Tools and trade-offs for security adaptation

安全适应的工具和权衡

基本信息

  • 批准号:
    RGPIN-2015-06048
  • 负责人:
  • 金额:
    $ 2.11万
  • 依托单位:
  • 依托单位国家:
    加拿大
  • 项目类别:
    Discovery Grants Program - Individual
  • 财政年份:
    2020
  • 资助国家:
    加拿大
  • 起止时间:
    2020-01-01 至 2021-12-31
  • 项目状态:
    已结题

项目摘要

From Web browsers to industrial control systems, software is increasingly subject to attacks it was not designed to defend against. As the complexity of application requirements increases, developers incorporate modules with different provenance from their own code into hostile, Internet-connected environments, introducing new attack vectors into widely-deployed systems. For instance, the open-source FFmpeg project allows users to manipulate and convert various formats of audio/video content. Users have trusted FFmpeg on their own computers for years, but when integrated into the Chrome Web browser and exposed to arbitrary content on the Internet, over a thousand previously-undetected security vulnerabilities were brought to light. Industrial control systems (ICSs) incorporate third-party software to provide modern functionality such as Web interfaces, but this software can introduce security vulnerabilities such as Heartbleed. The risks introduced by software composition cannot be simply eliminated by purging all untrustworthy code. First, much "risky" code - such as media codecs in Web browsers - provides essential functionality and cannot be expunged, so re-writing would be required (causing extreme duplication of effort). Second, re-writing software may itself introduce vulnerabilities: a performant codec requires low-level, inherently risky code, so a new version might simply introduce different vulnerabilities than the first. For this reason, the US Department of Homeland Security advises ICS vendors to employ third-party Web servers rather than write their own: the third parties are better at sanitizing network inputs. Modern operating systems, programming languages and - increasingly - processors provide us with tools for securing software, but most existing software cannot benefit from them without substantial re-writing. Since we have determined that we cannot purge or re-write this software, we must instead adapt it. This research program will develop tools and technique for adapting existing software to use new security features. The goal is to turn current asymmetries on their heads: whereas today a minority of applications are protected, we will seek to enable the majority to use modern security features to protect users. This will give defenders, rather than attackers, the position of natural superiority and give users a chance at protecting their data well by default.
从网络浏览器到工业控制系统,软件越来越多地受到其设计初衷无法防御的攻击。随着应用程序需求的复杂性增加,开发人员将来自自己代码的不同来源的模块合并到敌对的互联网连接环境中,从而将新的攻击向量引入到广泛部署的系统中。例如,开源 FFmpeg 项目允许用户操作和转换各种格式的音频/视频内容。多年来,用户一直在自己的计算机上信任 FFmpeg,但当集成到 Chrome Web 浏览器并暴露于互联网上的任意内容时,一千多个以前未检测到的安全漏洞被暴露出来。工业控制系统 (ICS) 结合了第三方软件来提供 Web 界面等现代功能,但该软件可能会引入 Heartbleed 等安全漏洞。 软件组合带来的风险不能简单地通过清除所有不可信代码来消除。首先,许多“有风险”的代码(例如 Web 浏览器中的媒体编解码器)提供了基本功能并且无法删除,因此需要重新编写(导致极大的重复工作)。其次,重写软件本身可能会引入漏洞:高性能编解码器需要低级、固有风险的代码,因此新版本可能会引入与第一个版本不同的漏洞。因此,美国国土安全部建议 ICS 供应商使用第三方 Web 服务器,而不是自己编写:第三方更擅长净化网络输入。 现代操作系统、编程语言以及越来越多的处理器为我们提供了保护软件的工具,但大多数现有软件如果不进行大量重写就无法从中受益。由于我们确定无法清除或重写此软件,因此我们必须对其进行调整。该研究计划将开发工具和技术,使现有软件能够使用新的安全功能。我们的目标是扭转当前的不对称现象:虽然今天少数应用程序受到保护,但我们将寻求使大多数应用程序能够使用现代安全功能来保护用户。这将为防御者(而不是攻击者)提供天然优势,并让用户有机会在默认情况下很好地保护自己的数据。

项目成果

期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

数据更新时间:{{ journalArticles.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ monograph.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ sciAawards.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ conferencePapers.updateTime }}

{{ item.title }}
  • 作者:
    {{ item.author }}

数据更新时间:{{ patent.updateTime }}

Anderson, Jonathan其他文献

Effect of precursor stoichiometry on morphology, phase purity, and texture formation of hot filament CVD diamond films grown on Si (100) substrate
前驱体化学计量对 Si (100) 基底上生长的热丝 CVD 金刚石薄膜的形貌、相纯度和织构形成的影响
Outcomes of dogs with recurrent idiopathic pericardial effusion treated with a 3-port right-sided thoracoscopic subtotal pericardiectomy
  • DOI:
    10.1111/vsu.13223
  • 发表时间:
    2019-08-01
  • 期刊:
  • 影响因子:
    1.8
  • 作者:
    Michelotti, Kurt P.;Youk, Ada;Anderson, Jonathan
  • 通讯作者:
    Anderson, Jonathan
Aortic Valve Calcium Score Is Associated With Acute Stroke in Transcatheter Aortic Valve Replacement Patients.
  • DOI:
    10.1016/j.jscai.2022.100349
  • 发表时间:
    2022-07
  • 期刊:
  • 影响因子:
    0
  • 作者:
    Foley, Michael;Hall, Kerry;Howard, James P;Ahmad, Yousif;Gandhi, Manisha;Mahboobani, Samir;Okafor, Joseph;Rahman, Haseeb;Hadjiloizou, Nearchos;Ruparelia, Neil;Mikhail, Ghada;Malik, Iqbal;Kanaganayagam, Gajen;Sutaria, Nilesh;Rana, Bushra;Ariff, Ben;Barden, Edward;Anderson, Jonathan;Afoke, Jonathan;Petraco, Ricardo;Al-Lamee, Rasha;Sen, Sayan
  • 通讯作者:
    Sen, Sayan
Cost-Effectiveness of Adult Circumcision in a Resource-Rich Setting for HIV Prevention among Men Who Have Sex with Men
  • DOI:
    10.1086/648472
  • 发表时间:
    2009-12-15
  • 期刊:
  • 影响因子:
    6.4
  • 作者:
    Anderson, Jonathan;Wilson, David;Kaldor, John
  • 通讯作者:
    Kaldor, John
Estimating the cost-effectiveness of needle-syringe programs in Australia
  • DOI:
    10.1097/qad.0b013e3283578b5d
  • 发表时间:
    2012-11-13
  • 期刊:
  • 影响因子:
    3.8
  • 作者:
    Kwon, Jisoo A.;Anderson, Jonathan;Wilson, David P.
  • 通讯作者:
    Wilson, David P.

Anderson, Jonathan的其他文献

{{ item.title }}
{{ item.translation_title }}
  • DOI:
    {{ item.doi }}
  • 发表时间:
    {{ item.publish_year }}
  • 期刊:
  • 影响因子:
    {{ item.factor }}
  • 作者:
    {{ item.authors }}
  • 通讯作者:
    {{ item.author }}

{{ truncateString('Anderson, Jonathan', 18)}}的其他基金

Tools and trade-offs for security adaptation
安全适应的工具和权衡
  • 批准号:
    RGPIN-2015-06048
  • 财政年份:
    2021
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Discovery Grants Program - Individual
Tools and trade-offs for security adaptation
安全适应的工具和权衡
  • 批准号:
    RGPIN-2015-06048
  • 财政年份:
    2019
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Discovery Grants Program - Individual
Tools and trade-offs for security adaptation
安全适应的工具和权衡
  • 批准号:
    RGPIN-2015-06048
  • 财政年份:
    2018
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Discovery Grants Program - Individual
Tools and trade-offs for security adaptation
安全适应的工具和权衡
  • 批准号:
    RGPIN-2015-06048
  • 财政年份:
    2017
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Discovery Grants Program - Individual
Efficient Modeling of Microwave Circuits for Applications in Imaging Systems
用于成像系统应用的微波电路的高效建模
  • 批准号:
    497949-2016
  • 财政年份:
    2016
  • 资助金额:
    $ 2.11万
  • 项目类别:
    University Undergraduate Student Research Awards
Tools and trade-offs for security adaptation
安全适应的工具和权衡
  • 批准号:
    RGPIN-2015-06048
  • 财政年份:
    2016
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Discovery Grants Program - Individual
Tools and trade-offs for security adaptation
安全适应的工具和权衡
  • 批准号:
    RGPIN-2015-06048
  • 财政年份:
    2015
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Discovery Grants Program - Individual
Noise Characterization for Side Channel Attacks on Stream Cipher Hardware
流密码硬件上的侧信道攻击的噪声特征
  • 批准号:
    332401-2008
  • 财政年份:
    2010
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Postgraduate Scholarships - Doctoral
Noise Characterization for Side Channel Attacks on Stream Cipher Hardware
流密码硬件上的侧信道攻击的噪声特征
  • 批准号:
    332401-2008
  • 财政年份:
    2009
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Postgraduate Scholarships - Doctoral
Noise Characterization for Side Channel Attacks on Stream Cipher Hardware
流密码硬件上的侧信道攻击的噪声特征
  • 批准号:
    332401-2008
  • 财政年份:
    2008
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Postgraduate Scholarships - Doctoral

相似国自然基金

亚纳米COF界面自组装镶嵌膜突破离子膜传导性和选择性trade-off效应
  • 批准号:
  • 批准年份:
    2021
  • 资助金额:
    60 万元
  • 项目类别:
    面上项目
金属功能基元序构的新型有序多孔材料及突破气体分离trade-off的新机制研究
  • 批准号:
  • 批准年份:
    2021
  • 资助金额:
    65 万元
  • 项目类别:
    重大研究计划
一株海洋细菌的抗噬菌体突变及对自身代谢的trade-off效应
  • 批准号:
    42006093
  • 批准年份:
    2020
  • 资助金额:
    24.0 万元
  • 项目类别:
    青年科学基金项目
“疏松”复合纳滤膜的构筑及其结构与性能调控
  • 批准号:
    21808094
  • 批准年份:
    2018
  • 资助金额:
    28.0 万元
  • 项目类别:
    青年科学基金项目
在线和离线折衷排序研究
  • 批准号:
    11271338
  • 批准年份:
    2012
  • 资助金额:
    60.0 万元
  • 项目类别:
    面上项目
长颚斗蟋的翅二型:地理变异、进化意义及内分泌控制机理
  • 批准号:
    31070586
  • 批准年份:
    2010
  • 资助金额:
    32.0 万元
  • 项目类别:
    面上项目

相似海外基金

Renewal application: How do ecological trade-offs drive ectomycorrhizal fungal community assembly? Fine- scale processes with large-scale implications
更新应用:生态权衡如何驱动外生菌根真菌群落组装?
  • 批准号:
    MR/Y011503/1
  • 财政年份:
    2025
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Fellowship
Identifying potential trade-offs of adapting to climate change
确定适应气候变化的潜在权衡
  • 批准号:
    DP240100230
  • 财政年份:
    2024
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Discovery Projects
Collaborative Research: LTREB: The importance of resource availability, acquisition, and mobilization to the evolution of life history trade-offs in a variable environment.
合作研究:LTREB:资源可用性、获取和动员对于可变环境中生命史权衡演变的重要性。
  • 批准号:
    2338394
  • 财政年份:
    2024
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Continuing Grant
Characterizing Pareto fronts: Trade-offs in the yeast growth cycle constrain adaptation
表征帕累托前沿:酵母生长周期的权衡限制了适应
  • 批准号:
    10749856
  • 财政年份:
    2024
  • 资助金额:
    $ 2.11万
  • 项目类别:
Collaborative Research: LTREB: The importance of resource availability, acquisition, and mobilization to the evolution of life history trade-offs in a variable environment.
合作研究:LTREB:资源可用性、获取和动员对于可变环境中生命史权衡演变的重要性。
  • 批准号:
    2338395
  • 财政年份:
    2024
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Continuing Grant
Improving the Evidence-Based Design of Nature-based Solutions by Understanding the Trade-Offs and Synergies of Ecosystem Services in a Tropical Develo
通过了解热带开发中生态系统服务的权衡和协同作用,改进基于自然的解决方案的循证设计
  • 批准号:
    2908202
  • 财政年份:
    2024
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Studentship
CAREER: Investigating Fitness Trade-offs In A Southern Ocean Predator, The Leopard Seal
职业:研究南大洋掠食者豹海豹的健康权衡
  • 批准号:
    2338980
  • 财政年份:
    2024
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Continuing Grant
Integrating physiological and behavioral ecology: How limited resources and allocation trade-offs impact mate signaling
整合生理和行为生态学:有限的资源和分配权衡如何影响配偶信号
  • 批准号:
    2335882
  • 财政年份:
    2024
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Standard Grant
Climate warming and the collapse of trade-offs mediating species coexistence
气候变暖和调节物种共存的权衡崩溃
  • 批准号:
    2306183
  • 财政年份:
    2023
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Continuing Grant
BRC-BIO: Trade-offs in locomotor performance: comparing hoppers and jumpers in variable environments
BRC-BIO:运动性能的权衡:比较可变环境中的漏斗和跳线
  • 批准号:
    2233366
  • 财政年份:
    2023
  • 资助金额:
    $ 2.11万
  • 项目类别:
    Standard Grant
{{ showInfoDetail.title }}

作者:{{ showInfoDetail.author }}

知道了