Award Abstract # 1749895
CAREER: Principled and Practical Software Shielding against Advanced Exploits

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: THE RESEARCH FOUNDATION FOR THE STATE UNIVERSITY OF NEW YORK
Initial Amendment Date: March 12, 2018
Latest Amendment Date: June 2, 2022
Award Number: 1749895
Award Instrument: Continuing Grant
Program Manager: Sol Greenspan
sgreensp@nsf.gov  (703)292-7841
CNS  Division Of Computer and Network Systems
CSE  Directorate for Computer and Information Science and Engineering
Start Date: June 1, 2018
End Date: November 30, 2024 (Estimated)
Total Intended Award Amount: $499,899.00
Total Awarded Amount to Date: $499,899.00
Funds Obligated to Date: FY 2018 = $95,026.00
FY 2019 = $97,603.00
FY 2020 = $99,965.00
FY 2021 = $102,399.00
FY 2022 = $104,906.00
History of Investigator:
  • Michail Polychronakis (Principal Investigator)
     mikepo@cs.stonybrook.edu
Recipient Sponsored Research Office: SUNY at Stony Brook
 W5510 FRANKS MELVILLE MEMORIAL LIBRARY
 STONY BROOK
 NY  US  11794-0001
(631)632-9949
Sponsor Congressional District: 01
Primary Place of Performance: SUNY at Stony Brook
 NY  US  11794-4400
Primary Place of Performance
Congressional District:		 01
Unique Entity Identifier (UEI): M746VC6XMNH9
Parent UEI: M746VC6XMNH9
NSF Program(s): Secure &Trustworthy Cyberspace
Primary Program Source: 01001920DB NSF RESEARCH & RELATED ACTIVIT
01001819DB NSF RESEARCH & RELATED ACTIVIT
01002223DB NSF RESEARCH & RELATED ACTIVIT
01002021DB NSF RESEARCH & RELATED ACTIVIT
01002122DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 1045, 025Z, 7434
Program Element Code(s): 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

The exploitation of memory corruption vulnerabilities in popular software is among the leading causes of system compromise and malware infection. While there are several reasons behind this proliferation of exploitable bugs, the reliance on unsafe programming languages such as C and C++ and the complexity of modern software play a major role. The continuous discovery of previously unknown (zero-day) vulnerabilities in browsers, document viewers, and other widely used software, and the lack of effective defenses against recent exploitation techniques that leverage memory disclosure vulnerabilities, necessitate the development of additional defense mechanisms.

The main objective of this project is the design of software shielding techniques and their practical applicability to commodity software and systems. The key innovative aspects of the investigated techniques include: i) principled design that considers the strong adversarial models imposed by the latest exploitation advancements, i.e., disclosure-aided exploitation and data-only attacks, against which effective countermeasures remain an open problem; ii) novel code specialization and data protection techniques, to introduce process-level unpredictability and limit the exposure of critical data; iii) hardware-assisted implementation by leveraging recent and upcoming processor features to minimize the performance impact of the applied protections; and iv) focus on practical considerations, such as operational compatibility and non-disruptive deployment. The outcomes of this research effort are expected to improve the state of the art in defenses against advanced exploits, and achieve substantial practical impact by shielding existing vulnerable applications against exploitation, benefiting both end users and security researchers. The project also provides students the opportunity to conduct research in cybersecurity, and fosters the integration of cybersecurity into high school education through hands-on workshops for students and seminars for science teachers.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 16)
Palit, Tapti and Monrose, Fabian and Polychronakis, Michalis "Mitigating Data Leakage by Protecting Memory-resident Sensitive Data" Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC) , 2019 10.1145/3359789.3359815 Citation Details
Werner, Jan and Mason, Joshua and Antonakakis, Manos and Polychronakis, Michalis and Monrose, Fabian "The SEVerESt Of Them All: Inference Attacks Against Secure Virtual Enclaves" Proceedings of the 14th ACM Asia Conference on Computer and Communications Security (ASIACCS) , 2019 10.1145/3321705.3329820 Citation Details
Ghavamnia, Seyedhamed and Palit, Tapti and Mishra, Shachee and Polychronakis, Michalis "Temporal System Call Specialization for Attack Surface Reduction" USENIX Security Symposium , 2020 https://doi.org/ Citation Details
Das, Sanjeev and James, Kedrian and Werner, Jan and Antonakakis, Manos and Polychronakis, Michalis and Monrose, Fabian "A Flexible Framework for Expediting Bug Finding by Leveraging Past (Mis-)Behavior to Discover New Bugs" Annual Computer Security Applications Conference (ACSAC) , 2020 https://doi.org/10.1145/3427228.3427269 Citation Details
Das, Sanjeev and Werner, Jan and Antonakakis, Manos and Polychronakis, Michalis and Monrose, Fabian "SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security" Proceedings of the 40th IEEE Symposium on Security & Privacy (S&P) , 2019 10.1109/SP.2019.00022 Citation Details
Ghavamnia, Seyedhamed and Palit, Tapti and Benameur, Azzedine and Polychronakis, Michalis "Confine: Automated System Call Policy Generation for Container Attack Surface Reduction" International Symposium on Research in Attacks, Intrusions and Defenses (RAID) , 2020 https://doi.org/ Citation Details
Ghavamnia, Seyedhamed and Palit, Tapti and Polychronakis, Michalis "C2C: Fine-grained Configuration-driven System Call Filtering" Proceedings of the 29th ACM Conference on Computer and Communications Security (CCS) , 2022 https://doi.org/10.1145/3548606.3559366 Citation Details
Hasan, Md Mehedi and Ghavamnia, Seyedhamed and Polychronakis, Michalis "Decap: Deprivileging Programs by Reducing Their Capabilities" Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID) , 2022 https://doi.org/10.1145/3545948.3545978 Citation Details
Koo, Hyungjoon and Ghavamnia, Seyedhamed and Polychronakis, Michalis "Configuration-Driven Software Debloating" Proceedings of the 12th European Workshop on System Security (EuroSec) , 2019 10.1145/3301417.3312501 Citation Details
Mishra, Shachee and Polychronakis, Michalis "Saffire: Context-sensitive Function Specialization and Hardening against Code Reuse Attacks" IEEE European Symposium on Security & Privacy , 2020 https://doi.org/10.1109/EuroSP48549.2020.00010 Citation Details
Mishra, Shachee and Polychronakis, Michalis "SGXPecial: Specializing SGX Interfaces against Code Reuse Attacks" European Workshop on System Security (EuroSec) , 2021 https://doi.org/10.1145/3447852.3458716 Citation Details
(Showing: 1 - 10 of 16)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

The continuous discovery of previously unknown (zero-day) vulnerabilities in browsers, document viewers, and other widely used software, and the lack of effective defenses against recent exploitation techniques that leverage memory disclosure vulnerabilities, necessitate the development of additional defense mechanisms. The core scientific contribution of this project lies in the design and implementation of several innovative security techniques to protect both user-level and operating system software from memory-related exploits. Major accomplishments include:

  • Code Specialization and Randomization. The team created methods to remove (or "debloat") unneeded code at compilation time based on specific program configurations. By trimming unnecessary functionality (such as rarely used libraries or disabled features), the remaining program is not only more efficient, but also has fewer potential vulnerabilities that attackers could exploit, and fewer instruction sequences that could be used as part of memory corruption exploits. In addition, compiler-based randomization techniques make it harder for attackers to guess a program's internal structure.
  • Selective Data Protection. The project developed approaches that automatically detect critical variables (such as passwords or encryption keys) and isolate them in protected regions of memory using encryption. This isolation prevents attackers from reading or tampering with high-value data, even if they manage to compromise other parts of a program.
  • System Call Filtering and Privilege Reduction. The team explored ways to limit the "attack surface" of both user applications and operating system services. New analysis tools identify exactly which system calls a program truly needs, enabling the enforcement of more restrictive policies and preventing the use of dangerous OS features. Another tool automatically reduces the powerful privileges required by legacy ("setuid") programs, dramatically lowering the risk of complete system compromise.
  • Kernel Hardening. Novel kernel-level defenses protect sensitive memory-resident data structures used by the operating system for critical operations. By separating or encrypting metadata, attackers face major hurdles when attempting to gain illicit access or corrupt vital parts of the kernel.

Beyond advancing fundamental research in computer security, this project's outcomes offer clear benefits to both industry and the public. Making software harder to exploit directly enhances data privacy, protects critical infrastructure, and supports trusted online services. By publicly releasing the open-source code of the developed prototypes and sharing insights with the security community, the project facilitated wide-reaching improvements in secure software development practices. Publicly released tools include:

  • CCR: compiler-rewriter cooperation framework
    https://github.com/kevinkoo001/CCR
  • Confine: container attack surface reduction
    https://github.com/shamedgh/confine
  • Temporal system call specialization
    https://github.com/shamedgh/temporal-specialization
  • C2C: configuration-driven system call filtering
    https://github.com/shamedgh/c2c
  • Selective Data Protection
    https://github.com/taptipalit/selective_data_protection
    https://github.com/taptipalit/dynpta
  • Decap: application privilege reduction
    https://github.com/hasanmdme/decap
  • xMP: selective memory protection for kernel and user space
    https://github.com/virtsec/xmp
  • ISLAB: kernel metadata protection
    https://github.com/tum-itsec/islab
  • Safeslab: kernel-level protection against use-after-free attacks
    https://github.com/tum-itsec/safeslab

Students and collaborators gained hands-on experience with state-of-the-art compiler technologies, kernel engineering, attack surface reduction, and virtualization-based security. This expertise is transferred into academic, governmental, and commercial settings, strengthening our collective cybersecurity posture.

In summary, the project yielded new, practical tools and frameworks for defending systems against memory-based attacks, reducing the likelihood of large-scale security breaches, and fostering the next generation of secure software systems.


Last Modified: 01/25/2025
Modified by: Michail Polychronakis

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top