| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 4, 2016 |
| Latest Amendment Date: | August 4, 2016 |
| Award Number: | 1618771 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Sol Greenspan
sgreensp@nsf.gov (703)292-7841 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2016 |
| End Date: | September 30, 2019 (Estimated) |
| Total Intended Award Amount: | $250,000.00 |
| Total Awarded Amount to Date: | $250,000.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1001 EMMET ST N CHARLOTTESVILLE VA US 22903-4833 (434)924-4270 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
P. O. Box 400195 Charlottesville VA US 22904-4195 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols are critical to internet security. However, the software that implements SSL/TLS protocols is especially vulnerable to security flaws and the consequences can be disastrous. A large number of security flaws in SSL/TLS implementations (such as man-in-the-middle attacks, denial-of-service attacks, and buffer overflow attacks) result from incorrect error handling. These errors are often hard to detect and localize using existing techniques because many of them do not display any obvious erroneous behaviors (e.g., crash, assertion failure, etc.) but they cause subtle inaccuracies that completely violate the security and privacy guarantees of SSL/TLS. This project aims to improve error handling mechanisms in SSL/TLS implementations by building novel tools that reduce developer effort in writing and maintaining correct error handling code while making SSL/TLS implementations more secure and robust.
This project develops a framework for improving the robustness of error handling code in SSL/TLS implementations. The framework has three main objectives. First, error specifications for different SSL/TLS functions are automatically inferred to learn how they communicate the failures. Next, the inferred specifications are used to build a tool for automatically detecting error handling bugs. Finally, the framework also provides new program repair tools that can automatically fix the detected bugs. Therefore, the framework provides end-to-end assistance in maintaining error-handling code in SSL/TLS implementations and thus significantly improves internet security.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
Please report errors in award information by writing to: awardsearch@nsf.gov.
