SaTC: CORE: Medium: Collaborative: Threat-Aware Defense: Evaluating Threats for Continuous Improvement

SaTC：核心：中：协作：威胁感知防御：评估威胁以持续改进

• 批准号: 1801534
• 负责人: Trent Jaeger
• 金额: $ 80万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-15 至 2024-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1801534&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; Threat

Adversaries are outpacing developers in the race to find program vulnerabilities. Where programmers have to find all potential software flaws in their programs and determine whether they are exploitable across all deployments to prevent vulnerabilities, adversaries need only find one software flaw that enables them to achieve their goals in any one deployment. Current techniques to rid programs of vulnerabilities cannot find all such flaws due to the complexity of modern software and their deployments. Rather than proving the absence of flaws, recent vulnerability detection research is exploring more powerful techniques to automate exploit generation. However, such exploit generation often lacks a systematic model of modern and emerging defenses, which may be useful in assessing the utility of defenses. In addition, once an exploit is generated, defenses to prevent that exploit must be added manually to the program. As a result, vulnerability detection does not yet pay enough attention to defenses to assess their effectiveness nor generate additional defenses when necessary.This project proposes a theory and techniques to improve defenses continuously and iteratively to counter threats that cause vulnerabilities. A method is developed that searches programs for security policy violations and extends existing defenses to prevent detected violations automatically. The main insight is to link the threats and defenses of each program into one coherent model, called the Program Threat Graph (PTG), to evaluate proactively whether threats enable adversaries to violate program security policies given current defenses and automate the improvement of defenses to prevent such violations. The project explores how to find security violations given a program's internal and environmental defenses. Security violations are used to generate both targeted defenses and/or systematic defenses to block this exploit efficiently and block potentially unknown exploits that may leverage other flaws under given performance constraints. The goal of this research is to continuously improve defenses against vulnerabilities. The approach discovers security violations given a specification for both current and upcoming defenses, tightening them automatically and recovering from attempted attacks without disrupting program functionality. All tools, benchmarks, and analyses developed during this project are released as open-source. For outreach, the focus is on capture-the-flag competitions and summer software security courses.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

对手正在超过竞赛中的开发人员，以找到程序漏洞。如果程序员必须在其程序中找到所有潜在的软件缺陷，并确定他们是否在所有部署中都可以利用以防止漏洞，那么对手只需要找到一个软件缺陷就可以使他们能够在任何一个部署中实现目标。由于现代软件的复杂性及其部署的复杂性，目前无法找到漏洞的技术无法找到所有这些缺陷。最近，最近的脆弱性检测研究没有证明缺乏缺陷，而是探索了更强大的技术来自动化利用生成。但是，这种利用一代通常缺乏系统的现代和新兴防御模型，这对于评估防御能力可能很有用。此外，一旦生成了利用，必须手动将其添加到程序中。 结果，脆弱性检测尚未足够关注防御能力来评估其有效性，也没有在必要时产生额外的防御能力。本项目提出了一种理论和技术，以连续且迭代地改善防御能力，以应对引起脆弱性的威胁。开发了一种方法，该方法将程序搜索违反安全策略的行为并扩展现有防御，以防止被发现的违规行为自动。 主要见解是将每个程序的威胁和防御措施链接到一个称为“计划威胁图”（PTG）的连贯模型中，以主动评估威胁是否使对手能够违反当前防御措施的计划安全政策，并自动化防御措施以防止这种违法行为。 该项目探讨了如何在计划的内部和环境防御措施的情况下找到违反安全性行为。 安全违规行为用于生成针对性的防御和/或系统的防御，以有效地阻止此漏洞，并阻止可能在给定性能限制下利用其他缺陷的潜在未知的利用。这项研究的目的是不断改善防御脆弱性。该方法发现了针对当前和即将到来的防御措施的规范，自动收紧了安全性，并从未遂攻击中恢复而不会破坏程序功能。在此项目期间开发的所有工具，基准和分析都是开源的。对于外展活动，重点是捕获范围的竞赛和夏季软件安全课程。该奖项反映了NSF的法定任务，并且使用基金会的知识分子优点和更广泛的影响评估标准，被认为值得通过评估来获得支持。

项目成果

Program-mandering: Quantitative Privilege Separation

• DOI: 10.1145/3319535.3354218
• 发表时间: 2019-11
• 期刊: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Shen Liu;Dongrui Zeng;Yongzhe Huang;Frank Capobianco;Stephen McCamant;T. Jaeger;Gang Tan

Employing attack graphs for intrusion detection

• DOI: 10.1145/3368860.3368862
• 发表时间: 2019-09
• 期刊: Proceedings of the New Security Paradigms Workshop
• 作者: Frank Capobianco;R. George;Kaiming Huang;T. Jaeger;S. Krishnamurthy;Zhiyun Qian;Mathias Payer;Paul L. Yu

Block Oriented Programming: Automating Data-Only Attacks

• DOI: 10.1145/3243734.3243739
• 发表时间: 2018-05
• 期刊: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Kyriakos K. Ispoglou;Bader Albassam;T. Jaeger;Mathias Payer

Lightweight kernel isolation with virtualization and VM functions

• DOI: 10.1145/3381052.3381328
• 发表时间: 2020-03
• 期刊: Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments
• 作者: Vikram Narayanan;Yongzhe Huang;Gang Tan;T. Jaeger;A. Burtsev

Evolving Operating System Kernels Towards Secure Kernel-Driver Interfaces

• DOI: 10.1145/3593856.3595914
• 发表时间: 2023-06
• 期刊: Proceedings of the 19th Workshop on Hot Topics in Operating Systems
• 作者: A. Burtsev;Vikram Narayanan;Yongzhe Huang;Kaiming Huang;Gang Tan;T. Jaeger