CAREER: Securing Applications From Compromised System Software
职业:保护应用程序免受受损系统软件的侵害
基本信息
- 批准号:1652280
- 负责人:
- 金额:$ 51.24万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Continuing Grant
- 财政年份:2017
- 资助国家:美国
- 起止时间:2017-04-01 至 2023-03-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
In an ideal world, secure software would be built as a set of mutually distrusting components that work together to accomplish goals. However, modern software is not built this way; rather, it heavily trusts a component called the operating system kernel. Fortunately, there are new methods of isolating programs from each other and from the OS kernel to minimize the damage caused if an attacker compromises a critical component. However, such solutions are too slow and are vulnerable to sophisticated implicit information flow attacks. Also, the effectiveness of current solutions will be verified using formal verification techniques.This project will develop new techniques to solve these deficiencies. It will investigate the use of new hardware mechanisms that will accelerate the protection of applications from compromised commodity operating system kernels. It will develop new compiler transformations that will modify existing software to distrust other software components. It will devise new static information flow analysis methods and run-time checks to keep compromised operating system kernels from stealing application secrets and influencing application behaviors through Iago attacks. Finally, the project will build a formal model of the system and prove that it protects software as intended. The project will release open source software so that the techniques and tools can be used by other researchers and can find their way into practice. Educationally, curriculum for OS designers will contain knowledge of this important class of attacks at the point that designers are building the OS.
在理想的情况下,安全软件将被构建为一组相互不信任的组件,这些组件一起工作以完成目标。然而,现代软件不是这样构建的;相反,它非常信任称为操作系统内核的组件。幸运的是,有一些新的方法可以将程序彼此隔离,并将程序与操作系统内核隔离,从而在攻击者危及关键组件时将造成的损害降到最低。然而,这样的解决方案太慢,容易受到复杂的隐式信息流攻击。此外,将使用正式的验证技术验证当前解决方案的有效性。这个项目将开发新技术来解决这些不足。它将研究新的硬件机制的使用,这些机制将加速保护应用程序免受商用操作系统内核的侵害。它将开发新的编译器转换,这些转换将修改现有软件以不信任其他软件组件。它将设计新的静态信息流分析方法和运行时检查,以防止受损的操作系统内核通过Iago攻击窃取应用程序的秘密并影响应用程序的行为。最后,该项目将构建系统的正式模型,并证明它能按预期保护软件。该项目将发布开源软件,以便其他研究人员可以使用这些技术和工具,并找到将其应用于实践的方法。在教育方面,操作系统设计人员的课程将在设计人员构建操作系统时包含这类重要攻击的知识。
项目成果
期刊论文数量(4)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Hardening Hypervisors with Ombro
使用 Ombro 强化虚拟机管理程序
- DOI:
- 发表时间:2022
- 期刊:
- 影响因子:0
- 作者:Johnson, Ethan;Pronovost, Colin;Criswell, John
- 通讯作者:Criswell, John
Shielding Software From Privileged Side-Channel Attacks
- DOI:
- 发表时间:2018
- 期刊:
- 影响因子:0
- 作者:Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas
- 通讯作者:Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas
Spectres, virtual ghosts, and hardware support
- DOI:10.1145/3214292.3214297
- 发表时间:2018-06
- 期刊:
- 影响因子:0
- 作者:Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas
- 通讯作者:Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas
Randezvous: Making Randomization Effective on MCUs
- DOI:10.1145/3564625.3567970
- 发表时间:2022-12
- 期刊:
- 影响因子:0
- 作者:Zhuojia Shen;Komail Dharsee;J. Criswell
- 通讯作者:Zhuojia Shen;Komail Dharsee;J. Criswell
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
John Criswell其他文献
John Criswell的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('John Criswell', 18)}}的其他基金
Collaborative Research: SaTC: CORE: Medium: Compiler-Assisted Embedded Security
协作研究:SaTC:核心:中:编译器辅助嵌入式安全
- 批准号:
2154322 - 财政年份:2022
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
TWC: Small: Thwarting Kernel-Level Malware with Secure Virtual Architecture
TWC:小型:利用安全虚拟架构阻止内核级恶意软件
- 批准号:
1618213 - 财政年份:2016
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
II-EN: Enhancing Secure Virtual Architecture for Advanced Operating System Research
II-EN:增强高级操作系统研究的安全虚拟架构
- 批准号:
1629770 - 财政年份:2016
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
CRII: SaTC: Comprehensive and Automated Techniques for Evaluating Defenses Against Code Reuse Attacks
CRII:SaTC:用于评估代码重用攻击防御的综合自动化技术
- 批准号:
1463870 - 财政年份:2015
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
相似海外基金
Securing the Future: Inclusive Cybersecurity Education for All
确保未来:全民包容性网络安全教育
- 批准号:
2350448 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
CAREER: Securing Next-Generation Transportation Infrastructure: A Traffic Engineering Perspective
职业:保护下一代交通基础设施:交通工程视角
- 批准号:
2339753 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
Ownership-based Alias Analysis for Securing Unsafe Rust Programs
用于保护不安全 Rust 程序的基于所有权的别名分析
- 批准号:
DP240103194 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Discovery Projects
CAREER: Securing Off-premise Digital Services in the Presence of Strategic Incentives
职业:在战略激励的情况下确保场外数字服务的安全
- 批准号:
2337338 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Continuing Grant
CAREER: Securing the Future of Electric Field Measurements in Space Physics
职业:确保空间物理电场测量的未来
- 批准号:
2338825 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Continuing Grant
CAREER: Securing and Evolving Internet Security Protocols for Naming and Routing
职业:保护和发展用于命名和路由的互联网安全协议
- 批准号:
2339378 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Continuing Grant
Securing Convergent Ultra-large Scale Infrastructures
确保融合超大规模基础设施的安全
- 批准号:
EP/Z531315/1 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Research Grant
DHSC Securing Better Health - Economics and/or Social Research Fellowship
DHSC 确保更好的健康 - 经济学和/或社会研究奖学金
- 批准号:
ES/Y003926/1 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Fellowship
Securing Transparency And Reproducibility in studies of Nutritional interventions (STAR-Nut)
确保营养干预研究的透明度和可重复性 (STAR-Nut)
- 批准号:
MR/Z503824/1 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Research Grant
CRII: SaTC: Securing Smart Devices with AI-Powered mmWave Radar in New-Generation Wireless Networks
CRII:SaTC:在新一代无线网络中使用人工智能驱动的毫米波雷达保护智能设备
- 批准号:
2422863 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant