SaTC: CORE: Small: Selective Data Protection against Data-oriented and Transient Execution Attacks

SaTC：核心：小型：针对面向数据和瞬态执行攻击的选择性数据保护

• 批准号: 2104148
• 负责人: Michail Polychronakis
• 金额: $ 49.91万
• 依托单位: SUNY at Stony Brook
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-07-01 至 2025-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2104148&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Selective; Data

The exploitation of software vulnerabilities caused by memory errors has become more challenging due to the deployment of numerous exploit mitigation technologies. Consequently, instead of striving to gain arbitrary code execution capabilities, attackers have turned their attention to the leakage of sensitive process data through memory disclosure vulnerabilities. To make matters worse, the threat of data leakage has been exacerbated by the recent spate of transient execution attacks, which can leak otherwise inaccessible process data through residual microarchitectural side effects. To defend against the emerging threat of data-oriented attacks, the project will investigate practical selective data protection techniques by focusing on i) enabling developers to protect sensitive data with minimal manual effort; ii) protecting sensitive data against both memory disclosure vulnerabilities and transient execution attacks; and iii) maintaining compatibility with large-scale real-world applications. The outcomes of the project are expected to improve the state of the art in defenses against data-oriented and transient execution attacks and achieve substantial practical impact by shielding existing vulnerable applications against exploitation, benefiting both end users and security researchers. The project will also provide students the opportunity to conduct research in cybersecurity, and will foster the integration of cybersecurity into high school education through hands-on workshops for students and seminars for science teachers.To defend against the emerging threats of memory disclosure vulnerabilities and transient execution attacks, the project will investigate selective data protection techniques based on in-memory data encryption, centered around three innovative aspects. First, elevating data protection as a core language feature will enable developers to effortlessly enable in-memory encryption of data they deem critical. Besides C/C++, the project will also focus on JavaScript and Rust, which, although immune against memory disclosure vulnerabilities, are still prone to transient execution attacks. Second, a hybrid approach that combines static pointer analysis with scoped dynamic data flow tracking will minimize the heavyweight instrumentation required for keeping sensitive data encrypted in memory. The key insight behind this technique is that the inherent over-approximation of pointer analysis can be ameliorated by relying on lightweight label lookups to determine if potentially sensitive data is actually sensitive. Third, the sensitivity of pointer analysis can be increased in a scalable way by i) introducing a summarization-based context-sensitive heap modeling approach tailored to the extensive use of memory wrappers in popular applications, and ii) selectively increasing sensitivity only at certain parts of the program where it is likely to be beneficial to the overall analysis precision.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

由于部署了许多漏洞利用缓解技术，利用内存错误引起的软件漏洞变得更具挑战性。因此，攻击者不再努力获得任意代码执行能力，而是将注意力转向通过内存泄漏漏洞泄漏敏感进程数据。更糟糕的是，最近大量的瞬态执行攻击加剧了数据泄漏的威胁，这些攻击可以通过残留的微体系结构副作用泄漏否则无法访问的进程数据。为了抵御新出现的面向数据的攻击威胁，该项目将研究实用的选择性数据保护技术，重点关注i）使开发人员能够以最少的手动工作来保护敏感数据; ii）保护敏感数据免受内存泄露漏洞和瞬时执行攻击;和iii）保持与大规模现实世界应用程序的兼容性。该项目的成果预计将提高防御面向数据和瞬时执行攻击的最新技术水平，并通过保护现有易受攻击的应用程序免受利用，从而使最终用户和安全研究人员受益。该项目还将为学生提供进行网络安全研究的机会，并将通过为学生举办的实践研讨会和为科学教师举办的研讨会，促进网络安全融入高中教育。为了抵御内存泄露漏洞和瞬时执行攻击等新兴威胁，该项目将研究基于内存数据加密的选择性数据保护技术，围绕三个创新点。首先，将数据保护提升为核心语言功能将使开发人员能够毫不费力地对他们认为重要的数据进行内存加密。除了C/C++，该项目还将关注JavaScript和Rust，尽管它们对内存泄漏漏洞免疫，但仍然容易受到瞬态执行攻击。其次，将静态指针分析与范围动态数据流跟踪相结合的混合方法将最大限度地减少在内存中保持敏感数据加密所需的重量级插装。这种技术背后的关键见解是，指针分析的固有过度近似可以通过依赖轻量级标签查找来确定潜在敏感数据是否实际敏感来改善。第三，指针分析的灵敏度可以通过以下方式以可缩放的方式增加：i）引入针对流行应用程序中存储器包装器的广泛使用而定制的基于摘要的上下文敏感堆建模方法，和ii）只在计划的某些部分有选择地提高灵敏度，在这些部分可能有利于整体分析精度。该奖项反映了NSF的法定使命，并被认为是值得的通过使用基金会的知识价值和更广泛的影响审查标准进行评估，

项目成果

Decap: Deprivileging Programs by Reducing Their Capabilities

Decap：通过降低程序的能力来剥夺程序的特权

• DOI: 10.1145/3545948.3545978
• 发表时间: 2022
• 期刊: Intrusions and Defenses (RAID
• 作者: Hasan, Md Mehedi;Ghavamnia, Seyedhamed;Polychronakis, Michalis
• 通讯作者: Polychronakis, Michalis