GGrantIndex
← Search

CAREER: Automatically Taming System Complexity with the Least-Authority Virtual Architecture

$256,143FY2022CSENSF

William Marsh Rice University, Houston TX

Investigators

Abstract

Today's computing systems resemble a modern day Titanic. They are huge, easy to penetrate, and structured without sufficient isolation. Attackers exploit weak outer shells and instantly gain access to the whole system. For example, malware such as SolarWinds or Stuxnet has penetrated deeply into government and corporate systems to leak, control, or corrupt sensitive information such as nuclear control systems, finances, or state secrets. Breaches like this cost billions of dollars per year across the public and private sectors. LAVA addresses this problem by automatically partitioning systems into limited-access compartments and introduces mechanisms to ensure decomposed software elements cannot corrupt each other while efficiently allowing legitimate interactions and discovering attacker behavior. All prototypes will be released as open source artifacts that can be used by non-expert end users. New findings will be incorporated in Rice University security courses. A mini-series of Arduino based lectures and labs will be released with security challenges and taught through the Rice REMSL program as well as homeschool communities to engage elementary aged children. Determining required access and capabilities for users of complex systems is challenging. For example, the Linux kernel has over 200 modules and would require over 40000 unique access control decisions. LAVA (Least-Authority Virtual Architecture) suggests the radical view of an end-to-end compiler and runtime framework for analyzing, optimizing, transforming, and enforcing compartmentalized systems. There are three primary challenges and objectives. First, how to scale to large numbers of objects and users without complete system expertise? LAVA addresses this with a new unified representation and analysis framework that is mapped from source code to target runtime and enforcement mechanisms. Second, how to enhance security with fine-grained compartments without degrading performance? LAVA's novel runtime architecture provides efficient yet secure system isolation using a combination of new mechanisms and portable translation layers to optimize policies. Third, how to monitor attackers that easily cloak themselves inside of black box applications? LAVA extends the enforcement monitor with provenance tracing that is capable of deploying security policies as well as tracking and investigating attacker behavior. The overall outcome is an efficient and powerful in-process monitoring facility that can detect sophisticated cloaked threats in real systems. Programs can go from monitoring a few objects to monitoring the majority. The project will contribute analysis frameworks, compiler extensions, and a security monitor with appropriate abstractions and protection mechanisms to make protection fine-grained and fast. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →