GGrantIndex
← Search

I-Corps: Utilization of Moving Target Defenses in Software Applications

$50,000FY2020TIPNSF

Vanderbilt University, Nashville TN

Investigators

Abstract

The broader impact of this I-Corps project is focused on exploring translation of proactive defense-in-depth technologies focused on leveraging moving target defense techniques. The global cybersecurity market is currently valued at $124 Billion with an estimated 8.7% CAGR over the next 5 years. Since most solutions focus on monitoring and reacting to attacks, an opportunity exists to explore a proactive approach. Identical software implementations for every system suggest that an attacker identifying critical vulnerabilities in one program can exploit this knowledge for every device running that program. This is the fundamental basis behind the execution of computer viruses, and the primary reason how cyber-espionage software, such as STUXNET and Pegasus, have been able to infiltrate and pivot within sensitive systems. The increased use of IoT devices in safety-critical applications creates risks beyond exfiltrating sensitive data, such as patient records and credit card information, to larger scale cyber-terrorist activities conducted remotely and inexpensively. This I-Corps project advances the development of new cybersecurity systems. The key avenue for exploiting safety-critical software is often stack-based exploits, most notably buffer overflows, which are directly responsible for over 60% of IoT device attacks. The key step for any stack-based cyber-attack to be successful is reconnaissance. The use of moving target defense to diversify the internal structure of applications is proposed, ensuring that every program will have a unique identity. Specifically, this project proposes mitigating stack-based vulnerabilities by utilizing stack segmentation, address space randomization, data encryption, function shuffling, dummy code insertion, stack canaries, and variable obfuscation. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →