| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | July 24, 2023 |
| Latest Amendment Date: | July 21, 2024 |
| Award Number: | 2247370 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
Selcuk Uluagac
suluagac@nsf.gov (703)292-4540 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | October 1, 2023 |
| End Date: | September 30, 2028 (Estimated) |
| Total Intended Award Amount: | $1,200,000.00 |
| Total Awarded Amount to Date: | $286,784.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
615 W 131ST ST NEW YORK NY US 10027-7922 (212)854-6851 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
202 LOW LIBRARY 535 W 116 ST MC 4309, NEW YORK NY US 10027 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01002324DB NSF RESEARCH & RELATED ACTIVIT 01002526DB NSF RESEARCH & RELATED ACTIVIT 01002627DB NSF RESEARCH & RELATED ACTIVIT 01002728DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
The goal of this project is to protect users' sensitive data in cyber space from determined and resourceful attackers while requiring no changes to applications and no actions from users or software developers. The project's novelties lie in its rethinking of containers, which represent a piece of software that includes all resources an application needs to run across diverse computing environments. Current container technology relies on the operating system (OS) as the trusted computing base (TCB) to enforce their security guarantees. However, modern OSes like Linux are simply too large, with many vulnerabilities and places for malicious software to hide. The project re-envisions containers with a tiny TCB, small enough to be carefully checked, offering defenses even from the OS itself and third-party software. The project's broader significance and importance are its (i) enhancements to modern computing infrastructure supporting mobile, web and desktop applications even when the computer infrastructure and network have been compromised by bad actors and (ii) broadening the participation of underrepresented minorities in computing.
The project is investigating creative solutions to the hard problems of protecting and defending the confidentiality and integrity of application state, including registers, physical memory, and files, while still enabling traditional computing and networking services. The approach supports system calls and libraries that receive data from and return data to the application, without requiring modifications to the application?s source code or special configuration by developers. The project will demonstrate that this new TCB architecture provides fine-grained protection of application state against a variety of real attacks, including side-channel attacks that traditional hypervisor and container architectures cannot shield against, while still adding only modest performance overhead to real application workloads. Society will benefit as users enjoy their favorite old apps and explore trending new apps with peace of mind in their safety, privacy, and security.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
Please report errors in award information by writing to: awardsearch@nsf.gov.
