Collaborative Research: SaTC: EDU: Creating Windows Advanced Memory Corruption Attack and Defense Teaching Modules

协作研究：SaTC：EDU：创建 Windows 高级内存损坏攻击和防御教学模块

• 批准号: 2325452
• 负责人: Changchun Zou
• 金额: $ 7万
• 依托单位: The University of Central Florida Board of Trustees
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2026-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2325452&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; EDU; Creating

Microsoft Windows operating systems have a large market share and are pervasively used. As such, they are also major targets for cyberattacks, such as malware. It is critical to teach software security topics on the latest Windows versions. However, there are currently no systematic advanced software security education modules for the latest Windows system. The goal of this project is to develop advanced teaching modules on software security, particularly memory corruption attack and defense for the latest systems. A memory corruption attack triggers memory errors through malicious and delicate inputs and is often part of an advanced cyberattack. The developed teaching modules will help students understand how various security features of Windows compilers and linkers are used to fight against miscellaneous memory corruption attacks and their limitations. This will help prepare students for real-world bug hunting and software security.This project will achieve six objectives. 1. Innovating Armitage, an open-source graphical user interface front end of Metasploit, which is a tool used to identify security vulnerabilities. Armitage is an ideal open-source tool to demonstrate attacks and raise security awareness given its ease of use. 2. Developing defense modules on Exploit Protection features of the latest Windows. 3. Incorporating a variety of memory corruption vulnerabilities into a vulnerable chat server (VChat), which will be developed as a Visual C++ project, and developing corresponding attack teaching materials in Python. 4. Developing Metasploit modules in Ruby for all memory corruption attacks, which can be used with Armitage. The purpose of Metasploit modules is to demonstrate those attacks easily and motivate students to learn the principles. 5. Integrating developed teaching modules into related courses at the two participating institutions, University of Massachusetts Lowell and University of Central Florida. 6. Disseminating developed teaching modules, software and systems through a faculty development workshop, project websites, GitHub repositories, video tutorials, CLARK (a cybersecurity curriculum hosting platform), academic publications, and field trips as outreach venues to K-12 students.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

微软Windows操作系统拥有很大的市场份额并且被广泛使用。因此，它们也是恶意软件等网络攻击的主要目标。教授有关最新 Windows 版本的软件安全主题至关重要。然而，目前最新的Windows系统还没有系统的高级软件安全教育模块。该项目的目标是开发有关软件安全的高级教学模块，特别是针对最新系统的内存损坏攻击和防御。内存损坏攻击通过恶意和微妙的输入触发内存错误，通常是高级网络攻击的一部分。开发的教学模块将帮助学生了解如何使用Windows编译器和链接器的各种安全功能来对抗各种内存损坏攻击及其局限性。这将帮助学生为现实世界的错误搜寻和软件安全做好准备。该项目将实现六个目标。 1. 创新Armitage，Metasploit的开源图形用户界面前端，是用于识别安全漏洞的工具。 Armitage 易于使用，是演示攻击和提高安全意识的理想开源工具。 2.针对最新Windows的漏洞利用防护功能开发防御模块。 3、将多种内存损坏漏洞融入易受攻击的聊天服务器（VChat）中，将其开发为Visual C++项目，并用Python开发相应的攻击教材。 4. 在 Ruby 中开发 Metasploit 模块以应对所有内存损坏攻击，可以与 Armitage 一起使用。 Metasploit 模块的目的是轻松演示这些攻击并激励学生学习其原理。 5. 将开发的教学模块整合到马萨诸塞州洛厄尔大学和中佛罗里达大学这两个参与机构的相关课程中。 6. 通过教师发展研讨会、项目网站、GitHub 存储库、视频教程、CLARK（网络安全课程托管平台）、学术出版物和实地考察作为 K-12 学生的外展场所，传播开发的教学模块、软件和系统。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Image Authentication Using Self-Supervised Learning to Detect Manipulation Over Social Network Platforms

使用自我监督学习的图像认证来检测社交网络平台上的操纵

• DOI: 10.1109/milcom55135.2022.10017725
• 发表时间: 2022-11-28
• 期刊: MILCOM 2022 - 2022 IEEE Military Communications Conference (MILCOM)
• 作者: Mohammed Alkhowaiter;Khalid Almubarak;Mnassar Alyami;Abdulmajeed Alghamdi;C. Zou
• 通讯作者: C. Zou

User Profiling Attack Using Windows Registry Data

使用 Windows 注册表数据进行用户分析攻击

• DOI: 10.1109/uemcon59035.2023.10315968
• 发表时间: 2023-10
• 期刊: Electronics & Mobile Communication Conference (UEMCON
• 作者: Amoruso, Edward L.;Zou, Cliff C.;Leinecker, Richard
• 通讯作者: Leinecker, Richard

Random Segmentation: New Traffic Obfuscation against Packet-Size-Based Side-Channel Attacks

随机分段：针对基于数据包大小的侧通道攻击的新流量混淆

• DOI: 10.3390/electronics12183816
• 发表时间: 2023-09
• 期刊: Electronics
• 影响因子: 2.9
• 作者: Alyami, Mnassar;Alghamdi, Abdulmajeed;Alkhowaiter, Mohammed A.;Zou, Cliff;Solihin, Yan
• 通讯作者: Solihin, Yan

FITS: Matching Camera Fingerprints Subject to Software Noise Pollution

FITS：匹配受到软件噪声污染的相机指纹

• DOI: 10.1145/3576915.3616600
• 发表时间: 2023-11
• 期刊: CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Liu, Liu;Fu, Xinwen;Chen, Xiaodong;Wang, Jianpeng;Ba, Zhongjie;Lin, Feng;Lu, Li;Ren, Kui
• 通讯作者: Ren, Kui

Adversarial-Aware Deep Learning System Based on a Secondary Classical Machine Learning Verification Approach

基于二次经典机器学习验证方法的对抗感知深度学习系统

• DOI: 10.3390/s23146287
• 发表时间: 2023-07-11
• 期刊: Sensors
• 影响因子: 3.9
• 作者: Alkhowaiter M;Kholidy H;Alyami MA;Alghamdi A;Zou C
• 通讯作者: Zou C