CAREER: Securing Applications From Compromised System Software

职业：保护应用程序免受受损系统软件的侵害

• 批准号: 1652280
• 负责人: John Criswell
• 金额: $ 51.24万
• 依托单位: University of Rochester
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-04-01 至 2023-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1652280&HistoricalAwards=false
• 关键词: CAREER; Securing; Applications; Compromised; System

In an ideal world, secure software would be built as a set of mutually distrusting components that work together to accomplish goals. However, modern software is not built this way; rather, it heavily trusts a component called the operating system kernel. Fortunately, there are new methods of isolating programs from each other and from the OS kernel to minimize the damage caused if an attacker compromises a critical component. However, such solutions are too slow and are vulnerable to sophisticated implicit information flow attacks. Also, the effectiveness of current solutions will be verified using formal verification techniques.This project will develop new techniques to solve these deficiencies. It will investigate the use of new hardware mechanisms that will accelerate the protection of applications from compromised commodity operating system kernels. It will develop new compiler transformations that will modify existing software to distrust other software components. It will devise new static information flow analysis methods and run-time checks to keep compromised operating system kernels from stealing application secrets and influencing application behaviors through Iago attacks. Finally, the project will build a formal model of the system and prove that it protects software as intended. The project will release open source software so that the techniques and tools can be used by other researchers and can find their way into practice. Educationally, curriculum for OS designers will contain knowledge of this important class of attacks at the point that designers are building the OS.

在理想的情况下，安全软件将被构建为一组相互不信任的组件，这些组件一起工作以完成目标。然而，现代软件不是这样构建的；相反，它非常信任称为操作系统内核的组件。幸运的是，有一些新的方法可以将程序彼此隔离，并将程序与操作系统内核隔离，从而在攻击者危及关键组件时将造成的损害降到最低。然而，这样的解决方案太慢，容易受到复杂的隐式信息流攻击。此外，将使用正式的验证技术验证当前解决方案的有效性。这个项目将开发新技术来解决这些不足。它将研究新的硬件机制的使用，这些机制将加速保护应用程序免受商用操作系统内核的侵害。它将开发新的编译器转换，这些转换将修改现有软件以不信任其他软件组件。它将设计新的静态信息流分析方法和运行时检查，以防止受损的操作系统内核通过Iago攻击窃取应用程序的秘密并影响应用程序的行为。最后，该项目将构建系统的正式模型，并证明它能按预期保护软件。该项目将发布开源软件，以便其他研究人员可以使用这些技术和工具，并找到将其应用于实践的方法。在教育方面，操作系统设计人员的课程将在设计人员构建操作系统时包含这类重要攻击的知识。

项目成果

Hardening Hypervisors with Ombro

使用 Ombro 强化虚拟机管理程序

• 发表时间: 2022
• 期刊: Usenix Security Symposium
• 作者: Johnson, Ethan;Pronovost, Colin;Criswell, John
• 通讯作者: Criswell, John

Shielding Software From Privileged Side-Channel Attacks

• 发表时间: 2018
• 期刊: ArXiv
• 作者: Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas

Spectres, virtual ghosts, and hardware support

• DOI: 10.1145/3214292.3214297
• 发表时间: 2018-06
• 期刊: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy
• 作者: Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas

Randezvous: Making Randomization Effective on MCUs

• DOI: 10.1145/3564625.3567970
• 发表时间: 2022-12
• 期刊: Proceedings of the 38th Annual Computer Security Applications Conference
• 作者: Zhuojia Shen;Komail Dharsee;J. Criswell