| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | July 1, 2015 |
| Latest Amendment Date: | September 15, 2019 |
| Award Number: | 1518921 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Daniela Oliveira
doliveir@nsf.gov (703)292-0000 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2015 |
| End Date: | August 31, 2021 (Estimated) |
| Total Intended Award Amount: | $619,985.00 |
| Total Awarded Amount to Date: | $619,985.00 |
| Funds Obligated to Date: |
FY 2016 = $103,341.00 FY 2017 = $147,410.00 FY 2018 = $236,079.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
2150 SHATTUCK AVE BERKELEY CA US 94704-1345 (510)666-2900 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
CA US 94704-1159 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001617DB NSF RESEARCH & RELATED ACTIVIT 01001718DB NSF RESEARCH & RELATED ACTIVIT 01001819DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
This project aims to reduce the impact of software vulnerabilities in Internet-connected systems by developing data-driven techniques for vulnerability measurement, assessment, and notification. Recent advances in Internet-wide scanning make it possible to conduct network surveys of the full public IPv4 address space in minutes. These advances, in turn, offer the promise of truly effective community responses: when new vulnerabilities are announced, the Internet security community can comprehensively identify the systems that suffer from these vulnerabilities and automatically take steps to help affected system operators correct the problems. This project seeks to directly impact the availability and reliability of the Internet and provide the security community with tools, platforms, and comprehensive vulnerability measurement data.
To achieve this vision, this project develops new techniques for vulnerability measurement, including creating improved security measurement techniques that function at global scale, in the presence of heterogeneous network systems, and in a timely, accurate, complete, and ethical manner. The investigators create new vulnerability assessment methods that lower the barriers faced by researchers seeking to access and analyze vulnerability measurement data, in order to maximize security benefits. The project explores new notification mechanisms that achieve targeted and effective notification of affected organizations, and that can be delivered and acted upon quickly in response to the emergence of new threats.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Advances in Internet-wide scanning make it possible to conductnetwork surveys of the full public IPv4 address space in minutes.In this project, we leverage and expand on this capability todiscover the breadth of Internet security issues as suchvulnerabilities are discovered. Our work breaks down into threebasic categories, as follows.
Methodology: We built on the basic ZMap technique and tool that canscan the entire IPv4 Internet in minutes. We built the Censyssystem which systematically captures a large number of continuousZMap scans and provides a ready query interface such thatresearchers can readily analyze the significant amount of data scansgenerate. Further, we conducted some of the first IPv6 scanningwork. Since the IPv6 address space is so immense it cannot becomprehensively scanned. We developed methods to generate so-called"hit lists" of in-use IPv6 addresses that could then be scanned andshowed our methods were reasonable comprehensive of the portions ofthe IPv6 address space being used.
Vulnerability Scans: The next portion of our project used the abovemethodological advances to both show their efficacy and highlightcurrent security issues on the Internet. For instance, in oneproject we studied the prevalence of HTTPS interception. WhileHTTPS is meant to be cryptographically secure interceptors canhijack certain portions of the transmission to gain access to theentire data stream. Our ability to measure the entire Internetallowed us to find this behavior to be much more prevalent thanpreviously thought (happening in 4--11% of the sessions). Welikewise were able to shed light on security issues involvingeverything from old and forgotten protocols (e.g., FTP) to emergingthreats (e.g., the Mirai botnet as it was discovered). We were alsoable to use our techniques to better understand the use andprevalence of a diverse set of network components, such as SCADA(industrial control systems) devices and censorship systems.
Notifications: A final aspect of the project was studying how wemight better effect patching of vulnerable systems and networks. Wefound that directly communicating with operators such as webmasterswas fairly effective at getting many vulnerabilities fixed (around50%). Additionally, we found that browser alerts aimed at informingusers of vulnerabilities resulted in faster action on the part ofoperators.
Last Modified: 02/17/2022
Modified by: Mark Allman
Please report errors in award information by writing to: awardsearch@nsf.gov.
