The goal of this CAREER project is to develop novel mechanisms that use transactions to improve software assurance. This project is developing Transactional Memory Introspection---or TMI, which is an approach to building software security mechanisms by leveraging recent advances in hardware and software transactional memory. Security mechanisms based on TMI build upon the same machinery that transactional memory systems use to ensure performance and functionality. TMI therefore promises to make security mechanisms efficient and easy to integrate with software. TMI-based security mechanisms being researched in this project include: (1) TxAuth: a reference monitor architecture to better ensure complete mediation of security-sensitive operations and allow easier integration with legacy systems; (2) TxInt: a data structure integrity monitor to protect extensible software systems, such as operating systems and browsers, from untrusted extensions; and (3) TMWatch: a data watchpoint framework that equips malware analysis tools and debuggers with new capabilities to reverse-engineer malware behavior. More broadly, this project seeks to demonstrate that concurrency control machinery implemented in transactional memory systems can also be used to improve software assurance. These additional benefits may lead to more research on transactions and their ultimate adoption by hardware and software vendors. The results from this project are being disseminated via the development of new course material that will expose students and software vendors to the dos and don'ts of secure programming. Suitable course material developed in this project is also being included in courses targeted towards K-12 and undergraduate students to attract them to computer science programs.
CAREER: Improving Software Assurance Using Transactions