CAREER: User-Space Protection Domains for Compositional Information Security

职业：组合信息安全的用户空间保护域

• 批准号: 1149211
• 负责人: Gang Tan
• 金额: $ 48.31万
• 依托单位: Lehigh University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-01-01 至 2016-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1149211&HistoricalAwards=false
• 关键词: CAREER; User; Space; Protection; Domains

Attacks on software applications such as email readers and web browsers are common. These attacks can cause damages ranging from application malfunction, loss of private data, to a complete takeover of users' computers. One effective strategy for limiting the damage is to adopt the principle of least privilege in application design: the application is split into several protection domains and each domain is given only the necessary privileges to perform its task. In this design, the compromise of one domain does not directly lead to the compromise of other security-sensitive domains. The PI proposes to design and implement a framework that makes it easy for software developers to apply the principle of least privilege to their applications. The proposed framework will significantly improve the security of critical software applications. It will benefit the software industry by designing new technologies for building secure software systems.The proposed research combines several novel ideas: (1) user-space protection domains through binary-level enforcement of isolation and information-flow security; (2) a declarative language that allows for flexible configuration of an application's security architecture; (3) a binary-level partitioning tool that automatically splits an application into components of least privilege; (4) a compositional reasoning mechanism that allows developers to perform formal reasoning about an application's end-to-end information security. By staying in the user space, the proposed framework is OS independent, and by working on binary code, it is source-language agnostic, making it more broadly applicable. Developers can use it to partition an application, flexibly configure its security architecture, and reason about its information security. On the education side, the PI will organize a series of activities to increase high school students' awareness of security, privacy, and secure programming. The central activity is a summer workshop that gathers local high-school technology teachers and helps them design lesson plans that can be integrated into their schools' technology curriculum.

针对电子邮件阅读器和Web浏览器等软件应用程序的攻击很常见。这些攻击可能会造成从应用程序故障、私人数据丢失到完全接管用户计算机的各种损害。限制损害的一个有效策略是在应用程序设计中采用最小特权原则：应用程序被分成几个保护域，每个域只被赋予执行其任务所需的特权。在此设计中，一个域的危害不会直接导致其他安全敏感域的危害。PI建议设计和实现一个框架，使软件开发人员可以轻松地将最小特权原则应用到他们的应用程序中。拟议的框架将显著提高关键软件应用程序的安全性。这项研究结合了几个新的想法：(1)通过二进制级别的隔离和信息流安全实施来实现用户空间保护域；(2)允许灵活配置应用程序安全体系结构的声明性语言；(3)自动将应用程序分割成最低特权组件的二进制级别划分工具；(4)允许开发人员对应用程序的端到端信息安全执行形式化推理的组合推理机制。通过停留在用户空间，建议的框架是独立于操作系统的，通过处理二进制代码，它是源语言不可知的，使其更广泛地适用。开发人员可以使用它对应用程序进行分区，灵活地配置其安全体系结构，并对其信息安全进行推理。在教育方面，PI将组织一系列活动，提高高中生的安全、隐私和安全编程意识。中心活动是一个暑期研讨会，聚集了当地的高中技术教师，帮助他们设计可以融入学校技术课程的教案。