| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 20, 2011 |
| Latest Amendment Date: | April 16, 2012 |
| Award Number: | 1145913 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Deborah Shands
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2011 |
| End Date: | October 31, 2014 (Estimated) |
| Total Intended Award Amount: | $269,649.00 |
| Total Awarded Amount to Date: | $285,649.00 |
| Funds Obligated to Date: |
FY 2012 = $16,000.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
845 N PARK AVE RM 538 TUCSON AZ US 85721 (520)626-6000 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
AZ US 85721-0077 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): |
TRUSTWORTHY COMPUTING, Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001213DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
This research considers a scenario in which a piece of software needs to be protected against an attacker (the man-at-the-end, MATE) who has physical access to the software and so is able to inspect, modify, and execute it. The goal is to prevent the attacker from extracting sensitive information from the software, to prevent him from making changes to the behavior of the software, or, at least, to detect and report when such attacks are underway.
Man-at-the-end attacks can have serious consequences. For example, on an individual scale they can violate the privacy and integrity of medical records and other sensitive personal data; on a larger scale, such attacks can cripple national infrastructure (such as the power grid and the Internet itself).
This project explores innovative approaches to protect distributed systems from MATE attacks. To accomplish comprehensive defenses, the project develops MATE attack models and security metrics that formally characterize the process of device compromise, provides attack tools to allow easy testing of defense algorithms, and devises community standards for defense evaluation. Rigorously defined security metrics are necessary for research outcomes to be compared to existing and future approaches. A primary goal of this research is therefore to develop evaluation procedures for MATE defense mechanisms. This includes both universal obfuscation metrics and detailed red-team exercise protocols.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Computer systems are ubiquitous in today's world and play fundamental roles in many aspects of our lives. Ensuring their security is, therefore, of paramount importance. This project investigates a particular kind of attack on computer systems where the attacker has complete access to, and control over, the computer and its software and can manipulate them at will to extract any secrets, such as passwords, encryption keys, or other sensitive information that may be stored on the computer (think: stolen laptop or smartphone). Because the attacker has full control over the system, conventional defenses are not effective because they can be sidestepped by the attacker. This objective of this project was to understand how various kinds of defenses fare in this kind of attack scenario, and come up with innovative new defenses that are effective.
In order to come up with good defenses for a computer system, it is necessary to also understand all of the ways in which a smart attacker might attack that system; this helps us understand fully the strengths and weaknesses of the system, which is the first step in developing effective defenses. We therefore studied both attacks and defenses against computer systems.
- On the attack side, we worked on two topics: (1) we developed general techniques to automatically strip out various kinds of obfuscations from sofware code, in order to extract the internal logic of the software in an easy-to-understand form; and (2) we investigated techniques for bypassing defenses that might be mounted by software to prevent others from analyzing it or tampering with the logic of its code. The results of these studies were then used to improve our understanding of how to improve the resiliency of software against analysis and tampering. We built software prototypes of our algorithms, which we used to experimentally evaluate our ideas and algorithms. These software tools have been made available to the research community to support further research.
- On the defense side, we investigated techniques to make programs difficult to analyze. Additionally, we built an open-source tool, called Tigress, that can be used to construct software protected using a wide variety of such defensive techniques. This tool can be used by researchers to experiment with different defense techniques and combinations of techniques, in order to better understand what techniques and combinations of techniques work well and under what circumstances, and how expensive these techniques may be in terms of code size and/or execution speed. The source code for this tool has been made freely available to the community.
Last Modified: 11/20/2014
Modified by: Saumya K Debray
