CICI: UCSS: Helix++: Securing Open Science Platforms

CICI：UCSS：Helix：保护开放科学平台

• 批准号: 2115130
• 负责人: Jack Davidson
• 金额: $ 49.8万
• 依托单位: University of Virginia Main Campus
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-08-01 至 2024-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2115130&HistoricalAwards=false
• 关键词: CICI; UCSS; Helix++; Securing; Open

The Helix++ project’s goal is to use recently developed, promising cybersecurity research results to secure open-science platforms. Securing these open-science platforms is vital because compromise of research infrastructure can have severe consequences, including the delay of critical research, corruption of research results, theft of intellectual property, and exposure of personally identifiable information. Beyond providing researchers customized, secure packages of widely used open software, the Helix++ project will provide insights and directions for future research and strategies for protecting critical cyber infrastructure. Using two existing operational open-science platforms at the University of Virginia, the project will investigate the interaction of technical and policy issues which are fundamental to infrastructure protection.The open-source Helix++ project improves the security posture of open science platforms by applying cutting-edge cybersecurity techniques to diversify and harden software automatically. A distinguishing feature of Helix++ is that it does not require source code or build artifacts. It operates directly on software in binary form—even stripped executables and libraries. This feature is key as rebuilding applications from source is a time-consuming and often frustrating process. Helix++ enables the rapid generation and deployment of secure containers and virtual machines, wherein various applications and libraries are transformed to incorporate the Helix++ protections. Diversification breaks the software monoculture and makes attacks harder to execute as information needed for a successful attack will have changed unpredictably. Diversification also forces attackers to customize an attack for each target instead of attackers crafting an exploit that works reliably on all similarly configured targets. Hardening directly targets key attack classes. The combination of diversity and hardening provides defense-in-depth, as well as a moving target defense. Helix++ is evaluated on two open science platforms to demonstrate its efficacy and usability.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目标是利用最近开发的、有前途的网络安全研究成果来保护开放科学平台。保护这些开放科学平台至关重要，因为研究基础设施的妥协可能会产生严重后果，包括关键研究的延迟，研究成果的腐败，知识产权的盗窃以及个人身份信息的暴露。除了为研究人员提供定制的、安全的广泛使用的开放软件包外，Hacker ++项目还将为未来的研究和保护关键网络基础设施的战略提供见解和方向。该项目将利用弗吉尼亚大学现有的两个开放科学平台，调查对基础设施保护至关重要的技术和政策问题之间的相互作用，开源Hundreds ++项目通过应用尖端网络安全技术自动使软件多样化和强化，改善开放科学平台的安全态势。Hacker ++的一个显著特点是它不需要源代码或构建工件。它直接操作二进制形式的软件，甚至是剥离的可执行文件和库。这个特性是关键，因为从源代码重建应用程序是一个耗时且经常令人沮丧的过程。Hacker ++支持快速生成和部署安全容器和虚拟机，其中各种应用程序和库都经过转换以纳入Hacker ++保护。多样化打破了软件的单一文化，使攻击更难执行，因为成功攻击所需的信息将发生不可预测的变化。多样化还迫使攻击者为每个目标定制攻击，而不是攻击者精心制作一个可以在所有类似配置的目标上可靠工作的漏洞。强化直接针对关键攻击类。多样性和强化的结合提供了纵深防御以及移动目标防御。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing

• 发表时间: 2021
• 期刊: International Journal for Numerical Methods in Engineering
• 影响因子: 2.9
• 作者: Stefan Nagy;A. Nguyen-Tuong;Jason Hiser;J. Davidson;Matthew Hicks

Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing

• DOI: 10.1145/3460120.3484787
• 发表时间: 2021-11
• 期刊: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Stefan Nagy;A. Nguyen-Tuong;Jason Hiser;J. Davidson;Matthew Hicks