NSF Org: |
CCF Division of Computing and Communication Foundations |
Recipient: |
|
Initial Amendment Date: | February 17, 2016 |
Latest Amendment Date: | September 23, 2016 |
Award Number: | 1624124 |
Award Instrument: | Continuing Grant |
Program Manager: |
Sol Greenspan
sgreensp@nsf.gov (703)292-7841 CCF Division of Computing and Communication Foundations CSE Direct For Computer & Info Scie & Enginr |
Start Date: | January 1, 2016 |
End Date: | December 31, 2017 (Estimated) |
Total Intended Award Amount: | $276,607.00 |
Total Awarded Amount to Date: | $276,607.00 |
Funds Obligated to Date: |
FY 2015 = $96,013.00 FY 2016 = $100,911.00 |
History of Investigator: |
|
Recipient Sponsored Research Office: |
201 OLD MAIN UNIVERSITY PARK PA US 16802-1503 (814)865-1372 |
Sponsor Congressional District: |
|
Primary Place of Performance: |
112 Hammond Building University Park PA US 16802-7000 |
Primary Place of Performance Congressional District: |
|
Unique Entity Identifier (UEI): |
|
Parent UEI: |
|
NSF Program(s): | Secure &Trustworthy Cyberspace |
Primary Program Source: |
01001516DB NSF RESEARCH & RELATED ACTIVIT 01001617DB NSF RESEARCH & RELATED ACTIVIT |
Program Reference Code(s): |
|
Program Element Code(s): |
|
Award Agency Code: | 4900 |
Fund Agency Code: | 4900 |
Assistance Listing Number(s): | 47.070 |
ABSTRACT
Attacks on software applications such as email readers and web browsers are common. These attacks can cause damages ranging from application malfunction, loss of private data, to a complete takeover of users' computers. One effective strategy for limiting the damage is to adopt the principle of least privilege in application design: the application is split into several protection domains and each domain is given only the necessary privileges to perform its task. In this design, the compromise of one domain does not directly lead to the compromise of other security-sensitive domains. The PI proposes to design and implement a framework that makes it easy for software developers to apply the principle of least privilege to their applications. The proposed framework will significantly improve the security of critical software applications. It will benefit the software industry by designing new technologies for building secure software systems.
The proposed research combines several novel ideas: (1) user-space protection domains through binary-level enforcement of isolation and information-flow security; (2) a declarative language that allows for flexible configuration of an application's security architecture; (3) a binary-level partitioning tool that automatically splits an application into components of least privilege; (4) a compositional reasoning mechanism that allows developers to perform formal reasoning about an application's end-to-end information security. By staying in the user space, the proposed framework is OS independent, and by working on binary code, it is source-language agnostic, making it more broadly applicable. Developers can use it to partition an application, flexibly configure its security architecture, and reason about its information security. On the education side, the PI will organize a series of activities to increase high school students' awareness of security, privacy, and secure programming. The central activity is a summer workshop that gathers local high-school technology teachers and helps them design lesson plans that can be integrated into their schools' technology curriculum.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The main objective of this project is to design a privilege separation framework that makes it easier for developers to adopt in their application development. In privilege separation, modules of a software application are put into separate protection domains so that the compromise of one domain does not directly lead to the compromise of other domains; each domain is given only those privileges necessary to complete its task. One unique design adopted by this project isthat it aims for a binary-level approach. Specifically, it aims to isolate protection domains, enforce security policies, and perform partitioning directly on binary code. This approach is challenging, but offers the key advantage of being source-language agnostic.
Through the completion of the project, we have made significant progress in addressing the core problems in the project: (1) we developed two systems called uPro and duPro, which enforce efficient and fine-grained privilege separation using software-based fault isolation and decentralized information-flow control when given anapplication that has been manually privilege separated; (2) We have developed a system called NativeGuard, which isolates native libraries from other components in Android applications; (3) We have built a new generation of software-based fault isolation and control-flow integrity frameworks (in a series of systems called Strato, MCFI, and PICFI) that are able to provide light-weight protection domains used in a privilege-separation framework. Many of these projects have been open sourced and have benefited the software-security community.
Last Modified: 02/04/2018
Modified by: Gang Tan
Please report errors in award information by writing to: awardsearch@nsf.gov.