CT:Securing Untrusted Software with Interposition

CT：通过干预保护不受信任的软件

• 批准号: 0611425
• 负责人: David Mazières
• 金额: --
• 依托单位: Stanford University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2005
• 资助国家: 美国
• 起止时间: 2005-09-01 至 2008-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0611425&HistoricalAwards=false
• 关键词: CT; Securing; Untrusted; Software; Interposition

Proposal: NSF-0430425Title: Securing Untrusted Software with InterpositionPI: David MazieresAbstractThe principles for building secure computer systems have been known for decades. Yet violating them---by assuming elevated privilege, for example---makes application development so much easier on conventional operating systems that it's doubtful the principles will ever be broadly followed there. This research program investigates a new operating system design, Asbestos, that allows applications to be completely secured by third parties, such as system administrators, without help from application authors themselves. The fundamental Asbestos security primitive is interposition, whereby programs can easily interpose upon, monitor, and control any or all interactions between an application and the rest of the system. Unlike previous systems, this includes interactions with other applications as well as system services. Interposers correspond to security policies, or per-application firewalls. They can block or virtualize undesired accesses, so that legacy applications that demand inappropriately high privilege can run in a less-privileged setting. Design challenges include making system interactions easy for interposers to understand, and developing a convenient library of security policies built from interposition components. A successful Asbestos design has the potential to significantly improve the security of critical systems, even those running insecure applications. Source code will be released publicly under an open-source license.

建议：NSF-0430425TITLE：使用InterpositionPi确保不受信任的软件：David Mazieresabstractth构建安全计算机系统的原理已知数十年。 然而，通过假设特权提高，违反了它们 - 使应用程序开发在常规操作系统上变得更加容易，以至于令人怀疑的是，原则将在那里广泛遵循。 该研究计划调查了一种新的操作系统设计石棉，该设计使应用程序可以由第三方（例如系统管理员）完全保护，而无需应用程序作者本身。 基本的石棉安全性原始性是插入，程序可以轻松地在应用程序和系统之间的其余部分之间插入，监视和控制任何或所有相互作用。 与以前的系统不同，这包括与其他应用程序以及系统服务的交互。 插入器对应于安全策略或每个申请防火墙。 它们可以阻止或虚拟化不希望的访问，以便要求不适当的特权的旧应用程序可以在较不挑剔的设置中运行。设计挑战包括使插入器易于理解系统交互，并制定由插入组件构建的便捷安全策略库。 成功的石棉设计有可能显着提高关键系统的安全性，即使是那些运行不安全的应用程序的安全性。 源代码将在开源许可下公开发布。