Collaborative Research: SaTC: CORE: Large: Building and Deploying a Verified JavaScript Runtime
协作研究:SaTC:核心:大型:构建和部署经过验证的 JavaScript 运行时
基本信息
- 批准号:2120696
- 负责人:
- 金额:$ 172.99万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Continuing Grant
- 财政年份:2021
- 资助国家:美国
- 起止时间:2021-10-01 至 2026-09-30
- 项目状态:未结题
- 来源:
- 关键词:
项目摘要
Browsers run the complex Web applications modern society relies on. Browser vendors go to great lengths to make Web applications run efficiently on user machines, using just-in-time (JIT) compilers that turns Web application code, written in JavaScript, into optimized machine code. Unfortunately, bugs in JavaScript JITs have emerged as the single largest threat to web platform security and the most dangerous attack surface of web-connected devices. Bugs in JavaScript JITs can and have been exploited by attackers to target users, including members of marginalized and at-risk populations. The goal of this project is to build and deploy more secure JavaScript JITs. To this end, the investigators will develop new techniques, frameworks, and principles that (1) help browser developers build JIT compilers that are provably secure and (2) don't incur the high costs and development timelines traditionally associated with high-assurance software. If successful, this project will improve security for the hundreds of millions of people who surf the web every day. The project will: (1) empirically evaluate JIT security, identifying the JIT components that are most vulnerable to attackers and most crucial to browser performance; (2) formalize what security and correctness mean for various parts of the JIT; (3) modify and extend existing JIT compilers to find and fix bugs, and provide formal guarantees of security for components under active attack today; and, finally, (4) rethink the way that browsers execute JavaScript programs from the ground up, by designing and building new JavaScript interpreters and compilers that are extensible, maintainable, and secure. The project will yield new innovations in the design of programming languages and verification frameworks, and as a result will empower browser developers to write safer JIT compilers with less work.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
浏览器运行现代社会所依赖的复杂Web应用程序。浏览器供应商竭尽全力使Web应用程序在用户机器上高效运行,使用即时(JIT)编译器将用JavaScript编写的Web应用程序代码转换为优化的机器代码。不幸的是,JavaScript JIT中的错误已经成为Web平台安全性的最大威胁,也是Web连接设备最危险的攻击面。JavaScript JIT中的漏洞可以并且已经被攻击者利用来针对用户,包括边缘化和高危人群的成员。这个项目的目标是构建和部署更安全的JavaScript JIT。为此,研究人员将开发新的技术,框架和原则,(1)帮助浏览器开发人员构建可证明安全的JIT编译器,(2)不会产生传统上与高保证软件相关的高成本和开发时间表。如果成功,这个项目将提高每天上网的数亿人的安全性。 该项目将:(1)经验性地评估JIT安全性,识别最容易受到攻击者攻击和对浏览器性能最关键的JIT组件;(2)形式化安全性和正确性对JIT的各个部分意味着什么;(3)修改和扩展现有的JIT编译器以发现和修复错误,并为当前受到主动攻击的组件提供形式化的安全保证;最后,(4)重新思考浏览器执行JavaScript程序的方式,通过设计和构建新的可扩展、可维护和安全的JavaScript解释器和编译器。该项目将在编程语言和验证框架的设计方面产生新的创新,从而使浏览器开发人员能够以更少的工作量编写更安全的JIT编译器。该奖项反映了NSF的法定使命,并通过使用基金会的智力价值和更广泛的影响审查标准进行评估,被认为值得支持。
项目成果
期刊论文数量(5)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI
- DOI:10.1145/3582016.3582023
- 发表时间:2023-03
- 期刊:
- 影响因子:0
- 作者:Shravan Narayan;Tal Garfinkel;Mohammadkazem Taram;Joey Rudek;D. Moghimi;Evan Johnson;Chris Fallin
- 通讯作者:Shravan Narayan;Tal Garfinkel;Mohammadkazem Taram;Joey Rudek;D. Moghimi;Evan Johnson;Chris Fallin
SoK: Practical Foundations for Software Spectre Defenses
SoK:软件幽灵防御的实用基础
- DOI:
- 发表时间:2022
- 期刊:
- 影响因子:0
- 作者:Sunjay Cauligi, Craig Disselkoen
- 通讯作者:Sunjay Cauligi, Craig Disselkoen
Flux: Liquid Types for Rust
助焊剂:用于防锈的液体类型
- DOI:10.1145/3591283
- 发表时间:2023
- 期刊:
- 影响因子:0
- 作者:Lehmann, Nico;Geller, Adam T.;Vazou, Niki;Jhala, Ranjit
- 通讯作者:Jhala, Ranjit
Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI
无需纳税的隔离:WebAssembly 和 SFI 的近乎零成本转换
- DOI:10.1145/3498688
- 发表时间:2022
- 期刊:
- 影响因子:0
- 作者:Kolosick, Matthew;Narayan, Shravan;Johnson, Evan;Watt, Conrad;LeMay, Michael;Garg, Deepak;Jhala, Ranjit;Stefan, Deian
- 通讯作者:Stefan, Deian
WaVe: a verifiably secure WebAssembly sandboxing runtime
- DOI:10.1109/sp46215.2023.10179357
- 发表时间:2023-05
- 期刊:
- 影响因子:0
- 作者:Evan Johnson;Evan Laufer;Zijie Zhao;D. Gohman;Shravan Narayan;S. Savage;D. Stefan;Fraser Brown-Fraser-Brow
- 通讯作者:Evan Johnson;Evan Laufer;Zijie Zhao;D. Gohman;Shravan Narayan;S. Savage;D. Stefan;Fraser Brown-Fraser-Brow
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Hovav Shacham其他文献
Hovav Shacham的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Hovav Shacham', 18)}}的其他基金
TWC: Medium: Collaborative: Black-Box Evaluation of Cryptographic Entropy at Scale
TWC:媒介:协作:大规模密码熵的黑盒评估
- 批准号:
1937622 - 财政年份:2018
- 资助金额:
$ 172.99万 - 项目类别:
Standard Grant
TWC: Medium: Collaborative: Black-Box Evaluation of Cryptographic Entropy at Scale
TWC:媒介:协作:大规模密码熵的黑盒评估
- 批准号:
1410031 - 财政年份:2014
- 资助金额:
$ 172.99万 - 项目类别:
Standard Grant
InfoSec Scholars: Scholarship for Service
信息安全学者:服务奖学金
- 批准号:
1303328 - 财政年份:2013
- 资助金额:
$ 172.99万 - 项目类别:
Continuing Grant
CT-ISG: Memory Safety for Legacy Software, A Quantitative Approach
CT-ISG:遗留软件的内存安全,一种定量方法
- 批准号:
0831532 - 财政年份:2008
- 资助金额:
$ 172.99万 - 项目类别:
Continuing Grant
相似国自然基金
Research on Quantum Field Theory without a Lagrangian Description
- 批准号:24ZR1403900
- 批准年份:2024
- 资助金额:0.0 万元
- 项目类别:省市级项目
Cell Research
- 批准号:31224802
- 批准年份:2012
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research
- 批准号:31024804
- 批准年份:2010
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research (细胞研究)
- 批准号:30824808
- 批准年份:2008
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Research on the Rapid Growth Mechanism of KDP Crystal
- 批准号:10774081
- 批准年份:2007
- 资助金额:45.0 万元
- 项目类别:面上项目
相似海外基金
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
- 批准号:
2330940 - 财政年份:2024
- 资助金额:
$ 172.99万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317232 - 财政年份:2024
- 资助金额:
$ 172.99万 - 项目类别:
Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
- 批准号:
2338301 - 财政年份:2024
- 资助金额:
$ 172.99万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317233 - 财政年份:2024
- 资助金额:
$ 172.99万 - 项目类别:
Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
- 批准号:
2338302 - 财政年份:2024
- 资助金额:
$ 172.99万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
- 批准号:
2330941 - 财政年份:2024
- 资助金额:
$ 172.99万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models
协作研究:SaTC:核心:小型:迈向安全可信的树模型
- 批准号:
2413046 - 财政年份:2024
- 资助金额:
$ 172.99万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: EDU: RoCCeM: Bringing Robotics, Cybersecurity and Computer Science to the Middled School Classroom
合作研究:SaTC:EDU:RoCCeM:将机器人、网络安全和计算机科学带入中学课堂
- 批准号:
2312057 - 财政年份:2023
- 资助金额:
$ 172.99万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: CORE: Small: Investigation of Naming Space Hijacking Threat and Its Defense
协作研究:SaTC:核心:小型:命名空间劫持威胁及其防御的调查
- 批准号:
2317830 - 财政年份:2023
- 资助金额:
$ 172.99万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards a Privacy-Preserving Framework for Research on Private, Encrypted Social Networks
协作研究:SaTC:核心:小型:针对私有加密社交网络研究的隐私保护框架
- 批准号:
2318843 - 财政年份:2023
- 资助金额:
$ 172.99万 - 项目类别:
Continuing Grant