CAREER: Toward Securing Emerging Computing Platforms via Large-Scale Dynamic Analysis

职业：通过大规模动态分析保护新兴计算平台

• 批准号: 1942793
• 负责人: Manuel Egele
• 金额: $ 55.9万
• 依托单位: Trustees of Boston University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-03-01 至 2025-02-28
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1942793&HistoricalAwards=false
• 关键词: CAREER; Toward; Securing; Emerging; Computing

The Internet of Things (IoT) is poised to permeate all aspects of our daily lives, from already existing smart home assistants, over increasingly popular industrial applications, to yet to be developed personal health devices. Clearly, these technologies offer exciting and new opportunities, yet the software and devices that comprise the IoT encompass serious security threats. While analysis tools for commodity systems, such as Windows or Android, allow developers to scan their products for potential security vulnerabilities, the landscape of the IoT poses additional, unique challenges for bringing such security tools to bear. These challenges include the heterogeneity of the architectures, operating systems, and software stacks employed by the IoT, the rapidly changing capabilities and deployments of IoT systems, and the sheer number of different IoT gadgets. Hence, any analysis aiming to improve the security of the IoT must be able to accommodate this diversity.The investigator's prior work demonstrated that security-focused analysis for Linux-powered IoT devices can greatly improve the security of the supported devices and their users. However, prior research also revealed that there is a substantive body of IoT devices and software that either relies on operating systems other than Linux, or no operating system at all. Thus, this project will research and develop novel scalable dynamic analysis techniques that help developers and security analysts to proactively identify potential security issues in contemporary IoT systems. The resulting analysis will support reasoning about various layers of abstraction in the computing stack, including user space, kernel space, and, importantly, so-called bare metal code that executes directly on an IoT device's CPU without the help of an operating system. These analysis will be brought to bear on a large collection of software powering the IoT, resulting from the investigator's prior research augmented with IoT software to be collected during the project. By covering this broad spectrum of the IoT, this project holds the promise to significantly improve the security of current and future IoT systems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

物联网(IoT)正准备渗透到我们日常生活的方方面面，从已经存在的智能家居助手，到日益流行的工业应用，再到尚未开发的个人健康设备。显然，这些技术提供了令人兴奋的新机会，但构成物联网的软件和设备包含严重的安全威胁。虽然Windows或Android等商用系统的分析工具允许开发人员扫描他们的产品以发现潜在的安全漏洞，但物联网的环境为应用此类安全工具带来了额外的、独特的挑战。这些挑战包括物联网采用的架构、操作系统和软件堆栈的异构性、快速变化的物联网系统功能和部署以及数量庞大的不同物联网设备。因此，任何旨在提高物联网安全性的分析都必须能够适应这种多样性。研究人员先前的工作表明，对基于Linux的物联网设备进行安全重点分析可以极大地提高受支持设备及其用户的安全性。然而，先前的研究也显示，有大量物联网设备和软件要么依赖Linux以外的操作系统，要么根本没有操作系统。因此，该项目将研究和开发新的可扩展的动态分析技术，帮助开发人员和安全分析师主动识别当代物联网系统中的潜在安全问题。由此产生的分析将支持对计算堆栈中不同抽象层的推理，包括用户空间、内核空间，以及重要的所谓裸机代码，这些代码无需操作系统的帮助就可以直接在物联网设备的CPU上执行。这些分析将用于支持物联网的大量软件集合，这些软件来自调查人员之前的研究，并在项目期间收集了物联网软件。通过涵盖物联网的广泛领域，该项目承诺显著提高当前和未来物联网系统的安全性。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

SoK: Enabling Security Analyses of Embedded Systems via Rehosting

• DOI: 10.1145/3433210.3453093
• 发表时间: 2021-05
• 期刊: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security
• 作者: Andrew Fasano;Tiemoko Ballo;Marius Muench;T. Leek;Alexander Bulekov;Brendan Dolan-Gavitt;Manuel Egele-Manue

Evocatio: Conjuring Bug Capabilities from a Single PoC

• DOI: 10.1145/3548606.3560575
• 发表时间: 2022-11
• 期刊: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Z. Jiang;Shuitao Gan;Adrián Herrera;Flavio Toffalini;Lucio Romerio;Chaojing Tang;Manuel Egele;Chao Zhang;Mathias Payer

No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Descriptions

• DOI: 10.14722/ndss.2023.24688
• 发表时间: 2023
• 期刊: Proceedings 2023 Network and Distributed System Security Symposium
• 作者: Alexander Bulekov;Bandan Das;Stefan Hajnoczi;Manuel Egele

FirmSolo: Enabling dynamic analysis of binary Linux-based IoT kernel modules

• 发表时间: 2023
• 作者: Ioannis Angelakopoulos;G. Stringhini;Manuel Egele

SURGEON: Performant, Flexible, and Accurate Re-Hosting via Transplantation

SURGEON：通过移植实现高性能、灵活且准确的重新托管

• 发表时间: 2024
• 期刊: Workshop on Binary Analysis Research (BAR'24
• 作者: Hofhammer, Florian;Busch, Marcel;Wang, Qinying;Egele, Manuel;Payer, Mathias
• 通讯作者: Payer, Mathias