| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | February 17, 2010 |
| Latest Amendment Date: | August 29, 2014 |
| Award Number: | 0953751 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Nina Amla
namla@nsf.gov (703)292-7991 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | March 1, 2010 |
| End Date: | February 29, 2016 (Estimated) |
| Total Intended Award Amount: | $521,494.00 |
| Total Awarded Amount to Date: | $579,659.00 |
| Funds Obligated to Date: |
FY 2011 = $116,653.00 FY 2012 = $104,175.00 FY 2013 = $107,822.00 FY 2014 = $153,760.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
5000 FORBES AVE PITTSBURGH PA US 15213-3815 (412)268-8746 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
5000 FORBES AVE PITTSBURGH PA US 15213-3815 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): |
Special Projects - CNS, TRUSTWORTHY COMPUTING, Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001112DB NSF RESEARCH & RELATED ACTIVIT 01001213DB NSF RESEARCH & RELATED ACTIVIT 01001314DB NSF RESEARCH & RELATED ACTIVIT 01001415DB NSF RESEARCH & RELATED ACTIVIT 01001415RB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Attackers only need to find a single exploitable bug in order to
install malware, bots, and viruses on a vulnerable user's computer.
Unfortunately, bugs are plentiful. For example, the Ubuntu Linux
distribution bug management database currently lists over 58,000 open
bugs. Thus, the question is not whether an attacker can find a bug,
but which bugs an attacker can exploit.
This research investigates novel techniques, approaches, and
algorithms for finding exploitable bugs. The ability to deterimine
whether a bug is exploitable or not will allow developers to
prioritize bug reports so that the most security-critical bugs are
fixed first. The techniques investigated will also help developers
distribute patches safely.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The funded research resulted in several advances for performing security analysis on common off-the-shelf software a user may get from a manufacturer like Microsoft or Apple. At a high level, we developed new ways to find bugs and security vulnerabilities in such applications, as well as general research for how suchvulnerabilities may be fixed.
In particular, this research proposed three tasks. The first task was to automatically find and prioritize bugs based upon their exploitability. We developed techniques for automatic exploit generation, which finds bugs and proves they are exploitable in binary code.
The second task was safe patch distribution and application. We developed techniques that would automatically identify where patchesshould be applied, but did not create full patches. As part of this research, we discovered that creating full patches often required human specification and insight, such as deciding whether to return anerror message or not. We found no acceptable algorithm for a computer to make such a judgement call, and leave it as future work. Our main advance was to identify the set of hard problems remaining.
The third task was to develop binary analysis techniques. One material manifistation of this research is an open source toolcalled BAP for performing analysis. BAP is extensible, plugins into existing frameworks used by professionals, and is free to the public.
As a broader impact, we know of several teams (at least two that we know of) in the cyber grand challenge which use techniques developed as partof this research. A spinoff named ForAllSecure was created as a consequence of this research, and this spinoff currently leads the Cyber Grand Challenge contest in fully autonomous vulnerability discovery and repair.
On the educational impact side, one significant outcome was the development of the CMU undergraduate security research team,which since 2009 has been the #1 US team in computer security competitions, and 3 times world champions. The undergraduate team also pioneered high school hacking contests, and this work led to the inception of picoctf, the largest hacking contest in the world by number of participants.
Last Modified: 05/29/2016
Modified by: David Brumley
Please report errors in award information by writing to: awardsearch@nsf.gov.
