| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 29, 2006 |
| Latest Amendment Date: | July 28, 2011 |
| Award Number: | 0627672 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Jeremy Epstein
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2006 |
| End Date: | August 31, 2012 (Estimated) |
| Total Intended Award Amount: | $384,532.00 |
| Total Awarded Amount to Date: | $384,532.00 |
| Funds Obligated to Date: |
FY 2007 = $100,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
W5510 FRANKS MELVILLE MEMORIAL LIBRARY STONY BROOK NY US 11794-0001 (631)632-9949 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
W5510 FRANKS MELVILLE MEMORIAL LIBRARY STONY BROOK NY US 11794-0001 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): |
CYBER TRUST, ITR-CYBERTRUST |
| Primary Program Source: |
app-0107 |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Automatic Generation of High-Quality Attack Signatures and Patches
Tzi-CherChiueh
State University of New York, Stony Brook
Abstract
A comprehensive cyber attack defense should include (1) an attack detection component that can determine if a network application has been compromised and prevent the attack from further spreading, (2) an attack identification component that can identify the corresponding attack packets and generate the associated attack signatures so as to prevent such attacks from taking place in the future, and (3) an attack repair component that can restore the compromised application's state to that before the attack and allow it to continue normally, and if possible permanently eliminate the vulnerability being exploited. This project aims to build a program transformation system called DIRA that can automatically embed into network applications a comprehensive cyber defense against control-hijacking attacks, which allow remote attackers to hijack a remote program and eventually its underlying system. Control-hijacking attacks have been used as building blocks for many recent Internet worms, and include such attacks as buffer overflow, integer overflow and format string attacks. Given a network application's source or binary code, DIRA can convert it in such a way that the resulting program can automatically detect any incoming control-hijacking attack, repair the memory damage left by the attack, derive the corresponding attack signature and inform the front-end firewall accordingly, and create a permanent patch that seals the security hole being exploited, all without requiring any modifications to the operating system or hardware. To extend these security-enhancing program transformation techniques to commercially distributed Win32/X86 binaries, the DIRA project will develop a novel binary analysis and instrumentation infrastructure using a combination of static and dynamic disassembling.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
Please report errors in award information by writing to: awardsearch@nsf.gov.
