GGrantIndex
← Search

TC: Small: Mining Operating System Semantics: Techniques and Applications

$427,000FY2010CSENSF

Syracuse University, Syracuse NY

Investigators

Abstract

The knowledge about operating system semantics is the foundation for many security applications, including virtual machine introspection, malware detection and analysis, computer forensics, etc. However, the existing techniques for extracting operating system semantics fall short. They perform static analysis on the OS source code, and thus cannot be applied to the closed-source operating systems. The source-code analysis also suffers from the WYSINWYX (i.e., What You See Is Not What You eXecute) problem. Furthermore, the obtained semantics knowledge can be easily compromised by various kernel attacks. With such an unsound foundation, the functionality and trustworthiness of these security applications become questionable. To fortify this foundation, the PI aims to build a binary-centric and robust analysis framework for extracting operating system semantics. It is binary-centric, because it can extract semantics information from the binary code of an OS kernel. Consequently, the WYSINWYX problem can be solved and the semantics barrier of closed-source operating systems can be overcome. It is robust, because it can capture the invariants in OS-level semantics. So trustworthy semantics knowledge can be derived from these invariants, and various forgery attacks can be detected. Then with this framework, further research will be conducted to investigate how the functionality and robustness of various security applications can be strengthen. The proposed tasks will lead to the release of prototype systems and the development of education materials for undergraduate and graduate courses and for professional training sessions.

View original record on NSF Award Search →