CAREER: Enhancing Practical Defense Mechanisms against Memory Errors and Attacks

Researcher(s)

Sponsoring Agency
National Science Foundation

Summary

Given the constant threat of software vulnerabilities and malicious attacks, the computer security community is always working on improving defense mechanisms for real-world use. At the same time, they also need to make sure these defenses can stand up to determined attackers who are ready to exploit any weaknesses. This project aims to evaluate these practical defense mechanisms, spotting and fixing potential issues before attackers can cause major problems. The results will push for more automated defense improvement, affecting many research areas. The project addresses high-profile memory errors. The educational part of the project focuses on teaching students how to design, evaluate, and improve memory protection techniques, starting from K-12 and beyond, to spark interest in computer science and security. To achieve these goals, the project will investigate a set of systematic approaches to evaluate practical defense mechanisms to understand their strengths and help enhance their robustness. The project will identify configuration variables that determine the strength of defenses, and measure the feasibility for attackers to manipulate these bytes to undermine protections. Second, defense-debloating techniques will identify radical optimizations that remove essential security checks and bring old threats back into hardened programs. Third, the project will focus on detecting and preventing resource-exhaustion attacks introduced by out-of-band scrutiny that requires extra software or hardware resources. Finally, a new technique, squeezing analysis, will be used to achieve strong and fast protection. These analyses and enhancement will be applied to diverse defenses such as control-flow integrity (CFI) and reassembly.

Research Area

Term
 -