CAREER: Programming Languages for Reliable and Secure Low-level Systems

职业：可靠且安全的低级系统的编程语言

• 批准号: 0346989
• 负责人: Michael Hicks
• 金额: $ 55万
• 依托单位: University of Maryland, College Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2004
• 资助国家: 美国
• 起止时间: 2004-06-01 至 2010-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0346989&HistoricalAwards=false
• 关键词: CAREER; Programming; Languages; Reliable; Secure

Many critical systems, including operating systems, embedded systems, and communications systems, are low-level. That is, they require careful control over hardware resources to implement needed functionality and to perform well. Low-level software is increasingly common, so it must be reliable and secure, but its increasing complexity makes doing so quite difficult.This project is working to develop, implement, apply, and evaluate programming language technologies to ensure the security and reliability of low-level systems. The approach is to employ novel static analysis techniques, mostly novel type checking and inference systems, for automatically checking proper usage of idioms common to low-level software. These idioms include manual memory management, concurrency, and dynamic reconfiguration; their incorrect usage can lead to service failures, data corruption, and security exploits. For assessment, the new techniques are being incorporated into a new C-like programming language called Cyclone, which is then used to build or port real low-level software, including device drivers, network packet processors and servers, and embedded control software. These systems are experimentally compared against traditionally-developed systems to evaluate their flexibility, usability, and performance.This work will result in new tools and methodologies for building more reliable and secure low-level systems. By validating these techniques on real low-level software, they will have strong relevance and impact. All results will be presented in public forums (conferences and journals) and as part of graduate and undergraduate education. All developed software will be freely available, and usable to non-experts in industry and education.

许多关键系统，包括操作系统，嵌入式系统和通信系统，都是低级的。 也就是说，他们需要仔细控制硬件资源来实现所需的功能并表现良好。 低级软件越来越普遍，因此必须是可靠和安全的，但是其越来越复杂的功能使其非常困​​难。该项目正在努力开发，实施，应用和评估编程语言技术，以确保低级系统的安全性和可靠性。 该方法是采用新颖的静态分析技术，主要是新型类型检查和推理系统，以自动检查低级软件常见的成语的适当使用。这些习语包括手动记忆管理，并发和动态重新配置；他们的错误使用可能会导致服务故障，数据损坏和安全性利用。 为了进行评估，将新技术纳入了一种名为Cyclone的新型类似C的编程语言中，然后将其用于构建或端口真正的低级软件，包括设备驱动程序，网络数据包处理器和服务器以及嵌入式控制软件。 这些系统与传统开发的系统进行了比较，以评估其灵活性，可用性和性能。这项工作将为建立更可靠和安全的低级系统提供新的工具和方法。 通过在实际低级软件上验证这些技术，它们将具有很强的相关性和影响。 所有结果将在公共论坛（会议和期刊）中介绍，并作为研究生和本科教育的一部分。 所有开发的软件将免费获得，并且可用于行业和教育中的非专家。