SaTC: CORE: Medium: Collaborative: Threat-Aware Defense: Evaluating Threats for Continuous Improvement

SaTC：核心：中：协作：威胁感知防御：评估威胁以持续改进

• 批准号: 1801534
• 负责人: Trent Jaeger
• 金额: $ 80万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-15 至 2024-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1801534&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Collaborative; Threat

Adversaries are outpacing developers in the race to find program vulnerabilities. Where programmers have to find all potential software flaws in their programs and determine whether they are exploitable across all deployments to prevent vulnerabilities, adversaries need only find one software flaw that enables them to achieve their goals in any one deployment. Current techniques to rid programs of vulnerabilities cannot find all such flaws due to the complexity of modern software and their deployments. Rather than proving the absence of flaws, recent vulnerability detection research is exploring more powerful techniques to automate exploit generation. However, such exploit generation often lacks a systematic model of modern and emerging defenses, which may be useful in assessing the utility of defenses. In addition, once an exploit is generated, defenses to prevent that exploit must be added manually to the program. As a result, vulnerability detection does not yet pay enough attention to defenses to assess their effectiveness nor generate additional defenses when necessary.This project proposes a theory and techniques to improve defenses continuously and iteratively to counter threats that cause vulnerabilities. A method is developed that searches programs for security policy violations and extends existing defenses to prevent detected violations automatically. The main insight is to link the threats and defenses of each program into one coherent model, called the Program Threat Graph (PTG), to evaluate proactively whether threats enable adversaries to violate program security policies given current defenses and automate the improvement of defenses to prevent such violations. The project explores how to find security violations given a program's internal and environmental defenses. Security violations are used to generate both targeted defenses and/or systematic defenses to block this exploit efficiently and block potentially unknown exploits that may leverage other flaws under given performance constraints. The goal of this research is to continuously improve defenses against vulnerabilities. The approach discovers security violations given a specification for both current and upcoming defenses, tightening them automatically and recovering from attempted attacks without disrupting program functionality. All tools, benchmarks, and analyses developed during this project are released as open-source. For outreach, the focus is on capture-the-flag competitions and summer software security courses.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

对手在寻找程序漏洞的竞赛中超过了开发人员。程序员必须在其程序中找到所有潜在的软件缺陷，并确定它们是否可在所有部署中被利用以防止漏洞，而攻击者只需找到一个软件缺陷，即可在任何一个部署中实现其目标。由于现代软件及其部署的复杂性，目前消除程序漏洞的技术无法找到所有这些缺陷。最近的漏洞检测研究不是证明漏洞的存在，而是探索更强大的技术来自动生成漏洞。然而，这种利用生成通常缺乏现代和新兴防御的系统模型，这可能有助于评估防御的效用。此外，一旦产生了漏洞，必须手动向程序添加防御措施以防止该漏洞。 因此，漏洞检测尚未足够重视防御措施，以评估其有效性，也没有在必要时生成额外的防御措施。本项目提出了一种理论和技术，以不断改进防御措施，并迭代地应对导致漏洞的威胁。开发了一种方法，搜索程序的安全策略违反和扩展现有的防御，以防止检测到的违规自动。 主要的见解是将每个程序的威胁和防御链接到一个连贯的模型中，称为程序威胁图（PTG），以主动评估威胁是否使对手能够违反当前防御的程序安全策略，并自动改进防御以防止此类违规行为。 该项目探讨了如何在给定程序的内部和环境防御的情况下发现安全违规行为。 安全违规用于生成有针对性的防御和/或系统性防御，以有效阻止此漏洞利用，并阻止可能在给定性能约束下利用其他漏洞的潜在未知漏洞利用。这项研究的目标是不断提高对漏洞的防御能力。该方法发现了安全违规行为，给出了当前和即将到来的防御规范，自动收紧它们并从尝试的攻击中恢复，而不会中断程序功能。在这个项目中开发的所有工具、基准和分析都是开源的。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Program-mandering: Quantitative Privilege Separation

• DOI: 10.1145/3319535.3354218
• 发表时间: 2019-11
• 期刊: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Shen Liu;Dongrui Zeng;Yongzhe Huang;Frank Capobianco;Stephen McCamant;T. Jaeger;Gang Tan

Employing attack graphs for intrusion detection

• DOI: 10.1145/3368860.3368862
• 发表时间: 2019-09
• 期刊: Proceedings of the New Security Paradigms Workshop
• 作者: Frank Capobianco;R. George;Kaiming Huang;T. Jaeger;S. Krishnamurthy;Zhiyun Qian;Mathias Payer;Paul L. Yu

Lightweight kernel isolation with virtualization and VM functions

• DOI: 10.1145/3381052.3381328
• 发表时间: 2020-03
• 期刊: Proceedings of the 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments
• 作者: Vikram Narayanan;Yongzhe Huang;Gang Tan;T. Jaeger;A. Burtsev

Block Oriented Programming: Automating Data-Only Attacks

• DOI: 10.1145/3243734.3243739
• 发表时间: 2018-05
• 期刊: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Kyriakos K. Ispoglou;Bader Albassam;T. Jaeger;Mathias Payer

Evolving Operating System Kernels Towards Secure Kernel-Driver Interfaces

• DOI: 10.1145/3593856.3595914
• 发表时间: 2023-06
• 期刊: Proceedings of the 19th Workshop on Hot Topics in Operating Systems
• 作者: A. Burtsev;Vikram Narayanan;Yongzhe Huang;Kaiming Huang;Gang Tan;T. Jaeger