SaTC: CORE: Small: Automatic Identification of Privilege-guard Variables for Data-only Attacks and Defenses

SaTC：核心：小型：自动识别纯数据攻击和防御的权限保护变量

• 批准号: 2247652
• 负责人: Hong Hu
• 金额: $ 59.01万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-08-01 至 2026-07-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247652&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Automatic; Identification

As cyber attackers are always exploring novel, low-cost hacking vectors to bypass current defenses, security researchers should examine the remaining threats comprehensively in order to develop effective defenses in advance. Within program memory, attackers are shifting their attentions from control hijacking to more stealthy, pure data manipulation: they aim to modify security-critical variables to bypass security checks, like authentication and authorization. Researchers must understand which variables determine application security before developing efficient defenses to prevent so-called data-only attacks. This project proposes three thrusts to comprehensively understand the practicality of automatically constructing data-only attacks. First, Thrust 1 includes a set of novel techniques aiming to automatically identify security-critical, non-control data from general-purpose programs. Thrust 1 will focus on conditional branches that prevent untrusted users from accessing high-privilege resources. The result will help defenders understand whether security-critical variables can be identified automatically. Second, Thrust 2 will develop solutions to measure the challenges of constructing concrete data-only attacks. The goal is to estimate the upper-bound cost of building attacks. The results of this thrust will help understand the practicality of this new threat. Third, Thrust 3 will build a benchmark of data-only attacks to offer a unified platform for testing future data-only attacks and defenses. This project will produce a set of tools for identifying security-critical variables and assessing variable criticalness, and provide a platform for developing new defenses against data-only attacks.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

由于网络攻击者总是在探索新颖、低成本的黑客手段来绕过当前的防御，安全研究人员应该全面检查剩余的威胁，以便提前制定有效的防御措施。在程序内存中，攻击者正在将注意力从控制劫持转向更隐蔽、纯粹的数据操纵：他们的目标是修改安全关键变量以绕过安全检查，例如身份验证和授权。研究人员必须了解哪些变量决定应用程序安全性，然后才能开发有效的防御措施来防止所谓的纯数据攻击。该项目提出了三个要点，以全面了解自动构建纯数据攻击的实用性。首先，Thrust 1 包括一组新技术，旨在从通用程序中自动识别安全关键的非控制数据。 Thrust 1 将重点关注防止不受信任的用户访问高权限资源的条件分支。结果将帮助防御者了解是否可以自动识别安全关键变量。其次，Thrust 2 将开发解决方案来衡量构建具体的纯数据攻击的挑战。目标是估计构建攻击的上限成本。这一推力的结果将有助于理解这一新威胁的实用性。第三，Thrust 3将建立纯数据攻击的基准，为测试未来的纯数据攻击和防御提供统一的平台。该项目将生产一套用于识别安全关键变量和评估变量关键性的工具，并提供一个平台来开发针对纯数据攻击的新防御措施。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准。

项目成果

VIPER: Spotting Syscall-Guard Variables for Data-Only Attacks

• 发表时间: 2023
• 作者: Hengkai Ye;Song Liu;Zhechang Zhang;Hong Hu