CyberTrust Team - NSF grant on malware defense awarded
The security of national information infrastructures is undermined by constant malicious attacks exploiting vulnerabilities in systems software. Most existing attacks exploit memory-based flaws, such as stack or heap overflows, and format string vulnerabilities. Current defense mechanisms, either network- or host-based, are not sufficient against many advanced attacks such as polymorphic or metamorphic worm exploits. This project is to provide a comprehensive framework for detecting, analyzing, and exterminating such attacks. The PIs take an interdisciplinary approach, combining their expertise in computer architecture, computer and network security, programming languages, compilers, and software engineering to tackle this difficult problem. In particular, the PIs propose a layered defense and analysis framework that consists of: (1) an architecture layer for detecting and recovering from unknown attacks; (2) an analysis layer for diagnosing attacks and generating attack signatures; and (3) a testing layer for discovering and fixing unknown software vulnerabilities. The intellectual merit of this project will lie in the advanced techniques developed in this project to defend against unknown, large-scale memory-based attacks. This interdisciplinary project will allow an effective approach to tackle this problem and advance knowledge in each of the requisite disciplines with both novel systems concepts and advanced programming language and analysis techniques. The broader impact of this project is the potential for a more reliable and secure information systems infrastructure. This will have tremendous economical impact on society because of our growing reliance on information technologies. Research results from this project (such as systems, simulators, and tools) will be widely disseminated so that they can be further evaluated, enhanced, and adopted to benefit other researchers and the industry.