CAREER: Securing Applications From Compromised System Software
职业:保护应用程序免受受损系统软件的侵害
基本信息
- 批准号:1652280
- 负责人:
- 金额:$ 51.24万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Continuing Grant
- 财政年份:2017
- 资助国家:美国
- 起止时间:2017-04-01 至 2023-03-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
In an ideal world, secure software would be built as a set of mutually distrusting components that work together to accomplish goals. However, modern software is not built this way; rather, it heavily trusts a component called the operating system kernel. Fortunately, there are new methods of isolating programs from each other and from the OS kernel to minimize the damage caused if an attacker compromises a critical component. However, such solutions are too slow and are vulnerable to sophisticated implicit information flow attacks. Also, the effectiveness of current solutions will be verified using formal verification techniques.This project will develop new techniques to solve these deficiencies. It will investigate the use of new hardware mechanisms that will accelerate the protection of applications from compromised commodity operating system kernels. It will develop new compiler transformations that will modify existing software to distrust other software components. It will devise new static information flow analysis methods and run-time checks to keep compromised operating system kernels from stealing application secrets and influencing application behaviors through Iago attacks. Finally, the project will build a formal model of the system and prove that it protects software as intended. The project will release open source software so that the techniques and tools can be used by other researchers and can find their way into practice. Educationally, curriculum for OS designers will contain knowledge of this important class of attacks at the point that designers are building the OS.
在一个理想的世界里,安全软件应该是由一组相互不信任的组件组成,它们共同工作以实现目标。 然而,现代软件不是这样构建的;相反,它非常信任一个称为操作系统内核的组件。幸运的是,有一些新的方法可以将程序彼此隔离并与操作系统内核隔离,以最大限度地减少攻击者危及关键组件时造成的损害。 然而,这样的解决方案太慢,并且容易受到复杂的隐式信息流攻击。 此外,目前的解决方案的有效性将使用正式验证技术进行验证。本项目将开发新的技术来解决这些缺陷。 它将研究新硬件机制的使用,这些机制将加速保护应用程序免受受损的商品操作系统内核的影响。 它将开发新的编译器转换,将修改现有的软件不信任其他软件组件。 它将设计新的静态信息流分析方法和运行时检查,以防止受损的操作系统内核通过Iago攻击窃取应用程序机密和影响应用程序行为。 最后,该项目将建立一个正式的系统模型,并证明它保护软件的预期。 该项目将发布开源软件,以便其他研究人员可以使用这些技术和工具,并可以找到实践的方法。在教育方面,操作系统设计人员的课程将包含设计人员构建操作系统时这类重要攻击的知识。
项目成果
期刊论文数量(4)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Hardening Hypervisors with Ombro
使用 Ombro 强化虚拟机管理程序
- DOI:
- 发表时间:2022
- 期刊:
- 影响因子:0
- 作者:Johnson, Ethan;Pronovost, Colin;Criswell, John
- 通讯作者:Criswell, John
Shielding Software From Privileged Side-Channel Attacks
- DOI:
- 发表时间:2018
- 期刊:
- 影响因子:0
- 作者:Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas
- 通讯作者:Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas
Spectres, virtual ghosts, and hardware support
- DOI:10.1145/3214292.3214297
- 发表时间:2018-06
- 期刊:
- 影响因子:0
- 作者:Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas
- 通讯作者:Xiaowan Dong;Zhuojia Shen;J. Criswell;A. Cox;S. Dwarkadas
Randezvous: Making Randomization Effective on MCUs
- DOI:10.1145/3564625.3567970
- 发表时间:2022-12
- 期刊:
- 影响因子:0
- 作者:Zhuojia Shen;Komail Dharsee;J. Criswell
- 通讯作者:Zhuojia Shen;Komail Dharsee;J. Criswell
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
John Criswell其他文献
John Criswell的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('John Criswell', 18)}}的其他基金
Collaborative Research: SaTC: CORE: Medium: Compiler-Assisted Embedded Security
协作研究:SaTC:核心:中:编译器辅助嵌入式安全
- 批准号:
2154322 - 财政年份:2022
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
TWC: Small: Thwarting Kernel-Level Malware with Secure Virtual Architecture
TWC:小型:利用安全虚拟架构阻止内核级恶意软件
- 批准号:
1618213 - 财政年份:2016
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
II-EN: Enhancing Secure Virtual Architecture for Advanced Operating System Research
II-EN:增强高级操作系统研究的安全虚拟架构
- 批准号:
1629770 - 财政年份:2016
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
CRII: SaTC: Comprehensive and Automated Techniques for Evaluating Defenses Against Code Reuse Attacks
CRII:SaTC:用于评估代码重用攻击防御的综合自动化技术
- 批准号:
1463870 - 财政年份:2015
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
相似海外基金
Securing the Future: Inclusive Cybersecurity Education for All
确保未来:全民包容性网络安全教育
- 批准号:
2350448 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
CAREER: Securing Next-Generation Transportation Infrastructure: A Traffic Engineering Perspective
职业:保护下一代交通基础设施:交通工程视角
- 批准号:
2339753 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
Ownership-based Alias Analysis for Securing Unsafe Rust Programs
用于保护不安全 Rust 程序的基于所有权的别名分析
- 批准号:
DP240103194 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Discovery Projects
CAREER: Securing Off-premise Digital Services in the Presence of Strategic Incentives
职业:在战略激励的情况下确保场外数字服务的安全
- 批准号:
2337338 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Continuing Grant
CAREER: Securing the Future of Electric Field Measurements in Space Physics
职业:确保空间物理电场测量的未来
- 批准号:
2338825 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Continuing Grant
CAREER: Securing and Evolving Internet Security Protocols for Naming and Routing
职业:保护和发展用于命名和路由的互联网安全协议
- 批准号:
2339378 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Continuing Grant
Securing Convergent Ultra-large Scale Infrastructures
确保融合超大规模基础设施的安全
- 批准号:
EP/Z531315/1 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Research Grant
DHSC Securing Better Health - Economics and/or Social Research Fellowship
DHSC 确保更好的健康 - 经济学和/或社会研究奖学金
- 批准号:
ES/Y003926/1 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Fellowship
CRII: SaTC: Securing Smart Devices with AI-Powered mmWave Radar in New-Generation Wireless Networks
CRII:SaTC:在新一代无线网络中使用人工智能驱动的毫米波雷达保护智能设备
- 批准号:
2422863 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Standard Grant
Securing Transparency And Reproducibility in studies of Nutritional interventions (STAR-Nut)
确保营养干预研究的透明度和可重复性 (STAR-Nut)
- 批准号:
MR/Z503824/1 - 财政年份:2024
- 资助金额:
$ 51.24万 - 项目类别:
Research Grant