CNS Core: Small: eXecution Graph Path Security (XGPS)
William Marsh Rice University, Houston TX
Investigators
Abstract
eXecution Graph Path Security (XGPS) is a new computer processor that restricts common low-level behaviors so that attackers cannot use them to take control of a system. By replacing general purpose control operations with new limited operations, XGPS will prevent common attacker steps while preserving expected functionality. This is important because almost all computing systems are susceptible to compromises. Existing approaches emphasize general protection hardware but leave gaps in defenses and cannot easily trace the program as it executes.The core challenge and idea is to describe, track, and ensure good behavior in the hardware itself. XGPS observes that almost all security policies are more precise when including a description of the program path. XGPS will develop a novel hardware mechanism for representing, tracing, and securing all program paths, including for the operating system. The first thrust will develop a general purpose data structure capable of representing the program path while remaining finite in size. The second thrust will implement the path in hardware while protecting it from supervisor level compromise. The third thrust will develop new efficient path based hardware/software security policies, demonstrating the efficacy of the path to enforce meaningful properties. The end result of this research will be the enhanced understanding and development of a system with rigorous control of program behavior. By controlling this behavior, XGPS will deny large classes of threats and, if adopted, will lead to a significantly stronger trusted computing base. Moreover, XGPS will enable existing hardware to tackle problems better suited to their capabilities. A core element of this research program will be engaging graduate and undergraduate students through courses, mentorship, and hands-on research activities. This project will actively pursue underrepresented minority students for research and security technology education. The outcome of this work will be high level models of core components, hardware based design and implementation, written reports, and experimental data. All artifacts will be kept at https://fiercelab.cs.rice.edu/projects/xgps/ and maintained for three years following the conclusion of the project. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →