SaTC: CORE: Small: Automatic Identification of Privilege-guard Variables for Data-only Attacks and Defenses

SaTC：核心：小型：自动识别纯数据攻击和防御的权限保护变量

• 批准号: 2247652
• 负责人: Hong Hu
• 金额: $ 59.01万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-08-01 至 2026-07-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247652&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Automatic; Identification

As cyber attackers are always exploring novel, low-cost hacking vectors to bypass current defenses, security researchers should examine the remaining threats comprehensively in order to develop effective defenses in advance. Within program memory, attackers are shifting their attentions from control hijacking to more stealthy, pure data manipulation: they aim to modify security-critical variables to bypass security checks, like authentication and authorization. Researchers must understand which variables determine application security before developing efficient defenses to prevent so-called data-only attacks. This project proposes three thrusts to comprehensively understand the practicality of automatically constructing data-only attacks. First, Thrust 1 includes a set of novel techniques aiming to automatically identify security-critical, non-control data from general-purpose programs. Thrust 1 will focus on conditional branches that prevent untrusted users from accessing high-privilege resources. The result will help defenders understand whether security-critical variables can be identified automatically. Second, Thrust 2 will develop solutions to measure the challenges of constructing concrete data-only attacks. The goal is to estimate the upper-bound cost of building attacks. The results of this thrust will help understand the practicality of this new threat. Third, Thrust 3 will build a benchmark of data-only attacks to offer a unified platform for testing future data-only attacks and defenses. This project will produce a set of tools for identifying security-critical variables and assessing variable criticalness, and provide a platform for developing new defenses against data-only attacks.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

由于网络攻击者总是在探索新颖的低成本黑客媒介以绕过当前的防御措施，因此安全研究人员应全面检查剩余的威胁，以便事先开发有效的防御措施。在程序内存中，攻击者将注意力从控制劫持转移到更隐秘的，纯粹的数据操作：他们旨在将关键安全变量修改为绕过安全检查，例如身份验证和授权。研究人员必须了解哪些变量在开发有效的防御措施之前确定应用程序安全性，以防止所谓的仅数据攻击。该项目提出了三个推力，以全面了解自动构建仅数据攻击的实用性。首先，推力1包括一组旨在自动从通用程序中识别至关重要的非控制数据的新技术。推力1将集中在有条件的分支上，以防止不受信任的用户访问高调资源。结果将帮助防御者了解是否可以自动识别至关重要的变量。其次，推力2将开发解决方案，以衡量构建仅具体数据攻击的挑战。目标是估计建筑物攻击的上限成本。这种推力的结果将有助于了解这种新威胁的实用性。第三，推力3将建立仅数据攻击的基准，以提供一个统一的平台来测试未来的仅数据攻击和防御。该项目将生产一组工具，用于识别至关重要的变量并评估可变的临界性，并为针对仅数据攻击的新防御提供了一个平台。该奖项反映了NSF的法定任务，并被认为是通过基金会的知识分子优点和更广泛的审查标准通过评估来进行评估的支持。

项目成果

VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks

• 发表时间: 2023
• 作者: Hengkai Ye;Song Liu;Zhechang Zhang;Hong Hu