SaTC: CORE: Medium: Cannot Trust Anything: A Tiny TCB Architecture for Secure Containers

SaTC：核心：中：无法信任任何东西：用于安全容器的小型 TCB 架构

• 批准号: 2247370
• 负责人: Gail Kaiser
• 金额: $ 120万
• 依托单位: Columbia University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2027-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247370&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Cannot; Trust

The goal of this project is to protect users' sensitive data in cyber space from determined and resourceful attackers while requiring no changes to applications and no actions from users or software developers. The project's novelties lie in its rethinking of containers, which represent a piece of software that includes all resources an application needs to run across diverse computing environments. Current container technology relies on the operating system (OS) as the trusted computing base (TCB) to enforce their security guarantees. However, modern OSes like Linux are simply too large, with many vulnerabilities and places for malicious software to hide. The project re-envisions containers with a tiny TCB, small enough to be carefully checked, offering defenses even from the OS itself and third-party software. The project's broader significance and importance are its (i) enhancements to modern computing infrastructure supporting mobile, web and desktop applications even when the computer infrastructure and network have been compromised by bad actors and (ii) broadening the participation of underrepresented minorities in computing. The project is investigating creative solutions to the hard problems of protecting and defending the confidentiality and integrity of application state, including registers, physical memory, and files, while still enabling traditional computing and networking services. The approach supports system calls and libraries that receive data from and return data to the application, without requiring modifications to the application’s source code or special configuration by developers. The project will demonstrate that this new TCB architecture provides fine-grained protection of application state against a variety of real attacks, including side-channel attacks that traditional hypervisor and container architectures cannot shield against, while still adding only modest performance overhead to real application workloads. Society will benefit as users enjoy their favorite old apps and explore trending new apps with peace of mind in their safety, privacy, and security.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目标是保护网络空间中用户的敏感数据免受坚定且足智多谋的攻击者的攻击，同时不需要对应用程序进行任何更改，也不需要用户或软件开发人员采取任何行动。该项目的新颖之处在于它对容器的重新思考，容器代表了容器的一部分。包含应用程序在不同计算环境中运行所需的所有资源的软件。当前的容器技术依赖操作系统 (OS) 作为可信计算基础 (TCB) 来实施安全保证。但是，像 Linux 这样的现代操作系统实在是太大了。 ，有很多漏洞该项目重新设想了带有小型 TCB 的容器，小到足以进行仔细检查，甚至可以提供来自操作系统本身和第三方软件的防御。该项目的更广泛的意义和重要性在于（i）。增强现代计算基础设施，支持移动、网络和桌面应用程序，即使计算机基础设施和网络受到不良行为者的损害；(ii) 扩大代表性不足的少数群体对计算的参与。该项目正在研究针对保护这一难题的创造性解决方案。并捍卫机密性和完整性该方法支持从应用程序接收数据并向应用程序返回数据的系统调用和库，而无需修改应用程序的源代码或特殊配置。该项目将证明，这种新的 TCB 架构可以针对各种实际攻击提供细粒度的应用程序状态保护，包括传统虚拟机管理程序和容器架构无法防御的旁道攻击，同时仍然仅增加适度的性能开销。社会将作为用户受益。享受他们最喜欢的旧应用程序，并在安全、隐私和保障方面放心地探索流行的新应用程序。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。