Collaborative Research: SaTC: EDU: Creating Windows Advanced Memory Corruption Attack and Defense Teaching Modules

协作研究：SaTC：EDU：创建 Windows 高级内存损坏攻击和防御教学模块

• 批准号: 2325452
• 负责人: Changchun Zou
• 金额: $ 7万
• 依托单位: The University of Central Florida Board of Trustees
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2325452&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; EDU; Creating

Microsoft Windows operating systems have a large market share and are pervasively used. As such, they are also major targets for cyberattacks, such as malware. It is critical to teach software security topics on the latest Windows versions. However, there are currently no systematic advanced software security education modules for the latest Windows system. The goal of this project is to develop advanced teaching modules on software security, particularly memory corruption attack and defense for the latest systems. A memory corruption attack triggers memory errors through malicious and delicate inputs and is often part of an advanced cyberattack. The developed teaching modules will help students understand how various security features of Windows compilers and linkers are used to fight against miscellaneous memory corruption attacks and their limitations. This will help prepare students for real-world bug hunting and software security.This project will achieve six objectives. 1. Innovating Armitage, an open-source graphical user interface front end of Metasploit, which is a tool used to identify security vulnerabilities. Armitage is an ideal open-source tool to demonstrate attacks and raise security awareness given its ease of use. 2. Developing defense modules on Exploit Protection features of the latest Windows. 3. Incorporating a variety of memory corruption vulnerabilities into a vulnerable chat server (VChat), which will be developed as a Visual C++ project, and developing corresponding attack teaching materials in Python. 4. Developing Metasploit modules in Ruby for all memory corruption attacks, which can be used with Armitage. The purpose of Metasploit modules is to demonstrate those attacks easily and motivate students to learn the principles. 5. Integrating developed teaching modules into related courses at the two participating institutions, University of Massachusetts Lowell and University of Central Florida. 6. Disseminating developed teaching modules, software and systems through a faculty development workshop, project websites, GitHub repositories, video tutorials, CLARK (a cybersecurity curriculum hosting platform), academic publications, and field trips as outreach venues to K-12 students.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

微软视窗操作系统占有很大的市场份额，并且被广泛使用。因此，它们也是恶意软件等网络攻击的主要目标。在最新的Windows版本上教授软件安全主题至关重要。然而，目前还没有针对最新Windows系统的系统化高级软件安全教育模块。该项目的目标是开发有关软件安全的高级教学模块，特别是最新系统的内存损坏攻击和防御。内存损坏攻击通过恶意和微妙的输入触发内存错误，通常是高级网络攻击的一部分。开发的教学模块将帮助学生了解如何使用Windows编译器和链接器的各种安全功能来对抗各种内存损坏攻击及其局限性。这将帮助学生为真实世界的错误搜索和软件安全做好准备。1.创新Armitage，Metasploit的开源图形用户界面前端，这是一个用于识别安全漏洞的工具。Armitage是一个理想的开源工具，可以演示攻击并提高安全意识，因为它易于使用。2.开发最新Windows漏洞利用保护功能的防御模块。3.将多种内存损坏漏洞封装成一个漏洞聊天服务器（VChat），将作为Visual C++项目开发，并在Python中开发相应的攻击教材。4.在Ruby中开发Metasploit模块，用于所有内存损坏攻击，可以与Armitage一起使用。Metasploit模块的目的是轻松演示这些攻击，并激励学生学习原理。5.将开发的教学模块纳入两个参与机构（马萨诸塞州洛厄尔大学和中央佛罗里达大学）的相关课程。6.通过教师发展研讨会、项目网站、GitHub存储库、视频教程、GTK，传播开发的教学模块、软件和系统（网络安全课程托管平台），学术出版物，和实地考察作为外展场地，以K-12名学生。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查进行评估，被认为值得支持的搜索.

项目成果

User Profiling Attack Using Windows Registry Data

使用 Windows 注册表数据进行用户分析攻击

• DOI: 10.1109/uemcon59035.2023.10315968
• 发表时间: 2023
• 期刊: Electronics & Mobile Communication Conference (UEMCON
• 作者: Amoruso, Edward L.;Zou, Cliff C.;Leinecker, Richard
• 通讯作者: Leinecker, Richard

FITS: Matching Camera Fingerprints Subject to Software Noise Pollution

• DOI: 10.1145/3576915.3616600
• 发表时间: 2023-11
• 期刊: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Liu Liu-Liu;Xinwen Fu;Xiaodong Chen;Jianpeng Wang;Zhongjie Ba;Feng Lin;Liwang Lu;Kui Ren

Random Segmentation: New Traffic Obfuscation against Packet-Size-Based Side-Channel Attacks

随机分段：针对基于数据包大小的侧通道攻击的新流量混淆

• DOI: 10.3390/electronics12183816
• 发表时间: 2023
• 期刊: Electronics
• 影响因子: 2.9
• 作者: Alyami, Mnassar;Alghamdi, Abdulmajeed;Alkhowaiter, Mohammed A.;Zou, Cliff;Solihin, Yan
• 通讯作者: Solihin, Yan