来执行安全的手动内存管理，而不会影响系统性能。 他们将研究其设计的正式模型，以确定技术的正确性。 硬件设计将使用详细的微架构模拟进行原型化。 研究人员将使用一套基准测试和现成的软件来评估正确性和性能。 这些工具和原型将公开发布，供其他人使用，研究成果将整合到研究人员教授的安全和硬件课程中。 如果成功，这项研究开发的技术将产生重大的社会影响，通过消除一类重要的漏洞来提高我们计算生态系统的安全性，这些漏洞正在被积极利用来破坏系统和传播恶意软件。