Collaborative Research: SaTC: CORE: Medium: End-to-end Verified Secure Sandboxed Systems

协作研究:SaTC:核心:中:端到端验证的安全沙盒系统

基本信息

  • 批准号:
    2154964
  • 负责人:
  • 金额:
    $ 30万
  • 依托单位:
  • 依托单位国家:
    美国
  • 项目类别:
    Standard Grant
  • 财政年份:
    2022
  • 资助国家:
    美国
  • 起止时间:
    2022-05-15 至 2026-04-30
  • 项目状态:
    未结题

项目摘要

Almost all software systems we use, from cloud-based server applications to client-side web browsers, are built by composing third-party code. Unfortunately, such composition is insecure and the source of countless attacks in the wild. Software sandboxing promises to confine third-party code and ensure that bugs in third-party code cannot compromise the whole system. However, existing sandboxing frameworks only reason about code running in the sandbox and thus their security guarantees don't extend to most real programs, which ultimately need to exit the sandbox to communicate with the outside world. This project will develop foundations, techniques, and frameworks for building end-to-end secure sandboxing systems that provide formal security guarantees even across the sandbox boundary. If successful, this project will let developers safely use and benefit from open source and third-party code, without needing to absorb all the risk. This will, in turn, address many of the security problems that arise when building large software systems and the ensuing financial and social costs associated with cyberattacks.The investigators will: (1) design novel type systems that will allow developers to explicitly encode sandbox boundary invariants and automatically generate boundary code that is secure by construction; (2) develop formal foundations for sandbox context-switching to characterize the confidentiality, integrity, and availability requirements of secure context-switching; and (3) develop a formal semantics for the interface between the sandbox runtime and the key operating system abstractions that are expose to sandboxed programs to communicate and perform I/O. Together, these formal foundations will be used to synthesize a verified-secure runtime system and portable system interface, which will allow sandboxed modules to safely interact with each other, the application, and operating system services. The project will yield new innovations in the design, implementation, and verification of secure sandboxing frameworks, and lead to new techniques and tools that will empower developers to build large-scale systems that are secure by construction.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
我们使用的几乎所有软件系统,从基于云的服务器应用程序到客户端Web浏览器,都是通过编写第三方代码构建的。不幸的是,这种组合是不安全的,并且是野外无数攻击的来源。软件沙箱承诺限制第三方代码,并确保第三方代码中的错误不会危及整个系统。然而,现有的沙盒框架只考虑在沙盒中运行的代码,因此它们的安全保证并不扩展到大多数真实的程序,这些程序最终需要退出沙盒才能与外部世界通信。该项目将开发用于构建端到端安全沙箱系统的基础,技术和框架,即使在沙箱边界上也能提供正式的安全保证。如果成功,这个项目将让开发人员安全地使用开源和第三方代码并从中受益,而无需承担所有风险。这将反过来解决在构建大型软件系统时出现的许多安全问题以及随之而来的与网络攻击相关的财务和社会成本。研究人员将:(1)设计新颖的类型系统,允许开发人员显式编码沙箱边界不变量,并自动生成通过构造安全的边界代码;(2)为沙箱上下文切换开发正式的基础,以表征安全上下文切换的机密性、完整性和可用性要求;以及(3)为沙箱运行时和关键操作系统抽象之间的接口开发正式的语义,这些抽象暴露给沙箱程序以进行通信和执行I/O.这些正式的基础将一起用于合成一个经过验证的安全运行时系统和可移植的系统接口,这将允许沙箱模块安全地相互交互,应用程序和操作系统服务。该项目将在安全沙盒框架的设计、实现和验证方面产生新的创新,并带来新的技术和工具,使开发人员能够构建安全的大规模系统。该奖项反映了NSF的法定使命,并通过使用基金会的知识价值和更广泛的影响审查标准进行评估,被认为值得支持。

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Fraser Brown其他文献

Lightweight, Modular Verification for WebAssembly-to-Native Instruction Selection
用于 WebAssembly 到 Native 指令选择的轻量级模块化验证
LifeJacket: verifying precise floating-point optimizations in LLVM
LifeJacket:验证 LLVM 中的精确浮点优化
  • DOI:
  • 发表时间:
    2016
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Andres Nötzli;Fraser Brown
  • 通讯作者:
    Fraser Brown
Play Within the Pre-registration Children's Nursing Curriculum Within the United Kingdom: A Content Analysis of Programme Specifications
  • DOI:
    10.1016/j.pedn.2018.01.013
  • 发表时间:
    2018-07-01
  • 期刊:
  • 影响因子:
  • 作者:
    David Stonehouse;Christine Piper;Michelle Briggs;Fraser Brown
  • 通讯作者:
    Fraser Brown
2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS)
2018年IEEE第24届并行与分布式系统国际会议(ICPADS)
  • DOI:
    10.1109/icpads44843.2018
  • 发表时间:
    2018
  • 期刊:
  • 影响因子:
    2
  • 作者:
    Marc Andrysco;Andres Nötzli;Fraser Brown;Ranjit Jhala;D. Stefan
  • 通讯作者:
    D. Stefan
Bounded Verification for Finite-Field-Blasting (In a Compiler for Zero Knowledge Proofs)
有限域爆破的有界验证(在零知识证明的编译器中)
  • DOI:
  • 发表时间:
    2023
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Alex Ozdemir;R. Wahby;Fraser Brown;Clark W. Barrett
  • 通讯作者:
    Clark W. Barrett

Fraser Brown的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

相似国自然基金

Research on Quantum Field Theory without a Lagrangian Description
  • 批准号:
    24ZR1403900
  • 批准年份:
    2024
  • 资助金额:
    0.0 万元
  • 项目类别:
    省市级项目
Cell Research
  • 批准号:
    31224802
  • 批准年份:
    2012
  • 资助金额:
    24.0 万元
  • 项目类别:
    专项基金项目
Cell Research
  • 批准号:
    31024804
  • 批准年份:
    2010
  • 资助金额:
    24.0 万元
  • 项目类别:
    专项基金项目
Cell Research (细胞研究)
  • 批准号:
    30824808
  • 批准年份:
    2008
  • 资助金额:
    24.0 万元
  • 项目类别:
    专项基金项目
Research on the Rapid Growth Mechanism of KDP Crystal
  • 批准号:
    10774081
  • 批准年份:
    2007
  • 资助金额:
    45.0 万元
  • 项目类别:
    面上项目

相似海外基金

Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
  • 批准号:
    2330940
  • 财政年份:
    2024
  • 资助金额:
    $ 30万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
  • 批准号:
    2317232
  • 财政年份:
    2024
  • 资助金额:
    $ 30万
  • 项目类别:
    Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
  • 批准号:
    2338301
  • 财政年份:
    2024
  • 资助金额:
    $ 30万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
  • 批准号:
    2317233
  • 财政年份:
    2024
  • 资助金额:
    $ 30万
  • 项目类别:
    Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
  • 批准号:
    2338302
  • 财政年份:
    2024
  • 资助金额:
    $ 30万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
  • 批准号:
    2330941
  • 财政年份:
    2024
  • 资助金额:
    $ 30万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models
协作研究:SaTC:核心:小型:迈向安全可信的树模型
  • 批准号:
    2413046
  • 财政年份:
    2024
  • 资助金额:
    $ 30万
  • 项目类别:
    Standard Grant
Collaborative Research: SaTC: EDU: RoCCeM: Bringing Robotics, Cybersecurity and Computer Science to the Middled School Classroom
合作研究:SaTC:EDU:RoCCeM:将机器人、网络安全和计算机科学带入中学课堂
  • 批准号:
    2312057
  • 财政年份:
    2023
  • 资助金额:
    $ 30万
  • 项目类别:
    Standard Grant
Collaborative Research: SaTC: CORE: Small: Investigation of Naming Space Hijacking Threat and Its Defense
协作研究:SaTC:核心:小型:命名空间劫持威胁及其防御的调查
  • 批准号:
    2317830
  • 财政年份:
    2023
  • 资助金额:
    $ 30万
  • 项目类别:
    Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards a Privacy-Preserving Framework for Research on Private, Encrypted Social Networks
协作研究:SaTC:核心:小型:针对私有加密社交网络研究的隐私保护框架
  • 批准号:
    2318843
  • 财政年份:
    2023
  • 资助金额:
    $ 30万
  • 项目类别:
    Continuing Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了