CT-T: Proactive Techniques for Preserving System Integrity: A Basis for Robust Defense Against Malware

CT-T：保护系统完整性的主动技术：强大防御恶意软件的基础

• 批准号: 0831298
• 负责人: Ramasubramanian Sekar
• 金额: $ 100万
• 依托单位: SUNY at Stony Brook
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2008
• 资助国家: 美国
• 起止时间: 2008-09-01 至 2015-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0831298&HistoricalAwards=false
• 关键词: CT; Proactive; Techniques; Preserving; System

Cyber threats have escalated rapidly over the past decade. "Zero-dayattacks" have become significant, delivered increasingly throughseemingly innocuous means such as web pages, images, and documents.Malware is rampant, being installed surreptitiously on millions ofcomputers around the world using a combination of spam, phishing,malicious shareware and freeware. Today's defenses use techniques such as signature-based scanning andfile integrity monitoring to detect the presence of malware, and thenremove them. Unfortunately, clever adversaries can quickly developmalware that conceals itself from these detection mechanisms, andhence defeat such reactive defenses. In contrast, this project willdevelop an approach that dramatically improves defenses againstmalware, and put a computer owner back in control over theattackers. This approach, based on synthesizing and enforcinglow-level information flow properties from generic high levelpolicies, will be used to identify components of a computer systemthat are critical for its trustworthiness, and preserve theirintegrity. In doing so, the approach will enable users to continue touse popular operating systems, applications, and add-on software, while stillassuring system security.Specifically, this project will develop techniques to protect (a) the OSand critical applications from untrusted code or data, (b) criticalapplications from modules and extensions (e.g., browser plug-ins and mediaplayer codecs) that run within the same address space, and (c) the OS kernelfrom damage due to untrusted kernel extensions such as device drivers.In terms of broader impact, this project will train several graduatestudents, the research will be integrated into the teaching activities ofthe PIs, and finally, the solutions developed will be distributed asopen-source software and/or tools.

在过去的十年中，网络威胁迅速升级。 “零日攻击”变得重要，越来越多地提供了诸如网页，图像和文档之类的不可分割的无害手段。Malware猖ramp，使用垃圾邮件，播放器，恶意软件和免费软件的垃圾邮件组合在世界各地的数百万个计算机上进行了秘密安装。当今的防御技术使用基于签名的扫描和文件完整性监控等技术来检测恶意软件的存在，然后将其置于范围内。不幸的是，聪明的对手可以迅速开发出掩盖这些检测机制的武器，并击败这种反应性防御。相比之下，该项目将开发一种方法，该方法可以极大地改善对Malware的防御能力，并使计算机所有者重新控制了TheatTackers。这种方法基于综合和执行的基础信息流属性属性，将使用通用高级别的质量，用于识别计算机系统的组件，这对于其信任度至关重要，并且保留其整体性。 In doing so, the approach will enable users to continue touse popular operating systems, applications, and add-on software, while stillassuring system security.Specifically, this project will develop techniques to protect (a) the OSand critical applications from untrusted code or data, (b) criticalapplications from modules and extensions (e.g., browser plug-ins and mediaplayer codecs) that run within the same address space, and (c) the OS内核损坏是由于不受信任的内核扩展（例如设备驱动程序）而造成的。在更广泛的影响方面，该项目将培训几个毕业生，研究将整合到PIS的教学活动中，最后，开发的解决方案将被分发为ASOPEN ASOPEN-SOPEN-SOPERCE-SORPERCE软件和/或工具。