CAREER: Automatically Taming System Complexity with the Least-Authority Virtual Architecture

职业：使用最小权限虚拟架构自动降低系统复杂性

• 批准号: 2146537
• 负责人: Nathan Dautenhahn
• 金额: $ 63万
• 依托单位: William Marsh Rice University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2146537&HistoricalAwards=false
• 关键词: CAREER; Automatically; Taming; System; Complexity

Today's computing systems resemble a modern day Titanic. They are huge, easy to penetrate, and structured without sufficient isolation. Attackers exploit weak outer shells and instantly gain access to the whole system. For example, malware such as SolarWinds or Stuxnet has penetrated deeply into government and corporate systems to leak, control, or corrupt sensitive information such as nuclear control systems, finances, or state secrets. Breaches like this cost billions of dollars per year across the public and private sectors. LAVA addresses this problem by automatically partitioning systems into limited-access compartments and introduces mechanisms to ensure decomposed software elements cannot corrupt each other while efficiently allowing legitimate interactions and discovering attacker behavior. All prototypes will be released as open source artifacts that can be used by non-expert end users. New findings will be incorporated in Rice University security courses. A mini-series of Arduino based lectures and labs will be released with security challenges and taught through the Rice REMSL program as well as homeschool communities to engage elementary aged children.Determining required access and capabilities for users of complex systems is challenging. For example, the Linux kernel has over 200 modules and would require over 40000 unique access control decisions. LAVA (Least-Authority Virtual Architecture) suggests the radical view of an end-to-end compiler and runtime framework for analyzing, optimizing, transforming, and enforcing compartmentalized systems. There are three primary challenges and objectives. First, how to scale to large numbers of objects and users without complete system expertise? LAVA addresses this with a new unified representation and analysis framework that is mapped from source code to target runtime and enforcement mechanisms. Second, how to enhance security with fine-grained compartments without degrading performance? LAVA's novel runtime architecture provides efficient yet secure system isolation using a combination of new mechanisms and portable translation layers to optimize policies. Third, how to monitor attackers that easily cloak themselves inside of black box applications? LAVA extends the enforcement monitor with provenance tracing that is capable of deploying security policies as well as tracking and investigating attacker behavior. The overall outcome is an efficient and powerful in-process monitoring facility that can detect sophisticated cloaked threats in real systems. Programs can go from monitoring a few objects to monitoring the majority. The project will contribute analysis frameworks, compiler extensions, and a security monitor with appropriate abstractions and protection mechanisms to make protection fine-grained and fast.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

今天的计算机系统就像现代的泰坦尼克号。它们巨大，容易渗透，结构没有足够的隔离。攻击者利用脆弱的外壳并立即访问整个系统。例如，SolarWinds或Stuxnet等恶意软件已经深入渗透到政府和企业系统中，以泄漏、控制或破坏敏感信息，如核控制系统、财务或国家机密。像这样的违规行为每年在公共和私营部门造成数十亿美元的损失。LAVA通过自动将系统划分为访问受限的隔间来解决这个问题，并引入了一些机制来确保分解的软件元素不会相互破坏，同时有效地允许合法的交互和发现攻击者的行为。所有原型都将作为开源工件发布，可供非专业最终用户使用。新的研究结果将被纳入赖斯大学的安全课程。一个基于Arduino的小型系列讲座和实验室将发布安全挑战，并通过Rice REMSL计划以及家庭学校社区进行教学，以吸引小学年龄的儿童。确定复杂系统用户所需的访问权限和功能具有挑战性。例如，Linux内核有200多个模块，需要40000多个唯一的访问控制决策。LAVA（Least-Authority Virtual Architecture，最小权限虚拟架构）提出了一种端到端编译器和运行时框架的激进观点，用于分析，优化，转换和执行分区系统。有三个主要挑战和目标。首先，如何在没有完整的系统专业知识的情况下扩展到大量对象和用户？LAVA通过一个新的统一表示和分析框架来解决这个问题，该框架从源代码映射到目标运行时和执行机制。第二，如何在不降低性能的情况下，通过细粒度分隔来增强安全性？LAVA的新颖的运行时架构使用新机制和可移植的翻译层的组合来优化策略，从而提供高效而安全的系统隔离。第三，如何监控那些很容易隐藏在黑盒应用程序中的攻击者？LAVA通过溯源跟踪扩展了执行监视器，能够部署安全策略以及跟踪和调查攻击者行为。总体结果是一个高效和强大的过程中的监测设施，可以检测复杂的隐藏在真实的系统中的威胁。程序可以从监视少数对象到监视大多数对象。该项目将贡献分析框架、编译器扩展和具有适当抽象和保护机制的安全监视器，以实现细粒度和快速的保护。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。