|
Modern computing systems are under constant attack by organized crime syndicates, nation-state adversaries, and regular cyber-criminals alike. Among the most damaging attacks are those that exploit so-called memory corruption vulnerabilities which often confer the attacker with access to sensitive information or allow the attacker to execute arbitrary code on the victim's machine. To counter the threat posed by memory corruption vulnerabilities, this project will research and develop new defensive capabilities realized through the joint design of hardware and software. Hardware and software co-design holds the promise to enable the introduction of rigorous, principled, and efficient protection against low-level exploitation.
To defend computing systems against memory corruption attacks, this project will augment a RISC-V processor with an array of security policy engines (ASPEn). ASPEn will feature both specialized and programmable policy engines. Specialized engines will be optimized for performance, power, and area, and enforce static security policies that are known at design time. To accommodate for the constantly-changing nature of the security landscape, programmable engines will be programmed to enforce more flexible security policies. The project is structured into two thrusts; Thrust-1 will design the ASPEn Security Monitor System for the RISC-V processor and Thrust-2 will focus on software design and the various policy types.
This project will result in a generic security-focused hardware/software co-design approach that can be leveraged to secure other processors than the RISC-V core used for this project. This broader impact will further be supported by the open-source release of the resulting hardware designs, as well as the new and modified software stack consisting of tool chains, libraries, and policy types. Furthermore, the project will include a variety of training and outreach activities through tutorials, workshops, and curricular development. The project will also continue existing successful efforts of involving undergraduate, high-school, and underrepresented minority and women students throughout its duration.
The project's resources and results will be made available publicly. The main project page can be found at https://seclab.bu.edu/projects/aspen.html, and source code releases will be made available via the project's code repository at https://github.com/BUseclab/ASPEn.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
|
SaTC: CORE: Medium: Collaborative: Taming Memory Corruption with Security Monitors