TC: Medium: Collaborative Research: Securing Concurrency in Modern Systems

TC：媒介：协作研究：确保现代系统中的并发性

• 批准号: 0905177
• 负责人: Jedidiah Crandall
• 金额: $ 40万
• 依托单位: University of New Mexico
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0905177&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Securing

This award is funded under the American Recovery and Reinvestment Act of 2009 (Public Law 111-5). Concurrency-related vulnerabilities are pervasive in modern computing systems. Concurrency exploits include time-of-check-to-time-of-use (TOCTTOU) race conditions in file systems, attacks on signal handlers, and evasive malware that uses concurrency to escape sandboxing mechanisms. As processors feature ever more parallelism, and computers process more of our sensitive data, defending against concurrency attacks is a key challenge for the coming decade. The first goal is to protect legitimate applications from concurrency attacks when they access system resources (e.g., prevent TOCTTOU attacks on file accesses and exploitable race conditions in signal handlers). The objective is to provide application programmers with mechanisms and policies for synchronizing access to system resources so they can avoid unintentional vulnerabilities. The second goal is to provide strong confinement of untrusted code in the presence of concurrency, i.e., blocking intentionally malicious behavior. Today's malware abuses concurrency mechanisms to bypass and circumvent containment mechanisms like reference monitors and system call wrappers. Providing robust system support for containing malicious code is a critical challenge in intrusion detection and prevention. Modern computing systems fundamentally depend on concurrency for their performance and functionality. Making sure that concurrency is used securely is essential for building a trusted cyber infrastructure. This research will have a significant impact on the practical development of secure software, and enable security-critical applications to realize the performance benefits of today's highly parallel systems.

该奖项根据 2009 年《美国复苏和再投资法案》（公法 111-5）提供资金。与并发相关的漏洞在现代计算系统中普遍存在。并发攻击包括文件系统中的检查时间到使用时间 (TOCTTOU) 竞争条件、对信号处理程序的攻击以及使用并发来逃避沙箱机制的规避恶意软件。随着处理器具有越来越多的并行性，并且计算机处理更多的敏感数据，防御并发攻击是未来十年的关键挑战。第一个目标是保护合法应用程序在访问系统资源时免受并发攻击（例如，防止对文件访问和信号处理程序中可利用的竞争条件进行 TOCTTOU 攻击）。目标是为应用程序程序员提供同步对系统资源的访问的机制和策略，以便他们避免意外的漏洞。第二个目标是在并发情况下对不受信任的代码提供强有力的限制，即阻止故意的恶意行为。当今的恶意软件滥用并发机制来绕过和规避引用监视器和系统调用包装器等遏制机制。为遏制恶意代码提供强大的系统支持是入侵检测和预防的关键挑战。现代计算系统的性能和功能从根本上依赖于并发性。确保安全地使用并发对于构建可信的网络基础设施至关重要。这项研究将对安全软件的实际开发产生重大影响，并使安全关键应用程序能够实现当今高度并行系统的性能优势。