CAREER: User-Space Protection Domains for Compositional Information Security

职业：组合信息安全的用户空间保护域

• 批准号: 1624124
• 负责人: Gang Tan
• 金额: $ 27.66万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-01-01 至 2017-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1624124&HistoricalAwards=false
• 关键词: CAREER; User; Space; Protection; Domains

Attacks on software applications such as email readers and web browsers are common. These attacks can cause damages ranging from application malfunction, loss of private data, to a complete takeover of users' computers. One effective strategy for limiting the damage is to adopt the principle of least privilege in application design: the application is split into several protection domains and each domain is given only the necessary privileges to perform its task. In this design, the compromise of one domain does not directly lead to the compromise of other security-sensitive domains. The PI proposes to design and implement a framework that makes it easy for software developers to apply the principle of least privilege to their applications. The proposed framework will significantly improve the security of critical software applications. It will benefit the software industry by designing new technologies for building secure software systems.The proposed research combines several novel ideas: (1) user-space protection domains through binary-level enforcement of isolation and information-flow security; (2) a declarative language that allows for flexible configuration of an application's security architecture; (3) a binary-level partitioning tool that automatically splits an application into components of least privilege; (4) a compositional reasoning mechanism that allows developers to perform formal reasoning about an application's end-to-end information security. By staying in the user space, the proposed framework is OS independent, and by working on binary code, it is source-language agnostic, making it more broadly applicable. Developers can use it to partition an application, flexibly configure its security architecture, and reason about its information security. On the education side, the PI will organize a series of activities to increase high school students' awareness of security, privacy, and secure programming. The central activity is a summer workshop that gathers local high-school technology teachers and helps them design lesson plans that can be integrated into their schools' technology curriculum.

对电子邮件阅读器和网络浏览器等软件应用程序的攻击很常见。这些攻击可能造成从应用程序故障、私人数据丢失到完全接管用户计算机的损害。 限制损害的一种有效策略是在应用程序设计中采用最小特权原则：将应用程序分为多个保护域，每个域仅被授予执行其任务所需的特权。在这一设计中，一个域的泄露不会直接导致其他安全敏感域的泄露。 PI 建议设计和实现一个框架，使软件开发人员能够轻松地将最小特权原则应用于其应用程序。所提出的框架将显着提高关键软件应用程序的安全性。它将通过设计构建安全软件系统的新技术使软件行业受益。所提出的研究结合了几个新颖的想法：（1）通过二进制级实施隔离和信息流安全来保护用户空间； (2) 声明性语言，允许灵活配置应用程序的安全架构； (3) 二进制级分区工具，可自动将应用程序拆分为最小权限的组件； (4)组合推理机制，允许开发人员对应用程序的端到端信息安全进行形式推理。 通过停留在用户空间，所提出的框架是独立于操作系统的，并且通过处理二进制代码，它与源语言无关，从而使其具有更广泛的适用性。 开发者可以利用它对应用进行分区、灵活配置应用的安全架构、进行信息安全推理。 在教育方面，PI将组织一系列活动，提高高中生的安全、隐私和安全编程意识。 中心活动是一个夏季研讨会，聚集了当地高中技术教师，帮助他们设计可以融入学校技术课程的课程计划。