CAREER: Empowering Attacker-Centric Security Analysis of Network Protocols

职业：支持以攻击者为中心的网络协议安全分析

• 批准号: 1652954
• 负责人: Zhiyun Qian
• 金额: $ 50万
• 依托单位: University of California-Riverside
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-03-15 至 2024-02-29
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1652954&HistoricalAwards=false
• 关键词: CAREER; Empowering; Attacker; Centric; Security

The objective of this project is to improve the security of a wide range of network protocols that the Internet relies on. Unfortunately, the Internet has been evolving at a rapid rate but its initial design did not take security into consideration. In practice, this leads to a never-ending stream of network attacks that are continuously being discovered. The defenders are forced into a reactive position to these new and creative attacks, without having the necessary tools to understand and anticipate them. The proposed project aims to identify and analyze protocol flaws proactively and stay ahead of attackers. In particular, the project will develop a set of innovative and timely techniques, tools, and insights that will empower developers and researchers to analyze network protocols, identify their weaknesses, and correct them early on. The results will benefit all Internet users by providing a more secure network environment overall. Specifically, the research is motivated by the following observations. First, emerging threats such as side channels have been largely overlooked in network protocols. Second, network attacks are getting more sophisticated, with new threat models such as cooperating local and remote attackers. Third, the network protocols and their interactions with the environment are getting more complex, especially when considering the prevalence of network middleboxes, host-based firewalls, and censorship firewalls, etc. The research will develop a combination of program analysis and network measurement techniques to systematically uncover vulnerabilities in a variety of network protocols. The insights gained from the project will enable better and more secure design and implementation of protocols.

该项目的目的是提高互联网所依赖的广泛网络协议的安全性。不幸的是，互联网一直在快速发展，但其最初的设计并未考虑到安全性。在实践中，这导致了不断发现的无休止的网络攻击流。捍卫者被迫对这些新的创造性攻击的反应性立场，而没有必要的工具来理解和预测它们。拟议的项目旨在积极识别和分析协议缺陷，并保持攻击者的领先地位。特别是，该项目将开发一系列创新和及时的技术，工具和见解，这些技术，工具和见解将使开发人员和研究人员能够分析网络协议，确定其弱点并尽早纠正它们。结果将通过整体提供更安全的网络环境来使所有互联网用户受益。具体而言，该研究是由以下观察结果激励的。首先，在网络协议中，新兴威胁（例如侧渠道）在很大程度上被忽略了。其次，网络攻击变得越来越复杂，新的威胁模型，例如合作本地和远程攻击者。第三，网络协议及其与环境的互动变得越来越复杂，尤其是在考虑网络中间箱，基于主机的防火墙和审查防火墙等的盛行时。该研究将开发程序分析和网络测量技术以系统地在各种网络协议中系统地发现脆弱性的结合。从项目中获得的见解将使协议的更好，更安全的设计和实施。

项目成果

DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels

• DOI: 10.1145/3372297.3417280
• 发表时间: 2020-10
• 期刊: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Keyu Man;Zhiyun Qian;Zhongjie Wang;Xiaofeng Zheng;Youjun Huang;Haixin Duan

Principled Unearthing of TCP Side Channel Vulnerabilities

• DOI: 10.1145/3319535.3354250
• 发表时间: 2019-11
• 期刊: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Yue Cao;Zhongjie Wang;Zhiyun Qian;Chengyu Song;S. Krishnamurthy;Paul L. Yu

DNS Cache Poisoning Attack: Resurrections with Side Channels

• DOI: 10.1145/3460120.3486219
• 发表时间: 2021-11
• 期刊: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Keyu Man;Xin'an Zhou;Zhiyun Qian

K-LEAK: Towards Automating the Generation of Multi-Step Infoleak Exploits against the Linux Kernel

• DOI: 10.14722/ndss.2024.24935
• 发表时间: 2024
• 期刊: Proceedings 2024 Network and Distributed System Security Symposium
• 作者: Zhengchuan Liang;Xiaochen Zou;Chengyu Song;Zhiyun Qian

SyzGen: Automated Generation of Syscall Specification of Closed-Source macOS Drivers

• DOI: 10.1145/3460120.3484564
• 发表时间: 2021-11
• 期刊: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Weiteng Chen;Yu Wang;Zheng Zhang;Zhiyun Qian