SaTC: CORE: Medium: Cannot Trust Anything: A Tiny TCB Architecture for Secure Containers

SaTC：核心：中：无法信任任何东西：用于安全容器的小型 TCB 架构

• 批准号: 2247370
• 负责人: Gail Kaiser
• 金额: $ 120万
• 依托单位: Columbia University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2027-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247370&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Cannot; Trust

The goal of this project is to protect users' sensitive data in cyber space from determined and resourceful attackers while requiring no changes to applications and no actions from users or software developers. The project's novelties lie in its rethinking of containers, which represent a piece of software that includes all resources an application needs to run across diverse computing environments. Current container technology relies on the operating system (OS) as the trusted computing base (TCB) to enforce their security guarantees. However, modern OSes like Linux are simply too large, with many vulnerabilities and places for malicious software to hide. The project re-envisions containers with a tiny TCB, small enough to be carefully checked, offering defenses even from the OS itself and third-party software. The project's broader significance and importance are its (i) enhancements to modern computing infrastructure supporting mobile, web and desktop applications even when the computer infrastructure and network have been compromised by bad actors and (ii) broadening the participation of underrepresented minorities in computing. The project is investigating creative solutions to the hard problems of protecting and defending the confidentiality and integrity of application state, including registers, physical memory, and files, while still enabling traditional computing and networking services. The approach supports system calls and libraries that receive data from and return data to the application, without requiring modifications to the application’s source code or special configuration by developers. The project will demonstrate that this new TCB architecture provides fine-grained protection of application state against a variety of real attacks, including side-channel attacks that traditional hypervisor and container architectures cannot shield against, while still adding only modest performance overhead to real application workloads. Society will benefit as users enjoy their favorite old apps and explore trending new apps with peace of mind in their safety, privacy, and security.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该项目的目的是保护用户在网络空间中的敏感数据免受确定和足智多谋的攻击者的影响，同时不需要更改应用程序，也不需要用户或软件开发人员的操作。该项目的新颖性在于其对容器的重新思考，这代表了一个软件，其中包括应用程序在潜水员计算环境中运行的所有资源。当前的容器技术依靠操作系统（OS）作为受信任的计算基础（TCB）来执行其安全保证。但是，像Linux这样的现代OS太大了，具有许多漏洞和恶意软件的位置。该项目重新启动带有微小TCB的容器，足够小，可以仔细检查，即使从操作系统本身和第三方软件则提供防御措施。该项目的重要性和重要性是（i）增强对移动，网络和桌面应用程序的现代计算基础架构的增强，即使计算机基础架构和网络已受到坏演员的损害，以及（ii）扩大了代表性少数人在计算中的参与。该项目正在研究保护和捍卫应用程序状态的机密性和完整性（包括寄存器，物理内存和文件）的硬性问题的创造性解决方案，同时仍可以启用传统的计算和网络服务。该方法支持系统的呼叫和库，这些呼叫和库接收数据并将数据返回到应用程序的情况下，而无需对应用程序的源代码或开发人员的特殊配置进行修改。该项目将证明，这种新的TCB体系结构可为应用程序状态提供精细的保护，以防止各种真正的攻击，包括传统的机灵和容器架构无法保护的侧向通道攻击，同时仍将适度的性能开销到实际应用程序工作负载。当用户享受自己喜欢的旧应用程序时，社会将受益，并在安全，隐私和安全方面放心地探索了新的应用程序。该奖项反映了NSF的法定任务，并通过使用基金会的知识分子和更广泛的影响评估审查标准来通过评估来表示赞成支持。