SaTC: EDU: LIGERLabs: Educational Modules for (Anti-)Reverse Engineering

SaTC：EDU：LIGERLabs：（反）逆向工程教育模块

• 批准号: 2029632
• 负责人: Christian Collberg
• 金额: $ 40万
• 依托单位: University of Arizona
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2029632&HistoricalAwards=false
• 关键词: SaTC; EDU; LIGERLabs; Educational; Modules

Attacks against endpoints of our interconnected cyberspace, such as laptops and mobile devices, are becoming more prevalent. Attackers can steal data-processing capacity and/or leak user data from a user's web browser, automobiles can be commandeered by violating the integrity of safety-critical software, virtual currency can be stolen by corrupting mobile games, critical infrastructure can be subverted by manipulating electrical meters, and Internet-of-Things devices in our homes can be hijacked. Reverse engineering and anti-reverse engineering are important topics in cybersecurity. Malicious actors may seek to reverse engineer software and hardware to find vulnerable points to attack. Conversely, these concepts can be used defensively by cybersecurity professionals to identify and strengthen vulnerabilities in hardware and software, and to prevent exploitation. This project will develop a collection of educational resources for teaching reverse engineering and anti-reverse engineering concepts to undergraduate and graduate level computer science students. These resources will stress the interplay between reverse engineering and anti-reverse engineering, and how progress in one drives progress in the other. As a result of this project, computer science students will enter the workforce with a better understanding of how to defend against endpoint attacks, which will benefit national security.The goal of this project is threefold: to give students the mental tools necessary to understand the low-level nature of many of the cybersecurity issues seen today, to increase student proficiency in dissecting and analyzing different forms of executable code, and to ensure students are familiar with techniques for protecting against attacks. Particular emphasis is placed on the interplay between reverse engineering and anti-reverse engineering. Over time, the design of more powerful program analysis techniques has driven the development of new software protection techniques to counter them, and vice versa. It is the goal of this work to provide students with the intellectual tools and practical skills to appreciate this ongoing struggle and to prepare them for future developments throughout their careers. To accomplish this goal, the project team proposes to develop a structure termed "LIGERLabs" to foster undergraduate and graduate computer science students' abilities in reverse engineering and anti-reverse engineering. LIGERLabs will include a collection of recorded video lectures and animations, virtual machines with pre-installed attack and defense tools, write-ups and answer-sheets for paper-and-pencil homework exercises and in-class collaborative exercises, take-home programming assignments, and generators and auto-graders of reverse engineering exercises. To generate appropriately calibrated reverse engineering exercises, this project will conduct studies of students from different backgrounds to build up a schedule of exercises of appropriate complexity.This project is supported by the Secure and Trustworthy Cyberspace (SaTC) program, which funds proposals that address cybersecurity and privacy, and in this case specifically cybersecurity education. The SaTC program aligns with the Federal Cybersecurity Research and Development Strategic Plan and the National Privacy Research Strategy to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

针对互联网络空间端点（如笔记本电脑和移动的设备）的攻击正变得越来越普遍。攻击者可以从用户的Web浏览器窃取数据处理能力和/或泄漏用户数据，可以通过破坏安全关键软件的完整性来征用汽车，可以通过破坏手机游戏来窃取虚拟货币，可以通过操纵电表来破坏关键基础设施，并且可以劫持我们家中的物联网设备。逆向工程和反逆向工程是网络安全领域的重要课题。恶意行为者可能会试图对软件和硬件进行逆向工程，以找到易受攻击的点。相反，这些概念可以被网络安全专业人员用于防御，以识别和加强硬件和软件中的漏洞，并防止利用。 这个项目将开发一系列教育资源，用于向本科和研究生计算机科学专业的学生教授逆向工程和反逆向工程概念。这些资源将强调逆向工程和反逆向工程之间的相互作用，以及一个方面的进展如何推动另一个方面的进展。作为该项目的结果，计算机科学专业的学生将进入劳动力市场，更好地了解如何防御端点攻击，这将有利于国家安全。该项目的目标有三个方面：为学生提供必要的心理工具，以了解当今看到的许多网络安全问题的低层次性质，提高学生解剖和分析不同形式的可执行代码的熟练程度，并确保学生熟悉防范攻击的技术。特别强调了反向工程和反反向工程之间的相互作用。随着时间的推移，更强大的程序分析技术的设计推动了新的软件保护技术的发展，以对抗它们，反之亦然。这项工作的目标是为学生提供智力工具和实用技能，以欣赏这一持续的斗争，并为他们在整个职业生涯中的未来发展做好准备。为了实现这一目标，项目组建议开发一个名为“LIGERLabs”的结构，以培养计算机科学本科生和研究生的逆向工程和反逆向工程能力。LIGERLabs将包括一系列录制的视频讲座和动画，预装攻击和防御工具的虚拟机，纸笔作业练习和课堂协作练习的写作和答题纸，带回家的编程作业，以及逆向工程练习的生成器和自动评分器。为了生成适当校准的逆向工程练习，该项目将对来自不同背景的学生进行研究，以建立适当复杂度的练习时间表。该项目得到安全和值得信赖的网络空间（SaTC）计划的支持，该计划资助解决网络安全和隐私问题的提案，在这种情况下，特别是网络安全教育。SATC计划与联邦网络安全研究和发展战略计划和国家隐私研究战略保持一致，以保护和维护网络系统日益增长的社会和经济效益，同时确保安全和隐私。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。