GGrantIndex
← Search

CAREER: Securing Applications From Compromised System Software

$512,438FY2017CSENSF

University Of Rochester, Rochester NY

Investigators

Abstract

In an ideal world, secure software would be built as a set of mutually distrusting components that work together to accomplish goals. However, modern software is not built this way; rather, it heavily trusts a component called the operating system kernel. Fortunately, there are new methods of isolating programs from each other and from the OS kernel to minimize the damage caused if an attacker compromises a critical component. However, such solutions are too slow and are vulnerable to sophisticated implicit information flow attacks. Also, the effectiveness of current solutions will be verified using formal verification techniques. This project will develop new techniques to solve these deficiencies. It will investigate the use of new hardware mechanisms that will accelerate the protection of applications from compromised commodity operating system kernels. It will develop new compiler transformations that will modify existing software to distrust other software components. It will devise new static information flow analysis methods and run-time checks to keep compromised operating system kernels from stealing application secrets and influencing application behaviors through Iago attacks. Finally, the project will build a formal model of the system and prove that it protects software as intended. The project will release open source software so that the techniques and tools can be used by other researchers and can find their way into practice. Educationally, curriculum for OS designers will contain knowledge of this important class of attacks at the point that designers are building the OS.

View original record on NSF Award Search →