CAREER: Securing Applications From Compromised System Software

职业：保护应用程序免受受损系统软件的侵害

• 批准号: 1652280
• 负责人: John Criswell
• 金额: $ 51.24万
• 依托单位: University of Rochester
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-04-01 至 2023-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1652280&HistoricalAwards=false
• 关键词: CAREER; Securing; Applications; Compromised; System

In an ideal world, secure software would be built as a set of mutually distrusting components that work together to accomplish goals. However, modern software is not built this way; rather, it heavily trusts a component called the operating system kernel. Fortunately, there are new methods of isolating programs from each other and from the OS kernel to minimize the damage caused if an attacker compromises a critical component. However, such solutions are too slow and are vulnerable to sophisticated implicit information flow attacks. Also, the effectiveness of current solutions will be verified using formal verification techniques.This project will develop new techniques to solve these deficiencies. It will investigate the use of new hardware mechanisms that will accelerate the protection of applications from compromised commodity operating system kernels. It will develop new compiler transformations that will modify existing software to distrust other software components. It will devise new static information flow analysis methods and run-time checks to keep compromised operating system kernels from stealing application secrets and influencing application behaviors through Iago attacks. Finally, the project will build a formal model of the system and prove that it protects software as intended. The project will release open source software so that the techniques and tools can be used by other researchers and can find their way into practice. Educationally, curriculum for OS designers will contain knowledge of this important class of attacks at the point that designers are building the OS.

在一个理想的世界里，安全软件应该是由一组相互不信任的组件组成，它们共同工作以实现目标。 然而，现代软件不是这样构建的;相反，它非常信任一个称为操作系统内核的组件。幸运的是，有一些新的方法可以将程序彼此隔离并与操作系统内核隔离，以最大限度地减少攻击者危及关键组件时造成的损害。 然而，这样的解决方案太慢，并且容易受到复杂的隐式信息流攻击。 此外，目前的解决方案的有效性将使用正式验证技术进行验证。本项目将开发新的技术来解决这些缺陷。 它将研究新硬件机制的使用，这些机制将加速保护应用程序免受受损的商品操作系统内核的影响。 它将开发新的编译器转换，将修改现有的软件不信任其他软件组件。 它将设计新的静态信息流分析方法和运行时检查，以防止受损的操作系统内核通过Iago攻击窃取应用程序机密和影响应用程序行为。 最后，该项目将建立一个正式的系统模型，并证明它保护软件的预期。 该项目将发布开源软件，以便其他研究人员可以使用这些技术和工具，并可以找到实践的方法。在教育方面，操作系统设计人员的课程将包含设计人员构建操作系统时这类重要攻击的知识。

项目成果

Hardening Hypervisors with Ombro

使用 Ombro 强化虚拟机管理程序

• 发表时间: 2022
• 期刊: Usenix Security Symposium
• 作者: Johnson, Ethan;Pronovost, Colin;Criswell, John
• 通讯作者: Criswell, John

Shielding Software From Privileged Side-Channel Attacks

• 发表时间: 2018
• 期刊: ArXiv
• 作者: Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas

Spectres, virtual ghosts, and hardware support

• DOI: 10.1145/3214292.3214297
• 发表时间: 2018-06
• 期刊: Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy
• 作者: Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas

Randezvous: Making Randomization Effective on MCUs

• DOI: 10.1145/3564625.3567970
• 发表时间: 2022-12
• 期刊: Proceedings of the 38th Annual Computer Security Applications Conference
• 作者: Zhuojia Shen;Komail Dharsee;J. Criswell