CRII: SaTC: Towards Detecting and Mitigating Vulnerabilities

CRII:SaTC:致力于检测和缓解漏洞

基本信息

  • 批准号:
    2153474
  • 负责人:
  • 金额:
    $ 17.49万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
    Standard Grant
  • 财政年份:
    2022
  • 资助国家:
    美国
  • 起止时间:
    2022-07-01 至 2024-08-31
  • 项目状态:
    已结题

项目摘要

This award is funded in whole or in part under the American Rescue Plan Act of 2021 (Public Law 117-2).Numerous real-world attacks exploit software vulnerabilities to compromise computer systems such as servers, desktops, smart phones, and Internet of Things (IoT) devices. Recent studies show that it is challenging to detect vulnerabilities accurately and patch vulnerabilities rapidly. State-of-the-art techniques can mitigate unpatched vulnerabilities effectively, but they usually sacrifice the availability of systems. The goal of this project is to improve vulnerability detection and mitigation. The project’s novelties are two-fold. First, the project team is developing an approach to significantly increasing the accuracy of vulnerability detection. Second, the project team is developing an approach to substantially reducing the availability loss of vulnerability mitigation. The project's broader significance and importance are that 1) the approaches developed by the project can be used by other projects addressing vulnerabilities, 2) the outcome of the project can help the software industry in designing mechanisms to detect vulnerabilities and defend against vulnerability exploits; and 3) the project is tightly integrated with undergraduate-level and graduate-level curriculum development and student advising. A diverse group of undergraduate and graduate students are participating in the project and developing their interests and expertise in software security.The project aims to develop an accurate vulnerability-detection technique and an unobtrusive vulnerability-mitigation technique. To improve the accuracy, the vulnerability-detection technique uses vulnerability conditions, each of which captures the intrinsic characteristics of a type of vulnerabilities, to detect vulnerabilities. To reduce the availability loss, the vulnerability-mitigation technique uses basic blocks and program paths as the granularity of vulnerability mitigation. The project consists of three key tasks: 1) designing a scheme for encoding vulnerability conditions, 2) developing a technique based on fuzzing to detect vulnerabilities using vulnerability conditions, and 3) developing a technique based on code-disabling to mitigates vulnerabilities at the granularity of basic blocks and program paths. The major contributions of the project include the design of the techniques, prototype implementations of the techniques, and an evaluation of the implementations with real-world vulnerabilities.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
该奖项全部或部分由《2021年美国救援计划法案》(公法117-2)资助。许多现实世界的攻击利用软件漏洞来破坏计算机系统,如服务器、台式机、智能手机和物联网(IoT)设备。近年来的研究表明,准确检测漏洞并快速修补漏洞是一项具有挑战性的工作。最先进的技术可以有效地缓解未修补的漏洞,但它们通常会牺牲系统的可用性。这个项目的目标是改进漏洞检测和缓解。这个项目的新奇之处有两方面。首先,项目团队正在开发一种方法来显著提高漏洞检测的准确性。第二,项目团队正在开发一种方法,以大大减少脆弱性缓解的可用性损失。该项目更广泛的意义和重要性在于:1)项目开发的方法可以被其他解决漏洞的项目使用;2)项目的成果可以帮助软件行业设计漏洞检测和防御漏洞利用的机制;3)项目与本科和研究生阶段的课程开发和学生辅导紧密结合。一群不同的本科生和研究生正在参与这个项目,并在软件安全方面发展他们的兴趣和专业知识。该项目旨在开发一种准确的漏洞检测技术和一种不显眼的漏洞缓解技术。为了提高准确性,漏洞检测技术使用漏洞条件来检测漏洞,每个漏洞条件捕获一种漏洞的内在特征。为了减少可用性损失,漏洞缓解技术使用基本块和程序路径作为漏洞缓解的粒度。该项目包括三个关键任务:1)设计漏洞条件编码方案;2)开发基于模糊的技术,利用漏洞条件检测漏洞;3)开发基于代码禁用的技术,在基本块和程序路径粒度上减轻漏洞。该项目的主要贡献包括技术的设计、技术的原型实现,以及对具有现实世界漏洞的实现的评估。该奖项反映了美国国家科学基金会的法定使命,并通过使用基金会的知识价值和更广泛的影响审查标准进行评估,被认为值得支持。

项目成果

期刊论文数量(2)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Multiclass Classification of Software Vulnerabilities with Deep Learning
Runtime Recovery for Integer Overflows
{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Zhen Huang其他文献

MFM: A Multi-level Fused Sequence Matching Model for Candidates Filtering in Multi-paragraphs Question-Answering
MFM:一种多级融合序列匹配模型,用于多段落问答中的候选者过滤
  • DOI:
    10.1007/978-3-030-00764-5_41
  • 发表时间:
    2018
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Yang Liu;Zhen Huang;Minghao Hu;Shuyang Du;Yuxing Peng;Dongsheng Li;Xu Wang
  • 通讯作者:
    Xu Wang
An experimental study of injection and spray characteristics of diesel and gasoline blends on a common rail injection system
共轨喷射系统柴油和汽油混合物喷射和喷雾特性的实验研究
  • DOI:
    10.1016/j.energy.2014.08.006
  • 发表时间:
    2014-10
  • 期刊:
  • 影响因子:
    9
  • 作者:
    Chunhai Wang;Yaozong Duan;Zhisong Tian;Zhen Huang
  • 通讯作者:
    Zhen Huang
Characteristics of primary stabbing headache in a tertiary neurological clinic in China.
我国某三级神经科诊所原发性刺痛性头痛的特点。
  • DOI:
    10.1111/pme.12361
  • 发表时间:
    2014
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Xiping Liang;Gu Ying;Qingqing Huang;Jing Wang;Nan Li;G. Tan;T. R. Zhang;Zhen Huang;Jiying Zhou
  • 通讯作者:
    Jiying Zhou
Investigation of the relationship between electronic properties and reactivity of 3DOM LaFe1 − xCoxO3 for methane reforming to produce syngas
3DOM LaFe1 – xCoxO3 甲烷重整制合成气的电子性质与反应性关系的研究
  • DOI:
    10.1002/er.4736
  • 发表时间:
    2019-07
  • 期刊:
  • 影响因子:
    4.6
  • 作者:
    Kun Zhao;Jing Chen;Haibin Li;Anqing Zheng;Zhen Huang;Guoqiang Wei;Kun Zhao;Xiaobo Wang
  • 通讯作者:
    Xiaobo Wang
Effects of Brn‐4 on the neuronal differentiation of neural stem cells derived from rat midbrain
Brn-4对大鼠中脑神经干细胞神经元分化的影响
  • DOI:
  • 发表时间:
    2010
  • 期刊:
  • 影响因子:
    3.9
  • 作者:
    X. Tan;J. Qin;G. Jin;Meiling Tian;Haoming Li;Huixia Zhu;Xinhua Zhang;Jin Shi;Zhen Huang
  • 通讯作者:
    Zhen Huang

Zhen Huang的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Zhen Huang', 18)}}的其他基金

I-Corps: Selenium Nucleic Acids for Structure Determination, Drug Discovery and Commercialization
I-Corps:用于结构测定、药物发现和商业化的硒核酸
  • 批准号:
    1340153
  • 财政年份:
    2013
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
SBIR Phase II: Energy Efficient COD Removal and De-nitrification for Re-circulating Aquaculture Facilities with a Combined Bio-electrochemical Process
SBIR 第二阶段:采用组合生物电化学工艺对再循环水产养殖设施进行节能 COD 去除和反硝化
  • 批准号:
    1127435
  • 财政年份:
    2011
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
Atom-specific Selenium Derivatization of Nucleic Acids for Crystallization and Structure Studies
用于结晶和结构研究的核酸原子特异性硒衍生化
  • 批准号:
    0824837
  • 财政年份:
    2008
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Continuing Grant
New Paradigm of Nucleic Acids Engineered with Selenium
用硒设计的核酸的新范例
  • 批准号:
    0750235
  • 财政年份:
    2008
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Continuing Grant
Systematic Derivatization of Nucleic Acids with Selenium for X-ray Crystallography
用于 X 射线晶体学的硒系统核酸衍生化
  • 批准号:
    0517092
  • 财政年份:
    2005
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Continuing Grant

相似海外基金

CRII: SaTC: Towards a Secure and Efficient Ethereum P2P Network with Client Diversity
CRII:SaTC:迈向具有客户端多样性的安全高效的以太坊 P2P 网络
  • 批准号:
    2347486
  • 财政年份:
    2024
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
CRII: SaTC: Towards Understanding the Robustness of Graph Neural Networks against Graph Perturbations
CRII:SaTC:了解图神经网络对抗图扰动的鲁棒性
  • 批准号:
    2241713
  • 财政年份:
    2023
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
CRII: SaTC: Towards Understanding and Defending Against New Waves of Online Hate
CRII:SaTC:理解和防御新一波的网络仇恨
  • 批准号:
    2245983
  • 财政年份:
    2023
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
CRII: SaTC: Towards Data-effective and Cost-efficient Security Attack Detections
CRII:SaTC:迈向数据有效且经济高效的安全攻击检测
  • 批准号:
    2245968
  • 财政年份:
    2023
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
CRII: SaTC: RUI: Towards Trustworthy and Accountable IoT Data Marketplaces
CRII:SaTC:RUI:迈向值得信赖和负责任的物联网数据市场
  • 批准号:
    2153464
  • 财政年份:
    2022
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
CRII: SaTC: Towards Trustworthy and Accountable IoT Data Marketplaces
CRII:SaTC:迈向值得信赖和负责任的物联网数据市场
  • 批准号:
    2231085
  • 财政年份:
    2022
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
CRII: SaTC: Towards Secure and Privacy-preserving Input on Augmented Reality Systems
CRII:SaTC:增强现实系统的安全和隐私保护输入
  • 批准号:
    2153397
  • 财政年份:
    2022
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
CRII: SaTC: Towards Understanding Typing Privacy: Vulnerabilities and Protection
CRII:SaTC:了解打字隐私:漏洞和保护
  • 批准号:
    1948547
  • 财政年份:
    2020
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
CRII: SaTC: Towards Efficient and Scalable Crowdsourced Vulnerability-Discovery using Bug-Bounty Programs
CRII:SaTC:使用错误赏金计划实现高效且可扩展的众包漏洞发现
  • 批准号:
    1850510
  • 财政年份:
    2019
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
CRII: SaTC: Towards Secure Wide-area Localization
CRII:SaTC:迈向安全的广域本地化
  • 批准号:
    1850264
  • 财政年份:
    2019
  • 资助金额:
    $ 17.49万
  • 项目类别:
    Standard Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了