CRII: SaTC: Comprehensive and Automated Techniques for Evaluating Defenses Against Code Reuse Attacks
CRII:SaTC:用于评估代码重用攻击防御的综合自动化技术
基本信息
- 批准号:1463870
- 负责人:
- 金额:$ 17.35万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Standard Grant
- 财政年份:2015
- 资助国家:美国
- 起止时间:2015-07-01 至 2019-06-30
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
Modern society relies on computers to manage and transmit sensitive data. These computers run our banks, provide our telecommunications services (such as phone, TV, and Internet), and operate critical systems found in automobiles and power grids. The software on these systems is vulnerable to automated attacks and, if attacked successfully, can be used to cause the loss of money, property, and life. While researchers have developed automated, easy-to-use countermeasures to thwart such attacks, it is unclear whether these countermeasures work. Existing evaluations of such countermeasures are typically expensive because they are done by hand. They are also often wrong; attackers are able to defeat such countermeasures by increasing the sophistication of their attacks. If we do not know how well our defenses work, we do not know if we are safe.One common type of automated attack is the code reuse attack. This research investigates techniques and develops a tool that automatically determines whether a given countermeasure prevents code reuse attacks from working. This tool uses comprehensive static analysis to automatically determine which program instructions a code reuse attack may employ, whether the malicious computations of an attack can be mapped to those instructions, and whether the defense being analyzed prevents those instructions from being executed in the required order. The tool is automated and its static analysis is designed to aggressively consider all potential ways in which an attacker can reuse code in an attack. With this tool, users can determine whether existing defenses suffice to protect our computers or whether additional defenses are necessary. The project is developing metrics to enable tool users to compare defenses and state the level of security that a defense provides to a given program.
现代社会依靠计算机来管理和传输敏感数据。 这些计算机运行我们的银行,提供我们的电信服务(如电话,电视和互联网),并操作汽车和电网中的关键系统。 这些系统上的软件容易受到自动化攻击,如果攻击成功,可以用来造成金钱,财产和生命的损失。 虽然研究人员已经开发出了自动化、易于使用的对策来阻止此类攻击,但目前还不清楚这些对策是否有效。 对这种对策的现有评估通常是昂贵的,因为它们是手工完成的。 他们也经常是错误的;攻击者能够通过提高攻击的复杂性来击败这种对策。 如果我们不知道我们的防御工作如何,我们就不知道我们是否安全。一种常见的自动化攻击类型是代码重用攻击。 本研究调查技术和开发一个工具,自动确定是否一个给定的对策,防止代码重用攻击的工作。 该工具使用全面的静态分析来自动确定代码重用攻击可能使用哪些程序指令,攻击的恶意计算是否可以映射到这些指令,以及正在分析的防御是否阻止这些指令以所需的顺序执行。 该工具是自动化的,其静态分析旨在积极考虑攻击者可以在攻击中重用代码的所有潜在方式。 使用此工具,用户可以确定现有的防御是否足以保护我们的计算机,或者是否需要额外的防御。 该项目正在开发度量标准,使工具用户能够比较防御措施,并说明防御措施为给定程序提供的安全级别。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
John Criswell其他文献
John Criswell的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('John Criswell', 18)}}的其他基金
Collaborative Research: SaTC: CORE: Medium: Compiler-Assisted Embedded Security
协作研究:SaTC:核心:中:编译器辅助嵌入式安全
- 批准号:
2154322 - 财政年份:2022
- 资助金额:
$ 17.35万 - 项目类别:
Standard Grant
CAREER: Securing Applications From Compromised System Software
职业:保护应用程序免受受损系统软件的侵害
- 批准号:
1652280 - 财政年份:2017
- 资助金额:
$ 17.35万 - 项目类别:
Continuing Grant
TWC: Small: Thwarting Kernel-Level Malware with Secure Virtual Architecture
TWC:小型:利用安全虚拟架构阻止内核级恶意软件
- 批准号:
1618213 - 财政年份:2016
- 资助金额:
$ 17.35万 - 项目类别:
Standard Grant
II-EN: Enhancing Secure Virtual Architecture for Advanced Operating System Research
II-EN:增强高级操作系统研究的安全虚拟架构
- 批准号:
1629770 - 财政年份:2016
- 资助金额:
$ 17.35万 - 项目类别:
Standard Grant
相似海外基金
CRII: SaTC: Automated Knowledge Representation for IoT Cybersecurity Regulations
CRII:SaTC:物联网网络安全法规的自动化知识表示
- 批准号:
2348147 - 财政年份:2024
- 资助金额:
$ 17.35万 - 项目类别:
Standard Grant
CRII: SaTC: Reliable Hardware Architectures Against Side-Channel Attacks for Post-Quantum Cryptographic Algorithms
CRII:SaTC:针对后量子密码算法的侧通道攻击的可靠硬件架构
- 批准号:
2348261 - 财政年份:2024
- 资助金额:
$ 17.35万 - 项目类别:
Standard Grant
CRII: SaTC: Privacy vs. Accountability--Usable Deniability and Non-Repudiation for Encrypted Messaging Systems
CRII:SaTC:隐私与责任——加密消息系统的可用否认性和不可否认性
- 批准号:
2348181 - 财政年份:2024
- 资助金额:
$ 17.35万 - 项目类别:
Standard Grant
SaTC: CORE: Small: An evaluation framework and methodology to streamline Hardware Performance Counters as the next-generation malware detection system
SaTC:核心:小型:简化硬件性能计数器作为下一代恶意软件检测系统的评估框架和方法
- 批准号:
2327427 - 财政年份:2024
- 资助金额:
$ 17.35万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317232 - 财政年份:2024
- 资助金额:
$ 17.35万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
- 批准号:
2330940 - 财政年份:2024
- 资助金额:
$ 17.35万 - 项目类别:
Continuing Grant
CRII: SaTC: Evolving I/O Protocols for Confidential Computing
CRII:SaTC:用于机密计算的不断发展的 I/O 协议
- 批准号:
2348130 - 财政年份:2024
- 资助金额:
$ 17.35万 - 项目类别:
Standard Grant
CRII: SaTC: Enforcing Expressive Security Policies using Trusted Execution Environments
CRII:SaTC:使用可信执行环境执行表达性安全策略
- 批准号:
2348304 - 财政年份:2024
- 资助金额:
$ 17.35万 - 项目类别:
Standard Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
- 批准号:
2338301 - 财政年份:2024
- 资助金额:
$ 17.35万 - 项目类别:
Continuing Grant
CRII: SaTC: The Right to be Forgotten in Follow-ups of Machine Learning: When Privacy Meets Explanation and Efficiency
CRII:SaTC:机器学习后续中被遗忘的权利:当隐私遇到解释和效率时
- 批准号:
2348177 - 财政年份:2024
- 资助金额:
$ 17.35万 - 项目类别:
Standard Grant