TC: Small: Least Privilege Enforcement through Secure Memory Views

TC：小：通过安全内存视图执行最低权限

• 批准号: 1117065
• 负责人: Aniket Kate
• 金额: $ 49.99万
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-08-15 至 2017-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1117065&HistoricalAwards=false
• 关键词: TC; Small; Least; Privilege; Enforcement

The goal of this project is to provide protection against exploits through untrusted third-party software components and against malicious application manipulation. These problems constitute an important class of vulnerabilities in current software, and are tied to a common denominator -- the lack of ability to divide a program and the data manipulated by it in a fine-grained manner and to control the interactions between the resulting constituents. This project proposes practical fine-grained ``least privilege'' enforcement through a computation model where the heap can be divided into a dynamic number of memory domains. Security contexts --- called secure memory views (SMVs) --- can be defined that map privileges of code executing within them onto memory domains. Threads are allowed to dynamically switch their set of privileges (i.e., switch which SMVs they are bound to) in a secure and controlled fashion, termed security context switching. These ideas are realized through three core contributions. (1) A programming model is devised to allow the application programmer to easily apply the proposed techniques, while also providing enough structure to reason about the resulting properties and to secure these. (2) The new concepts are reified within a modern mainstream programming language through development of a compiler supporting the language extensions, as well as modifications of the language runtime. (3) An efficient implementation of security context switching is proposed, involving both the language runtime and the operating system kernel itself. To validate the research, a popular web browser as well as a web server are enhanced to use SMVs. By using widely employed open-source software for implementing and validating the proposed support our concepts become available to a large community for use as well as further research and development.

该项目的目的是通过不受信任的第三方软件组件和恶意应用程序的操纵来防止利用。这些问题构成了当前软件中重要的漏洞类别，并且与共同的分母相关 - 缺乏分割程序和以细粒度操纵的数据并控制所得组成部分之间的相互作用的能力。 该项目提出了通过计算模型实用的细粒度``最小特权''执法，在该模型中可以将堆分为动态数量的内存域。安全上下文---称为安全内存视图（SMVS）---可以定义在内存域上执行的代码的映射特权。允许线程以安全且控制的方式切换其特权集（即，将其绑定到的SMV绑定到哪些SMV），称为安全上下文切换。这些想法是通过三个核心贡献实现的。 （1）设计了一个编程模型，以允许应用程序程序员轻松应用所提出的技术，同时还提供足够的结构来推理所得属性并确保这些属性。 （2）通过开发支持语言扩展的编译器以及对语言运行时的修改，将在现代主流编程语言中进行了新概念。 （3）提出了有效的安全上下文切换的实现，涉及语言运行时和操作系统内核本身。为了验证研究，可以增强流行的Web浏览器以及Web服务器的使用，以使用SMV。通过使用广泛使用的开源软件来实施和验证拟议的支持，我们的概念可以用于大型社区以及进一步的研究和开发。