Collaborative Research: SaTC: CORE: Medium: Refine the Gap: Establishing Safety for Modern Foreign Function Interfaces
协作研究:SaTC:核心:中:缩小差距:为现代外部功能接口建立安全性
基本信息
- 批准号:2327337
- 负责人:
- 金额:$ 30万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Continuing Grant
- 财政年份:2023
- 资助国家:美国
- 起止时间:2023-10-01 至 2027-09-30
- 项目状态:未结题
- 来源:
- 关键词:
项目摘要
Developers of widely used software infrastructure like the Firefox, Chrome, and Linux are replacing components written in unsafe but fast languages like C/C++ with components written in Rust. Rust promises to eliminate the security vulnerabilities endemic to C/C++ codebases without compromising on performance. Alas, completely rewriting real-world software systems is not practical: Firefox, Chrome, and Linux are tens of millions of C/C++ code. Instead, Rust components must continue to interact with existing C/C++ code. In practice, this requires developers to write code that glues Rust and C/C++. Unfortunately, this glue code is notoriously difficult to write correctly: code at the language boundary can both introduce errors in previously safe code and impose new unchecked requirements, threatening the security of both the Rust code and the containing C/ C++ ecosystem. This project will address these challenges by building new abstractions, techniques, and tools that will help developers securely integrate Rust components within C/C++ applications (and vice versa). This research will span the spectrum from new theoretical and formal ideas to the deployment and integration of this technology in real-world software. The project has the potential to directly improve the security of software infrastructure used by billions of users, including Firefox, Chrome, and Linux. The project will also contribute to the graduate, undergraduate, and high school curriculum, introducing future developers to techniques and tools for building secure software.This project takes a principled and practical approach to building secure systems software by securing the glue layer between C/C++ and Rust and the foreign function interface (FFI) developers used to write this glue code. To accomplish these goals, this project will (1) build novel static analysis tools for the Rust ecosystem, which work in tandem with human auditing to detect, triage, and classify major weaknesses in existing FFIs; (2) build novel abstractions for the FFI layer based on refinement types to describe and automatically check memory safety and type safety properties at the FFI layer, and eliminate the ad-hoc glue code at the FFI layer; (3) build a lightweight sandboxing layer for calling C/C++ code from Rust, leveraging prior sandboxing mechanisms but marrying their abstractions with Rust's ownership type system. This research will yield new insights into the safety and security gaps in modern multi-language systems; contribute to the understanding of how refinement types can integrate with a modern memory-safe type system and mutability constraints; and develop our understanding of how modern security techniques -- including static analysis, type systems, and sandboxing -- are applicable to the Rust ecosystem and ownership model.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
Firefox、Chrome和Linux等广泛使用的软件基础设施的开发人员正在用Rust编写的组件替换用不安全但快速的语言(如C/C++)编写的组件。Rust承诺消除C/C++代码库特有的安全漏洞,而不会影响性能。唉,完全重写现实世界的软件系统是不切实际的:Firefox、Chrome和Linux都是数千万的C/C++代码。相反,Rust组件必须继续与现有的C/C++代码交互。实际上,这需要开发人员编写将Rust和C/C++粘合在一起的代码。不幸的是,这种粘合代码非常难以正确编写:语言边界的代码既可以在以前安全的代码中引入错误,又可以强加新的未经检查的要求,从而威胁到Rust代码和包含的C/ C++生态系统的安全性。该项目将通过构建新的抽象、技术和工具来解决这些挑战,这些抽象、技术和工具将帮助开发人员在C/C++应用程序中安全地集成Rust组件(反之亦然)。这项研究将跨越从新的理论和正式的想法,以部署和在现实世界的软件中集成这项技术的频谱。该项目有可能直接提高数十亿用户使用的软件基础设施的安全性,包括Firefox、Chrome和Linux。该项目还将为研究生、本科生和高中课程做出贡献,向未来的开发人员介绍构建安全软件的技术和工具。该项目通过保护C/C++和Rust之间的粘合层以及用于编写粘合代码的外部函数接口(FFI)开发人员,采取原则性和实用性的方法来构建安全系统软件。为了实现这些目标,该项目将(1)为Rust生态系统构建新的静态分析工具,这些工具与人工审计协同工作,以检测、分类和分类现有FFI中的主要弱点;(2)基于精化类型为FFI层构建新颖的抽象,以描述并自动检查FFI层处的存储器安全和类型安全属性,并消除FFI层的ad-hoc胶水代码;(3)构建一个轻量级的沙箱层,用于从Rust调用C/C++代码,利用先前的沙箱机制,但将其抽象与Rust的所有权类型系统相结合。这项研究将对现代多语言系统中的安全性和安全性差距产生新的见解;有助于理解精化类型如何与现代内存安全类型系统和可变性约束集成;并发展我们对现代安全技术的理解--包括静态分析,类型系统,该奖项反映了NSF的法定使命,并通过使用基金会的知识价值和更广泛的影响审查标准进行评估,被认为值得支持。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Shravan Narayan其他文献
Browser history re: visited
浏览器历史记录回复:访问过
- DOI:
- 发表时间:
2018 - 期刊:
- 影响因子:0
- 作者:
Michael Smith;Craig Disselkoen;Shravan Narayan;Fraser Brown;D. Stefan - 通讯作者:
D. Stefan
Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution
Half&Half:揭秘英特尔定向分支预测器,实现快速、安全的分区执行
- DOI:
10.1109/sp46215.2023.10179309 - 发表时间:
2023 - 期刊:
- 影响因子:0
- 作者:
Hosein Yavarzadeh;Mohammadkazem Taram;Shravan Narayan;D. Stefan;D. Tullsen - 通讯作者:
D. Tullsen
The Road to Less Trusted Code: Lowering the Barrier to In-Process Sandboxing
通往不太受信任的代码之路:降低进程内沙箱的障碍
- DOI:
- 发表时间:
2020 - 期刊:
- 影响因子:0
- 作者:
Tal Garfinkel;Shravan Narayan;Craig Disselkoen;H. Shacham;D. Stefan - 通讯作者:
D. Stefan
Towards verified programming of embedded devices
迈向嵌入式设备的验证编程
- DOI:
- 发表时间:
2019 - 期刊:
- 影响因子:0
- 作者:
J. Talpin;Jean;Shravan Narayan;D. Stefan;Rajesh K. Gupta - 通讯作者:
Rajesh K. Gupta
Shravan Narayan的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
相似国自然基金
Research on Quantum Field Theory without a Lagrangian Description
- 批准号:24ZR1403900
- 批准年份:2024
- 资助金额:0.0 万元
- 项目类别:省市级项目
Cell Research
- 批准号:31224802
- 批准年份:2012
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research
- 批准号:31024804
- 批准年份:2010
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research (细胞研究)
- 批准号:30824808
- 批准年份:2008
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Research on the Rapid Growth Mechanism of KDP Crystal
- 批准号:10774081
- 批准年份:2007
- 资助金额:45.0 万元
- 项目类别:面上项目
相似海外基金
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317232 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
- 批准号:
2330940 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
- 批准号:
2338301 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317233 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
- 批准号:
2338302 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
- 批准号:
2330941 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models
协作研究:SaTC:核心:小型:迈向安全可信的树模型
- 批准号:
2413046 - 财政年份:2024
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: EDU: Adversarial Malware Analysis - An Artificial Intelligence Driven Hands-On Curriculum for Next Generation Cyber Security Workforce
协作研究:SaTC:EDU:对抗性恶意软件分析 - 下一代网络安全劳动力的人工智能驱动实践课程
- 批准号:
2230609 - 财政年份:2023
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: EDU: RoCCeM: Bringing Robotics, Cybersecurity and Computer Science to the Middled School Classroom
合作研究:SaTC:EDU:RoCCeM:将机器人、网络安全和计算机科学带入中学课堂
- 批准号:
2312057 - 财政年份:2023
- 资助金额:
$ 30万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: CORE: Medium: Understanding the Impact of Privacy Interventions on the Online Publishing Ecosystem
协作研究:SaTC:核心:媒介:了解隐私干预对在线出版生态系统的影响
- 批准号:
2237329 - 财政年份:2023
- 资助金额:
$ 30万 - 项目类别:
Standard Grant