| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | July 15, 2010 |
| Latest Amendment Date: | July 15, 2010 |
| Award Number: | 1017602 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Jeremy Epstein
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2010 |
| End Date: | August 31, 2014 (Estimated) |
| Total Intended Award Amount: | $455,428.00 |
| Total Awarded Amount to Date: | $455,428.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1 UNIVERSITY OF NEW MEXICO ALBUQUERQUE NM US 87131-0001 (505)277-4186 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
1 UNIVERSITY OF NEW MEXICO ALBUQUERQUE NM US 87131-0001 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | TRUSTWORTHY COMPUTING |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Information flow is a central concept in computer security, yet it is still an open problem to tag information in a running system and track how the information flows throughout the system in an accurate manner. We are developing the fundamental concepts in control theory, information theory, and systems to solve this problem using what we call a relaxed static stability approach.
In a running system, as information is cut-and-pasted by users or processed, it flows in unexpected ways. Two major challenges are address dependencies and control dependencies. Overtagging these dependencies causes the entire system to quickly become tagged, while undertagging them means that important flows of information are not tracked. Modern fighter jets and stealth aircraft are designed without inherent stability, then advanced digital "fly-by-wire" systems are incorporated into the design to create a stable system that can actually fly. By applying this same kind of "relaxed static stability" approach, we are designing an accurate dynamic information flow tracking system that makes the right tradeoffs between overtagging and undertagging. This will enable whole new classes of applications based on dynamic information flow tracking, ranging from digital forensics and malware analysis to data provenance. By addressing a fundamental need in security and privacy research, we expect our work to have impact in any field where the flow of information in a computer is important to understand.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Dynamic Information Flow Tracking (DIFT) is a method for understanding how information flows through a system while a program is running. As part of this grant, we have explored ways to improve DIFT using control theory, explored new applications of DIFT in cyberphyiscal systems, and developed a better understanding of information flow in the network protocol stack implementations that help operating systems connect to the Internet. Outreach to New Mexico middle school and high school students and curriculum development were also important aspects of the project. Here we briefly describe a few examples of our achievements.
This grant has produced two MS students who were fully supported by the award, and two Ph.D. students who were partially supported by the award. Of the two Ph.D. students graduated, one was from a group traditionally underrepresented in computer science. Both MS students were from groups traditionally underrepresented in computer science, one (Maria Khater) is now in a Ph.D. program at Virginia Tech and the other (Rafael Figueroa) also plans to pursue a Ph.D. Mohammed Al-Saleh (Ph.D., 2012) is now a tenure-track faculty member in the Computer Science Dept. at the Jordan University of Science and Technology. Roya Ensafi defended her dissertation in November 2014 and will begin a post-doc at Princeton University on January 1st, 2015.
The original proposed effort was to apply control theory towards making DIFT more accurate. Our results from this effort are promising, and were presented in Maria Khater's Master's thesis. A new research direction, that also represents a potential new collaboration between the PIs, is the application of DIFT to cyberphysical systems. In Rafael Figueroa's Master's thesis DIFT is used to take human inputs and their effect over time and accumulate and classify them in a continuous range between spurious or legitimate inputs. In this way, a cyberphysical system such as an unmanned vehicle can recover from a malicious input source.
Also as part of this grant, we have gained a better understanding of how information flows in network stacks. Network stacks are the protocol implementations that operating systems use to communicate on the Internet. One application of this work is that we developed a novel TCP/IP side channel, called the hybrid idle scan, that makes it possible to determine whether (almost) any two IP addresses in the world are able to communicate with each other, or if some firewall in between (e.g., for censorship reasons) is preventing them from sending packets to each other. We are working with U.C. Berkeley's International Computer Science Institute (ICSI), the Tor Project, the University of Toronto Citizen Lab, and other research groups to both carry out world-wide measurement of Internet censorship over time and to focus on specific countries to understand how they block censorship circumvention tools such as Tor. Please report errors in award information by writing to: awardsearch@nsf.gov.
