TWC: Phase: Small: Software Cruising for System Security

TWC：阶段：小型：系统安全的软件巡航

• 批准号: 1223710
• 负责人: Dinghao Wu
• 金额: $ 49.97万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2016-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1223710&HistoricalAwards=false
• 关键词: TWC; Phase; Small; Software; Cruising

Software bugs and vulnerabilities are primary causes for cyber-security breaches in today's society. Runtime monitoring, a technique to enforce safety and security properties at program execution time, is essential to detect intrusions and keep the system healthy. One of the main obstacles to adopt runtime monitoring techniques in practice is high performance overhead. Inlined security monitoring enforcement often delays and blocks the execution of protected programs. Conventional concurrent runtime monitors have not been able to leverage the multicore architectures for performance due to synchronization issues. If conventional synchronization primitives are used, when the monitor is crashed or blocked due to external events, the protected program will also be blocked even if the monitor is not monitoring. The goal of this proposal is to develop an innovative security monitoring technology, called Software Cruising, to explore multicore architectures for non-blocking concurrent security monitoring using lock-free data structures and algorithms. Software cruising eliminates the blocking effect and achieves efficient and scalable security monitoring. This can result in a game-changing capability in large-scale security monitoring for both cloud-based and traditional computing systems and applications.The software cruising applications include, but are not limited to, heap buffer integrity checking, kernel memory cruising, data structure and object invariant checking, rootkit detection, and information provenance and flow checking. Three related sets of prototypical toolkits?Cruiser, Kruiser, and iCruiser?will be developed to demonstrate the effectiveness and practicality of large-scale software cruising. Cruiser is for lock-free heap buffer overflow monitoring of user-space programs. Kruiser is for kernel cruising on OS kernel heap buffer overflows and other security vulnerabilities. iCruiser is for user- and kernel-space data structure and object invariant cruising. The proposed research, upon completion, would make large-scale security monitoring more efficient and scalable in the increasingly popular multicore architecture and cloud environment, and thus significantly enhance system security. With the proposed tech transfer effort, applications as well as OS kernels will have better protection with the deployed software cruising technology. Broader impacts will also result from the education, outreach, and dissemination initiatives. Educational resources from this project, including course modules on software cruising and teaching laboratory designs, will be incorporated into online courses and disseminated through a dedicated web site. The project outcomes of this project will be disseminated broadly through publications, software releases, and technology transfer.

软件漏洞和漏洞是当今社会网络安全漏洞的主要原因。运行时监视是一种在程序执行时强制执行安全和安全属性的技术，对于检测入侵并保持系统健康至关重要。在实践中采用运行时监控技术的主要障碍之一是高性能开销。内联安全监控强制执行通常会延迟并阻止受保护程序的执行。由于同步问题，传统的并发运行时监视器无法利用多核体系结构来提高性能。如果使用传统的同步原语，当监视器因外部事件而崩溃或被阻止时，即使监视器不在监视，受保护的程序也将被阻止。该方案的目标是开发一种名为软件巡航的创新安全监控技术，以探索使用无锁数据结构和算法进行非阻塞并发安全监控的多核体系结构。软件巡航消除了阻塞效应，实现了高效且可扩展的安全监控。软件巡航应用包括但不限于堆缓冲区完整性检查、内核内存巡航、数据结构和对象不变性检查、rootkit检测以及信息源和流量检查。将开发三套相关的原型工具包-Cruiser、Kruiser和iCruiser？以演示大规模软件巡航的有效性和实用性。Cruiser用于对用户空间程序进行无锁堆缓冲区溢出监控。Kruiser用于操作系统上的内核巡航、内核堆缓冲区溢出和其他安全漏洞。ICruiser用于用户和内核空间的数据结构和对象不变巡航。这项拟议的研究完成后，将使大规模安全监控在日益流行的多核架构和云环境中更加高效和可扩展，从而显著增强系统安全性。有了拟议的技术转移努力，应用程序以及操作系统内核将通过部署的软件巡航技术获得更好的保护。教育、外展和传播倡议也将产生更广泛的影响。该项目的教育资源，包括关于软件导航和教学实验室设计的课程模块，将纳入在线课程，并通过一个专门的网站传播。该项目的项目成果将通过出版物、软件发布和技术转让广泛传播。

项目成果

DeepFuzz: Automatic Generation of Syntax Valid C Programs for Fuzz Testing

• DOI: 10.1609/aaai.v33i01.33011044
• 发表时间: 2019-07
• 作者: Xiao Liu;Xiaoting Li;Rupesh Prajapati;Dinghao Wu

Software Protection on the Go: A Large-Scale Empirical Study on Mobile App Obfuscation

• DOI: 10.1145/3180155.3180169
• 发表时间: 2018-05
• 期刊: 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE)
• 作者: Pei Wang;Qinkun Bao;Li Wang;Shuai Wang;Zhaofeng Chen;Tao Wei;Dinghao Wu

VMHunt: A Verifiable Approach to Partially-Virtualized Binary Code Simplification

• DOI: 10.1145/3243734.3243827
• 发表时间: 2018-10
• 期刊: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Dongpeng Xu;Jiang Ming;Yu Fu;Dinghao Wu

A Lightweight Framework for Regular Expression Verification

• DOI: 10.1109/hase.2019.00011
• 发表时间: 2019
• 期刊: 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE)
• 作者: Xiao Liu;Yufei Jiang;Dinghao Wu

Large-Scale Third-Party Library Detection in Android Markets

• DOI: 10.1109/tse.2018.2872958
• 发表时间: 2020-09
• 期刊: IEEE Transactions on Software Engineering
• 影响因子: 7.4
• 作者: Menghao Li;Pei Wang;Wei Wang;Shuai Wang;Dinghao Wu;Jian Liu;Rui Xue;Wei Huo;Wei Zou